Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Taskmanager lässt sich nicht schließen, etc

Taskmanager lässt sich nicht schließen, etc


Log-Analyse und Auswertung: Taskmanager lässt sich nicht schließen, etc

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.08.2012, 17:01   #1
dasmann
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


Hallo,

wenn ich auf meinen Taskmanager zugreifen möchte, öffnet und schließt er sich nach einigen Sekunden automatisch. Es ist sehr wahrscheinlich dass ich einen Trojaner habe. Ich habe alle möglichen Virenscanner (und enttäuschend war SpyHunter da kostenpflichtig) heruntergeladen und den Computer so gecheckt, jedoch vergeblich. Zwar bin ich nicht der einzige mit diesem Problem, waren Beiträge in Foren jedoch nicht sehr nützlich. Könnt Ihr mir helfen diesen Trojaner zu finden und endlich zu eliminieren? Hier die Logfile von Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:10, on 01.11.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\avmwlanstick\WlanNetService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxctcoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Windows\system32\taskeng.exe
C:\Windows\msa.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Thomas\AppData\Local\Temp\b.exe
C:\Users\Thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKEQCINA\a2AntiMalwareSetup[1].exe
C:\Users\Thomas\AppData\Local\Temp\is-67QJ8.tmp\a2AntiMalwareSetup[1].tmp
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\consent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=1108&m=ipower_x9500_ge
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=1108&m=ipower_x9500_ge
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PopRock] C:\Users\Thomas\AppData\Local\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{28BC6EEA-185B-4818-91FB-174737E0AA93}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{28BC6EEA-185B-4818-91FB-174737E0AA93}: NameServer = 192.168.178.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9b06ae783dd00) (gupdate1c9b06ae783dd00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 12840 bytes

Alt 15.08.2012, 17:04   #2
markusg
/// Malware-holic
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


hi
das nächste mal die angepinnten themen lesen, hijackthis logs wollen wir nicht.
warum wird dein windows nicht mit updates versorgt, kein sp2 zb?
aber nicht jetzt updaten...
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 15.08.2012, 20:43   #3
dasmann
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


Extra:

Code:
ATTFilter
OTL Extras logfile created on: 15.08.2012 18:09:53 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Thomas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 37,09% Memory free
6,70 Gb Paging File | 4,97 Gb Available in Paging File | 74,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 584,17 Gb Total Space | 45,64 Gb Free Space | 7,81% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01360AA6-1708-4E79-BD0E-78AC0574C08B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{02585571-49A2-48D6-B2B1-AD548F0928D8}" = lport=4242 | protocol=6 | dir=in | name=emule | 
"{2A35DEBC-CA17-4396-B0EC-003B9780AE79}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2D12DA11-CA0A-4176-B378-9AC44CA9BD2D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3175E0E9-E12D-418C-972B-FBF40EE37D71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3761BAD9-10F1-4CB5-A456-A7FED73A02BB}" = lport=6882 | protocol=6 | dir=in | name=blizzard downloader: 6882 | 
"{3BC75E92-FE91-4F30-AA74-541F5FB97422}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{4162B816-CF31-40C7-82E4-146B1ABFA059}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{421BA067-E923-47A8-BACA-117D37C66692}" = rport=4662 | protocol=6 | dir=in | app=%programfiles%\emule\emule.exe | 
"{453AEFA0-763E-4742-A080-013E295D30F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{48B0529B-3B4F-4FE5-999F-51C256F6E74B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{650BEEED-43B6-4024-9843-BAE2B151DE83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{694CFA3E-4CED-45B8-A930-99638D69BD45}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7306418D-6C82-47D5-9D6F-28201161A575}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{76BC3A27-B336-42D0-941E-4B54E3EFBDDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{773BC257-4086-4D18-A4D4-062281A1027D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7830FC1A-1CDF-452C-8566-7C238FD1FBF3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78D10EA4-0FAC-4952-A04D-227F64979B46}" = lport=55555 | protocol=6 | dir=in | name=bittorent1 | 
"{85BEDA2F-3F27-4DD3-A26D-9FAA92B7FC56}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{883164F9-012A-4A4C-A2C1-9404F0FFF9FA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8E81E32D-FF6F-436E-A3CE-53580B91AA02}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8F67AC5A-AB6E-4993-8BB1-01709F25F716}" = lport=53373 | protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{911EB3EB-75E0-4829-ADE4-CB6623FC04F8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{93D5555E-4682-480E-9098-7E6A56DFE4E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9510D1DF-5AF8-4FF2-9961-84B0223BF44F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99DDA5CD-42D0-46D2-A1B3-28AD860EDAD7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A981DCC5-BA4D-448B-A97C-F8A14CB50867}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AAB79851-0FBE-448E-A113-9FCC41666209}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B088C957-09C0-424E-B01E-70789056B1AA}" = lport=53373 | protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{B4D24808-EC15-4F7C-9D3E-F6EA6336C4E1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{BF738AD7-94B5-42BF-9268-D76917061F06}" = lport=55555 | protocol=17 | dir=in | name=bittorent2 | 
"{C5A053AE-B0EE-4F02-A7F2-99EE417B8797}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CCB3FDCF-AD52-407B-81B3-FBB04D0343C2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EA2E80E7-1907-4F30-9BF5-14F5FD0CAF8E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EB9D1F02-C048-494E-B8C8-A14022FF5327}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{EFE60805-6F10-48C9-8C7A-10A86D1B6746}" = lport=4252 | protocol=17 | dir=in | name=emule | 
"{F31B326C-BB17-4B32-8602-971B7112FDBE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F4DCE3D4-9810-4DBC-AC64-093B6FB78590}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FAE57EE1-A7FE-4BBB-BA46-B75CCDE52CAF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FB8CAC41-93E0-46E8-9328-4D8FC110695C}" = rport=139 | protocol=6 | dir=out | app=system | 
"TCP Query User{1998B59D-7C08-4507-9FE6-97D4E30DA0E2}C:\program files\warcraft iii\war3.exe" = lport=6112 | protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{A8CFA2A5-A0C5-462D-9611-7D5A9F677945}C:\program files\ubisoft\xiii\system\xiii.exe" = rport=7777 | protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe | 
"UDP Query User{0FEA899C-98FC-4063-9789-F3938A820074}C:\program files\warcraft iii\war3.exe" = lport=6112 | protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{8D199CED-CDF8-47B0-930E-AE5B70BD8D6C}C:\program files\ubisoft\xiii\system\xiii.exe" = rport=7099 | protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005118CB-EA03-4E1E-B84B-ECAC9B524AD9}" = protocol=17 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx9.exe | 
"{022195B8-1807-4DC2-BBE8-E4781863D623}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{02D944F7-5A4B-4A71-BC78-6DD17EA696C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{062211CD-F30E-4FBD-8CFB-F7ED3ED7B082}" = protocol=17 | dir=in | app=c:\program files\capcom\streetfighteriv\streetfighteriv.exe | 
"{0662A42A-2CFA-48F2-8E62-86411601D571}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{070BF5A5-18E7-476A-9383-8A818367FD3D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AB4F744-1165-46AF-805F-52FCC62E6A0F}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0AE9755B-4F6B-43E1-90CE-9A94ACE6F6FB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0BC06976-2C6F-4543-9FEE-D06BE9162348}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe | 
"{0CCEDF2D-4261-4B83-BF5E-0E1E978EE33E}" = protocol=6 | dir=in | app=c:\program files\crazybump\cb.exe | 
"{0CE3FCF1-B8ED-4248-9B53-64999EDB8370}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{0D4302BF-2E09-4AAD-AF5F-005E3004C8E6}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{0F8D3767-062C-4C12-8570-B3CFBA1C7ED5}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{12F91911-5B3E-4BC4-9818-4B9700CEECA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{15B862BF-50C9-4DC5-B3F2-6ADBAD455D2A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\greatorangepumpkin\counter-strike source\hl2.exe | 
"{1631D052-AFB2-4DEB-AD5E-C09FB190C8F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1750702B-A03C-41F9-9878-4C277011F688}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{1A0AF441-6CAC-44D5-A378-5EC7725AD51F}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe | 
"{1AA70B99-3426-4FA4-9485-72880F636D64}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{208AFFA7-FD57-4426-B05B-152B02BB64F8}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{215C7286-16F3-4A4B-8A02-F703EB8AD37E}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe | 
"{21D71897-66F2-41CE-8EF2-A31F83F1C6D0}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{23769E0F-8E88-4960-AAEF-62CEB04AEC5A}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{2550CA8C-11BC-4F81-A0AB-60BE76BA328B}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{26EBAD35-87E2-4589-B70B-9BCC99D29384}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{27F0CA01-12E8-4EF3-AE3A-5CE61C20CDBB}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{2A9FF416-CAB2-430A-BC7C-84F75384774A}" = protocol=6 | dir=out | app=system | 
"{2E4BFBA1-EB82-4136-8D7C-FFE7A6E100D7}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{2EF7998B-A628-41B0-BC49-4B392E1E7DEB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{34E2F86E-6937-4F85-B16C-66902D32F87A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{35D15B87-5498-4550-B334-3AA814AF6493}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D4ACDA6-E913-416A-8614-040852FB257B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3EE99E27-9AC5-4D55-841B-62F7D6223340}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{426EF6A1-8232-4B38-AC57-DDE4A0C166AE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{42EC910B-2653-4219-8E2C-7219984321B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4ADF5912-90A8-4EBD-B5F4-74CF6FD7950C}" = protocol=17 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{4F1A7B92-46EA-4FF0-BBBB-F9F1E713351A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{534E6F83-5A4F-43BA-8DAD-9824034B83DA}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe | 
"{580C22C9-1B3E-4F12-9342-445410751032}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\greatorangepumpkin\counterstrike source beta\hl2.exe | 
"{5DB2D3E4-4E40-443F-8ECC-3670A07EE5B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5EEDABE5-88A6-4DD7-9261-8C52EFC2D3AD}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"{62093EC2-7C05-48BC-9FC5-86F7570141F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{621468A4-DA02-4473-B116-23F5C798F7F2}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{6C7BDC11-94D2-4698-9DC2-84F13A847B15}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{71A4F15F-325F-4413-9B8D-5F2BD9111739}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{71B93224-A44C-4ABF-882F-D58D1736741B}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe | 
"{733C7611-860D-4A21-865C-E7C320F61196}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{74E9A053-45C2-4E34-8986-611BD66728A1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{753D97E5-9613-4051-9C51-635BBA04F4BD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{76ADD84A-BBE9-4024-81E4-A97E6D91070D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{78DB1E7D-FD31-46F3-96FE-D27600B421AF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{78DE991C-C977-4F23-89B2-34B69A3949F7}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"{7A79B160-E236-45E3-BC11-0EE1D623D450}" = protocol=17 | dir=in | app=c:\program files\crazybump\cb.exe | 
"{7A891340-298C-469F-A6A0-CD88DE952812}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{7AB085A7-EF09-4025-9EF6-E23E654A3362}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7CAFA676-1965-4450-A862-FBA4EF427EBF}" = protocol=6 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx9.exe | 
"{7D5C55E8-5F87-4888-9E0D-FE158E32E087}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{895A6295-5F9D-4703-895B-98D718007F76}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{8CA19418-36D4-4102-A60E-D57892C7D378}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe | 
"{8DC69922-8E64-4B40-A526-CE1303DE7D21}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{8FD72C0B-A3EF-416C-8B13-29E8C3A054CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9675B920-C96E-4C4B-93FC-9BE8C28602BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9B253028-D6CD-47DA-B37C-22BA26BE90F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E60D105-C40B-4FA8-9FFE-037EB68A9D94}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{A27FE085-1783-4F45-8792-5DF11DF7C9CB}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{A2AEA393-66D8-4A8C-B541-5CFF0CB2AFA6}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{A3672725-9F4C-4AA4-A977-F2D2CED7A62C}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{A889F87F-E4B6-499D-BAD7-A1CF9E158B72}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{B1BC381F-3BE9-40D1-A7DC-1150D1F404FB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B3072EB0-5F86-4FC0-A4F6-2FE31C1F2D85}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B7B8EE4F-1C18-4645-A9E5-C709A9611593}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\greatorangepumpkin\counterstrike source beta\hl2.exe | 
"{C390A90C-6872-4177-8282-EB1D321564F8}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{C5F49FF0-AA08-4F89-BE1E-2C0F5858263B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{C903C07D-A626-46AF-AD50-3169573BC242}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\greatorangepumpkin\counter-strike source\hl2.exe | 
"{CE179AAE-ED0E-4F76-8CF4-E0AC01B17DF1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. free week end\ruse.exe | 
"{CE27702F-277D-4604-8202-6C4A2ADC27F0}" = protocol=6 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{D375C510-C763-498F-A0D9-615E6118460E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D5830FC4-E903-470F-8BFD-C2347D76A8E1}" = protocol=17 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | 
"{DA48EAEE-46A1-442B-A2B0-2F63B29C7F22}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DE07E191-F35E-49D0-9165-4BFF2B022FE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E1B2A82F-2006-4D15-A134-A48B00EDFACD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. free week end\ruse.exe | 
"{E3FA8416-759F-4869-8CD6-3BB5DA2AA03E}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{E48CD998-7674-49E7-BAE8-595B313954F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4AC1CCB-19AB-4E68-9692-02AA0660F40F}" = protocol=6 | dir=in | app=c:\program files\capcom\streetfighteriv\streetfighteriv.exe | 
"{E7D4306D-36C1-4EEB-BDE9-B83D35CA580D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{E8D606B0-6761-4AF5-A4A2-679177B7BABF}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{EC526DC9-A250-4BC6-937C-670151D4F656}" = protocol=6 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | 
"{ED7DF7BC-8C9A-4BA0-A174-CE865E9C55AD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EEEFC475-4F84-4F22-95EC-D635163E4FF0}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{F7A75C0F-ED4D-4E49-8E0E-22829979A5DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{03353A2A-C820-4C2A-A79D-D11F6B9E56CE}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{03FEF6D3-8878-4249-A3BB-17AAD59BBFE7}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"TCP Query User{040C912A-948A-4159-B8FB-E0E72D9E4BFD}C:\program files\ubisoft\xiii\server\ucc.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\xiii\server\ucc.exe | 
"TCP Query User{05AEF57E-14FB-451B-8E64-591555DE0BDF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{10E588BF-8B11-47C6-B113-453DB98235AF}C:\program files\ubisoft\far cry 2\bin\farcry2 (2).exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2 (2).exe | 
"TCP Query User{38921676-379F-467D-A88D-EDE38B8F85BC}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe | 
"TCP Query User{38A4206A-5CC5-4707-9885-7A160E9C6278}C:\program files\waterproof\phpedit\3.0.6\phpedit.exe" = protocol=6 | dir=in | app=c:\program files\waterproof\phpedit\3.0.6\phpedit.exe | 
"TCP Query User{4092B0CB-469B-4157-B774-271F547E9791}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{4236F601-9711-40CD-B3DF-EB4D52550455}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4C10F34A-061E-45C8-8770-B666B1BD83C9}C:\program files\activision\modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files\activision\modern warfare 2\iw4sp.exe | 
"TCP Query User{68F07EE9-C628-4CBB-97F5-E2BD9CD0083B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{70651067-25E5-4E97-AFE1-47928C85840F}C:\program files\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"TCP Query User{76D3C075-40FB-48EB-85E6-6B0A633AC32B}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | 
"TCP Query User{77F94918-C5EB-488E-8D25-91998F987C42}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{7C8819DE-9D1F-4731-B6D6-2E634FFF2BD2}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{7EBDB9F0-37EC-4C62-A03A-50046BFC3C97}C:\program files\littlefighter2\lf2_v2.0\lf2.exe" = protocol=6 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0\lf2.exe | 
"TCP Query User{857F3F73-187E-4B3C-9BDF-F3B74308101A}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{86518A37-43CA-426F-8B4A-7209A1F3C8EA}C:\program files\ubisoft\xiii\system\xiiied.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\xiii\system\xiiied.exe | 
"TCP Query User{94F2ECAB-9993-46A4-A41F-0699D02090D9}C:\program files\steam\steamapps\greatorangepumpkin\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\greatorangepumpkin\source sdk base\hl2.exe | 
"TCP Query User{98A6FAAA-0386-4F97-91E2-7E6EDF5B5F46}C:\program files\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"TCP Query User{9F6A4A25-3514-495D-A8A8-20A351DD57E2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{A30D4F2F-AD38-4F07-B1D7-B056906AEE63}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{ADB1056C-C06C-45C2-8A3B-3B52F98190AA}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe | 
"TCP Query User{AEEDAB5A-C849-4CC0-B333-EB047759DE86}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{B237D909-B5A7-489A-A9C7-AD9E0370122D}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"TCP Query User{B902E576-898F-4754-ACFF-ECB57C263FEA}C:\program files\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\modern warfare 2\iw4mp.exe | 
"TCP Query User{C0E24199-1DDB-4681-8380-AC4508DA34CE}C:\program files\ubisoft\far cry 2\bin\fc2serverlauncher.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2serverlauncher.exe | 
"TCP Query User{CA2244FE-CD48-43B2-B08C-73CE3971F029}C:\program files\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files\dead island\deadislandgame.exe | 
"TCP Query User{D59E9575-DA79-4BAE-B24E-49E45657D9F0}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | 
"TCP Query User{DA2542DB-567A-4CB7-8E68-F1E423A22D43}C:\program files\thq\titan quest\titan quest.exe" = protocol=6 | dir=in | app=c:\program files\thq\titan quest\titan quest.exe | 
"TCP Query User{E0358601-3F11-4308-B073-E567B2784B6A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{E716029F-9F23-41B7-979B-3FBB8F3FA84A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{EE2988C0-7FA2-4BC0-9171-2B2BC2996F37}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{EFC42CFA-D7F2-4820-9405-25538827ED9D}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{F14FE6AA-0F4D-4F79-8083-CA38D2E0B110}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{F8F8F93C-CAB6-4FCE-A2B1-2DE18E699BB9}C:\users\thomas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{FAFF3A7E-B68E-41B6-983C-C692DD0AD5F3}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | 
"TCP Query User{FCF027CA-AC4E-4516-AC6F-561BD6CB0351}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0825EFB2-B836-4F78-AEDC-E2234F6ECAB9}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{19612F90-B726-4739-8824-180668117DA2}C:\program files\ubisoft\far cry 2\bin\farcry2 (2).exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2 (2).exe | 
"UDP Query User{1DC0C5ED-109E-460C-A0D3-4C2EDEA53B4C}C:\program files\activision\modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files\activision\modern warfare 2\iw4sp.exe | 
"UDP Query User{1EFFD6E1-21BD-424A-B472-75D3AB90AFE9}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{211CB709-A4A7-4047-BFFC-EEAA63263CE7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{21F62BEE-E9FC-4AC8-BA33-70F8E978629A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{23A66D41-FBE8-496A-A6B0-9E65B65E033C}C:\program files\thq\titan quest\titan quest.exe" = protocol=17 | dir=in | app=c:\program files\thq\titan quest\titan quest.exe | 
"UDP Query User{23ED0BE1-C3FB-41B8-80B1-EB9A9544ABAC}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | 
"UDP Query User{2C2F88E3-FD70-4E68-9AB2-AF0ADD791C9B}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{34D828B4-BAE5-47BF-8829-8974051DC8D7}C:\program files\steam\steamapps\greatorangepumpkin\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\greatorangepumpkin\source sdk base\hl2.exe | 
"UDP Query User{3683668B-9F70-4273-A4A7-12B592607109}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | 
"UDP Query User{368C7D96-D91C-4B30-B89E-C5BFA2BD9766}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{36E53A53-FB39-45FD-88C9-2FE8E92CDC40}C:\program files\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\dead space\dead space.exe | 
"UDP Query User{54AB0996-61BB-4D3F-B3E3-D2864B906E8B}C:\program files\ubisoft\far cry 2\bin\fc2serverlauncher.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2serverlauncher.exe | 
"UDP Query User{5562BEBB-27A4-4C03-88CD-26848863DB57}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{59EF2A76-CD1A-4DAF-BBF0-D9D24ECAD970}C:\program files\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files\dead island\deadislandgame.exe | 
"UDP Query User{5AB0005D-1B22-4F1C-9597-A631618BDFAE}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe | 
"UDP Query User{61C95BA0-6139-475B-9934-D78633FB6AD4}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{64AF3DCE-8137-4BB7-8C75-1B06CF6D6070}C:\program files\ubisoft\xiii\system\xiiied.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\system\xiiied.exe | 
"UDP Query User{6BF2FBE5-D423-49B5-B130-090BB1B3D172}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{6D99D016-22DB-4741-9407-345503923F2C}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{7B2B2CFD-6243-47EB-A56A-011798E74C33}C:\program files\littlefighter2\lf2_v2.0\lf2.exe" = protocol=17 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0\lf2.exe | 
"UDP Query User{7C78ACA4-0B72-4E16-9668-6E8A776C949C}C:\program files\waterproof\phpedit\3.0.6\phpedit.exe" = protocol=17 | dir=in | app=c:\program files\waterproof\phpedit\3.0.6\phpedit.exe | 
"UDP Query User{8CB570F2-0EE6-44D4-8584-90B56D127054}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{95297437-F628-42A3-82C4-A2E4CCDA0A6B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{9F50DBBD-4CB3-44AE-96D1-D63C8D641B7B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{A0E5E350-80EB-42F4-A49E-A807364958E8}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{A80876ED-6067-4AA1-BA21-38AF2BCB4907}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{A9986198-D839-4E3B-9C27-B196A921235F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{AF41FD59-548D-4F50-A66F-5B0D6C4D1035}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{B1D6AC6B-D352-437E-AF5C-DD0D024E2E29}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe | 
"UDP Query User{B428C011-7A85-436B-9C88-63F394D87902}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | 
"UDP Query User{BB43C778-7404-4B73-82C6-5D1B677891E5}C:\program files\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"UDP Query User{D7654C11-A336-4B2F-9D8B-8EDCB23EF904}C:\users\thomas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{E17718C1-B74F-4C48-AFC2-71C78BAE69D7}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"UDP Query User{E6FE0CFF-F53F-433F-94B8-2F2C4567F9AD}C:\program files\ubisoft\xiii\server\ucc.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\server\ucc.exe | 
"UDP Query User{EB0C783F-B774-4477-ABE0-B352AAABB54A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{F0E65B1C-C9A8-4D34-9FB7-C02521031B5C}C:\program files\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\modern warfare 2\iw4mp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00D4AA68-1D96-4BB5-AEB6-380AE377D3D9}" = MasterSoft Multi Converter
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{071F3745-E389-4345-86DF-E80B55446FCE}" = RSS-Nachrichten.de - Nachrichtenbox
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{08F173A8-AB81-4760-AEB0-CE91F3B05AEF}" = Activision(R)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{14BF164E-80A4-422E-BE43-39FB759666C2}_is1" = Avi to Mpeg 2.5
"{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{32CF189D-52BB-4C1C-8F93-97E8F3CDDC95}" = Razer Habu Config
"{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}" = Deep Space Voices
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Secret Files Tunguska
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{49105DBD-D2C2-4946-BEA5-81B30EEB11A7}_is1" = Fahrenheit v1.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4F61F885-704C-465A-9FB9-26AEF1D2B2D9}" = Russian Phonetic YaWert - WinRus.com
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5f6460bd-391e-43ce-bcf3-130ef02f8cb2}_is1" = VshareComplete
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FFDE756-69B2-42D5-876A-7F9689B2F815}" = RUNAWAY - A road adventure
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.8.0
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3(TM)
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A19A1CD4-B175-3401-0B4F-D65B9E16C168}" = BBC iPlayer Desktop
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.07.07
"{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}" = Age of Empires III - The WarChiefs Trial
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDA6A019-2695-4AE1-88CE-EE7801BD41AA}" = Spider-Man(TM) - Friend or Foe
"{be43e27f-8f7e-455c-8cb9-73dddcd5f340}" = Nero 9 Trial
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CC1F6DA0-21D2-425A-B1B6-5B164A598450}" = SpyHunter
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA300000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 3.0
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 9.15 beta
"A Vampyre Story" = A Vampyre Story
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AdobeReader" = Adobe Reader 8
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Any Video Converter_is1" = Any Video Converter 3.0.4
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 1.2.6
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5559
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Baldur's Gate" = Baldur's Gate
"BATMAN VENGEANCE" = BATMAN VENGEANCE
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"Cheat Engine 5.3_is1" = Cheat Engine 5.3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crazybump" = Crazybump (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DDS Converter 2.1" = DDS Converter 2.1
"Diablo II" = Diablo II
"Drakensang_is1" = Drakensang
"DreamWorks Interactive: Neverhood" = The Neverhood
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVDStyler_is1" = DVDStyler v1.7.3
"EADM" = EA Download Manager
"eBay Icon" = eBay Icon
"English Grammar in Use" = English Grammar in Use
"Enhanced XIII Server Launcher_is1" = Enhanced XIII Server Launcher 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flv Audio Extractor_is1" = Flv Audio Extractor 1.04
"FormatFactory" = FormatFactory 2.20
"Free Fire Screensaver" = Free Fire Screensaver
"Free FLV Converter_is1" = Free FLV Converter V 6.7.3
"Free Studio_is1" = Free Studio version 5.0.10
"Free YouTube Download_is1" = Free YouTube Download version 3.1.24.412
"FreePDF_XP" = FreePDF (Remove only)
"Google Desktop" = Google Desktop
"GoogleDesktop" = GoogleDesktop
"GoogleToolbar" = Google Toolbar
"GPL Ghostscript 9.04" = GPL Ghostscript
"Heart Of Darkness" = Heart Of Darkness
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hospital" = Theme Hospital
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{08F173A8-AB81-4760-AEB0-CE91F3B05AEF}" = ???????????? - ????? ??????
"InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"InstallShield_{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial
"InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}" = Spider-Man 3 (TM)
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}" = Age of Empires III - The WarChiefs Trial
"InstallShield_{BDA6A019-2695-4AE1-88CE-EE7801BD41AA}" = Spider-Man(TM) - Friend or Foe
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"IrfanView" = IrfanView (remove only)
"LCDTest" = Packard Bell LCD Test
"Lexmark 5400 Series" = Lexmark 5400 Series
"Little Fighter 2" = Little Fighter 2 version 2.0
"LucasArts' Grim Fandango" = LucasArts' Grim Fandango
"MediaCoder" = MediaCoder 0.7.2.4582
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft DirectX SDK (March 2009)" = Microsoft DirectX SDK (March 2009)
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"Nero8" = Nero 8 Essentials
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OFF2k7_GE" = Microsoft® Office Home and Student 2007
"PeerGuardian_is1" = PeerGuardian 2.0
"PHPEdit" = PHPEdit 3.0.6
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Revo Uninstaller" = Revo Uninstaller 1.85
"Rites of War" = Rites of War
"ScummVM_is1" = ScummVM 1.3.1
"Security Task Manager" = Security Task Manager 1.7h
"SETUPMYPC_DE" = SetUp My PC
"Silent Hill HomeComing_is1" = Silent Hill HomeComing v1.0 R-E
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"Spider-Man" = Spider-man
"SprayR" = SprayR 1.0 RC7b
"Spyware Doctor" = Spyware Doctor 7.0
"ST6UNST #1" = Hero Editor V1.03
"Steam App 13210" = Unreal Tournament 3
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 33310" = R.U.S.E. Free Week End
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 590" = Left 4 Dead 2 Demo
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Theme Park World" = Theme Park World
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"TotalRecorder" = Total Recorder 7.1
"TuneUpMedia" = TuneUp Companion 2.4.4.3
"UltraISO_is1" = UltraISO Premium V9.33
"Updator" = Packard Bell Updator
"VCD Menu Lite_is1" = VCD Menu Lite 2.01
"Veetle TV" = Veetle TV 0.9.18
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"VLC media player" = VLC media player 0.9.8a
"vShare plugin" = vShare plugin 1.3
"VTFEdit_is1" = VTFEdit 1.2.5
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR
"works9" = Microsoft Works 9
"World of Warcraft" = World of Warcraft
"xampp" = XAMPP 1.7.0
"Xfire" = Xfire (remove only)
"XiphQT" = Xiph QuickTime Components
"XMedia Recode" = XMedia Recode 2.1.8.4
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.2.7.1
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.08.2012 08:27:50 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 15.08.2012 08:27:51 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 15.08.2012 08:28:26 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 15.08.2012 08:28:27 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 15.08.2012 09:56:54 | Computer Name = Thomas-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 15.08.2012 09:57:16 | Computer Name = Thomas-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 15.08.2012 09:57:16 | Computer Name = Thomas-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 15.08.2012 10:24:44 | Computer Name = Thomas-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 15.08.2012 10:24:46 | Computer Name = Thomas-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 15.08.2012 10:24:46 | Computer Name = Thomas-PC | Source = LoadPerf | ID = 3011
Description = 
 
[ OSession Events ]
Error - 26.01.2010 14:26:17 | Computer Name = Thomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7449
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 24.08.2010 11:20:57 | Computer Name = Thomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1649
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 13.11.2011 11:45:10 | Computer Name = Thomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 13.11.2011 11:45:11 | Computer Name = Thomas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 15.08.2012 09:57:04 | Computer Name = Thomas-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 15.08.2012 09:57:08 | Computer Name = Thomas-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 15.08.2012 09:57:08 | Computer Name = Thomas-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 15.08.2012 09:57:08 | Computer Name = Thomas-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 15.08.2012 09:57:08 | Computer Name = Thomas-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 15.08.2012 09:57:12 | Computer Name = Thomas-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 15.08.2012 09:57:12 | Computer Name = Thomas-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 15.08.2012 09:57:12 | Computer Name = Thomas-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 15.08.2012 09:57:15 | Computer Name = Thomas-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
Error - 15.08.2012 09:57:15 | Computer Name = Thomas-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
[ TuneUp Events ]
Error - 14.08.2012 06:12:12 | Computer Name = Thomas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-14 12:12:12',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 14.08.2012 08:52:19 | Computer Name = Thomas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 OR REPLACE INTO StartMenuEntries (ProductID, AnalyzeTime, Outdated, NrOfEntries)
 VALUES ('M32:{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}', '2012-08-14 14:52:17', '0',
 '4')
 
Error - 14.08.2012 08:52:19 | Computer Name = Thomas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-14 14:52:19',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 14.08.2012 12:14:19 | Computer Name = Thomas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 OR REPLACE INTO StartMenuEntries (ProductID, AnalyzeTime, Outdated, NrOfEntries)
 VALUES ('M32:{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}', '2012-08-14 18:14:16', '0',
 '4')
 
Error - 14.08.2012 12:14:19 | Computer Name = Thomas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-14 18:14:19',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 14.08.2012 18:59:48 | Computer Name = Thomas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-15 00:59:48',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 15.08.2012 04:03:05 | Computer Name = Thomas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 OR REPLACE INTO StartMenuEntries (ProductID, AnalyzeTime, Outdated, NrOfEntries)
 VALUES ('M32:{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}', '2012-08-15 10:02:59', '0',
 '4')
 
Error - 15.08.2012 04:03:05 | Computer Name = Thomas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-15 10:03:05',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 15.08.2012 09:00:58 | Computer Name = Thomas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 OR REPLACE INTO StartMenuEntries (ProductID, AnalyzeTime, Outdated, NrOfEntries)
 VALUES ('M32:{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}', '2012-08-15 15:00:17', '0',
 '4')
 
Error - 15.08.2012 09:01:01 | Computer Name = Thomas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-08-15 15:01:01',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
 
< End of report >
Rest kommt noch...
__________________
Alt 15.08.2012, 20:45   #4
dasmann
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


OTL:

Code:
ATTFilter
OTL logfile created on: 15.08.2012 20:40:12 - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Thomas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 47,91% Memory free
6,70 Gb Paging File | 5,14 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 584,17 Gb Total Space | 43,65 Gb Free Space | 7,47% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Thomas\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\TuneUpMedia\updater\TuneUpUpdater.exe (CatenaLogic)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Expat Shield\bin\hsswd.exe ()
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe (Speedbit Ltd.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Windows\System32\lxctcoms.exe ( )
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Guard.Mail.ru) -- C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe File not found
SRV - (ABBYY.Licensing.PDFTransformer.Classic.3.0) -- C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ExpatWd) -- C:\Program Files\Expat Shield\bin\hsswd.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VideoAcceleratorService) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( )
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (asbp2poa) -- C:\Users\Thomas\AppData\Local\Temp\asbp2poa.sys File not found
DRV - (appliandMP) -- system32\DRIVERS\appliand.sys File not found
DRV - ({09BB444F-B2E2-4009-BAF2-7B727681223E}) -- C:\Program Files\VMLaunch\BuddyVM.sys File not found
DRV - (MpKsl8f479b0d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F8C1D20-C0AA-4DBE-9500-79AEC3D20E4D}\MpKsl8f479b0d.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (Uim_Vim) -- C:\Windows\System32\drivers\Uim_Vim.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PCTCore) -- C:\Windows\System32\drivers\PCTCore.sys (PC Tools)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys ()
DRV - (sfvfs02) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (HabuFltr) -- C:\Windows\System32\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (StarForce Technologies, Inc.)
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (StarForce Technologies, Inc.)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (StarForce Technologies, Inc.)
DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys ()
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (StarForce Technologies, Inc.)
DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=506d6ac2-4993-11e1-bcbd-001c4aff8507
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKLM\..\SearchScopes\{D9ACAE44-2E69-4897-815B-4E45E6020308}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=506d6ac2-4993-11e1-bcbd-001c4aff8507&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=1108&m=ipower_x9500_ge
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=506d6ac2-4993-11e1-bcbd-001c4aff8507
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 91 A5 A7 EA 57 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {D9ACAE44-2E69-4897-815B-4E45E6020308}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=66016
IE - HKCU\..\SearchScopes\{29A1D8B1-FBF1-4FC1-AF2B-88CC614BEBAA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=abbOnCppetDzZk5mYbalY72EHWo?q={searchTerms}
IE - HKCU\..\SearchScopes\{8B719DDA-46A2-44D5-8033-16996CCA94F4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=1574d12c-5144-454e-995e-6cb4ba01c200&apn_sauid=88DD135E-1113-4FAE-80CD-E3A2419B4BA3&
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\..\SearchScopes\{CAEB7592-5192-49C4-AE26-63DAD03BFCE5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{D9ACAE44-2E69-4897-815B-4E45E6020308}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Thomas\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Thomas\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0904230-0-npoctoshape.xpt ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.15 14:19:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.15 14:16:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 14:21:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Thomas\Program Files\DNA
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2009.09.08 16:44:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@easy-hide-ip.com: C:\Program Files\Easy-Hide-IP\ff-extension [2011.05.10 21:34:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.15 14:16:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 14:21:05 | 000,000,000 | ---D | M]
 
[2010.01.09 20:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2010.01.09 20:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\MediaCoder
[2009.10.26 21:07:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2012.08.11 20:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\r1hpwb9m.default\extensions
[2011.06.02 17:13:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\r1hpwb9m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.04.20 22:50:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\r1hpwb9m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.22 17:32:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\r1hpwb9m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.12 00:12:54 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\r1hpwb9m.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2012.05.22 09:39:48 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\r1hpwb9m.default\extensions\foxyproxy@eric.h.jung
[2010.05.04 19:12:31 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\r1hpwb9m.default\extensions\illimitux@illimitux.net
[2012.04.20 16:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.10 22:27:46 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.07.18 16:00:43 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.10.19 19:59:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012.04.16 10:13:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.08.15 14:18:31 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012.06.17 16:26:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.17 16:26:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 16:26:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 16:26:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 16:26:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 16:26:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.11.01 15:59:58 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 	localhost
O1 - Hosts: ::1 	localhost
O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\Thomas\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm File not found
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm File not found
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video - Reg Error: Value error. File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28BC6EEA-185B-4818-91FB-174737E0AA93}: NameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01275903-e4b5-11dd-b6e3-001c4aff8507}\Shell - "" = AutoRun
O33 - MountPoints2\{179a64e0-85cb-11e0-a814-001c4aff8507}\Shell - "" = AutoRun
O33 - MountPoints2\{179a64e0-85cb-11e0-a814-001c4aff8507}\Shell\AutoRun\command - "" = F:\autorun1.exe
O33 - MountPoints2\{3a04f3fa-1e96-11e1-90a4-001c4aff8507}\Shell - "" = AutoRun
O33 - MountPoints2\{3a04f3fa-1e96-11e1-90a4-001c4aff8507}\Shell\AutoRun\command - "" = F:\INSTALL.EXE
O33 - MountPoints2\{45ff81f9-4dc8-11de-b431-001c4aff8507}\Shell - "" = AutoRun
O33 - MountPoints2\{45ff81f9-4dc8-11de-b431-001c4aff8507}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{45ff81f9-4dc8-11de-b431-001c4aff8507}\Shell\setup\command - "" = F:\setup.exe
O33 - MountPoints2\{4bd1f925-bddc-11e0-812c-001c4aff8507}\Shell - "" = AutoRun
O33 - MountPoints2\{4bd1f925-bddc-11e0-812c-001c4aff8507}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{6ce71508-7e89-11de-b2d7-001c4aff8507}\Shell - "" = AutoRun
O33 - MountPoints2\{6ce71508-7e89-11de-b2d7-001c4aff8507}\Shell\AutoRun\command - "" = F:\AutoRunLauncher.exe
O33 - MountPoints2\{a796711a-803d-11de-a9b7-001c4aff8507}\Shell - "" = AutoRun
O33 - MountPoints2\{a796711a-803d-11de-a9b7-001c4aff8507}\Shell\AutoRun\command - "" = L:\AutoRunLauncher.exe
O33 - MountPoints2\{a796711c-803d-11de-a9b7-001c4aff8507}\Shell - "" = AutoRun
O33 - MountPoints2\{a796711c-803d-11de-a9b7-001c4aff8507}\Shell\AutoRun\command - "" = M:\AutoRunLauncher.exe
O33 - MountPoints2\{a796711e-803d-11de-a9b7-001c4aff8507}\Shell - "" = AutoRun
O33 - MountPoints2\{a796711e-803d-11de-a9b7-001c4aff8507}\Shell\AutoRun\command - "" = N:\SETUP.EXE
O33 - MountPoints2\{ab7cd5d8-025e-11e1-81f7-001c4aff8507}\Shell - "" = AutoRun
O33 - MountPoints2\{ab7cd5d8-025e-11e1-81f7-001c4aff8507}\Shell\AutoRun\command - "" = G:\steambackup2.EXE
O33 - MountPoints2\{b1c5e911-d76c-11dd-9388-00218505a769}\Shell - "" = AutoRun
O33 - MountPoints2\{b1c5e911-d76c-11dd-9388-00218505a769}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {20CAE069-2588-1837-AFB4-3A8362D4CE85} - Windows Media Player 5.2
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {40C586DC-CB59-663D-7933-CAF108538836} - Internet Explorer
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: AeLookupSvc -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig - StartUpFolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpFolder: C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: a-squared - hkey= - key= -  File not found
MsConfig - StartUpReg: ABBYY Screenshot Reader Bonus - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= -  File not found
MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BGReminderTool - hkey= - key= -  File not found
MsConfig - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= -  File not found
MsConfig - StartUpReg: DownloadAccelerator - hkey= - key= -  File not found
MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LXCTCATS - hkey= - key= -  File not found
MsConfig - StartUpReg: lxctmon.exe - hkey= - key= - C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
MsConfig - StartUpReg:  Malwarebytes Anti-Malware  (reboot) - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroRebootSetup - hkey= - key= -  File not found
MsConfig - StartUpReg: Octoshape Streaming Services - hkey= - key= - C:\Users\Thomas\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RGSC - hkey= - key= - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
MsConfig - StartUpReg: RssReader - hkey= - key= - C:\Users\Thomas\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe (QlikWorld BV)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= -  File not found
MsConfig - StartUpReg: SkyMonk - hkey= - key= -  File not found
MsConfig - StartUpReg: SpeedBitVideoAccelerator - hkey= - key= - C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= -  File not found
MsConfig - StartUpReg: SSHNAS - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Uninstall_CToolbar - hkey= - key= -  File not found
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: Vidalia - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.15 15:00:18 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012.08.15 15:00:16 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.08.15 15:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.08.15 14:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012.08.15 14:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.08.15 14:18:11 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012.08.12 12:38:47 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\FFOutput
[2012.08.06 22:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.08.06 22:04:48 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2012.08.06 17:51:25 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\MigWiz
[2012.08.06 17:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Easy Transfer 7
[2012.08.06 17:34:43 | 000,000,000 | ---D | C] -- C:\archive_db
[2012.08.06 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2012.08.06 17:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2012.08.06 17:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012.08.06 17:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free
[2012.08.06 17:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2012.08.06 16:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.08.06 16:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2012.08.04 10:12:48 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\MP4
[2012.08.01 17:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.07.27 19:28:20 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\FLV
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Thomas\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Thomas\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Thomas\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Thomas\AppData\Local\bass.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.15 20:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.15 20:30:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-Thomas.job
[2012.08.15 20:30:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie-Thomas.job
[2012.08.15 20:00:15 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.08.15 20:00:07 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 20:00:07 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 19:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.15 17:30:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.15 16:24:53 | 006,272,624 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.15 16:24:53 | 005,532,930 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.15 16:24:52 | 019,901,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.15 16:24:50 | 006,307,578 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.15 15:00:19 | 000,002,042 | ---- | M] () -- C:\Users\Thomas\Desktop\SpyHunter.lnk
[2012.08.15 14:18:11 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012.08.15 14:03:19 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.15 14:00:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.14 17:30:51 | 000,001,735 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.08 00:21:08 | 209,347,993 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.07 15:49:14 | 004,503,728 | ---- | M] () -- C:\ProgramData\rat_0ybba.pad
[2012.08.06 17:06:50 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk
[2012.08.06 16:32:10 | 012,687,385 | ---- | M] () -- C:\Users\Thomas\Documents\Firefox 14.0.1 (de) - 2012-08-06.pcv
[2012.08.06 16:31:05 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.08.06 10:09:59 | 000,185,344 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.01 17:49:13 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.08.01 17:13:53 | 000,001,899 | ---- | M] () -- C:\Users\Thomas\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.08.01 17:13:53 | 000,001,828 | ---- | M] () -- C:\Users\Thomas\Desktop\Avira DE-Cleaner.lnk
[2012.08.01 17:11:30 | 000,002,199 | ---- | M] () -- C:\Users\Thomas\Desktop\Steam.lnk
[2012.08.01 17:11:11 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.01 10:55:29 | 000,069,670 | ---- | M] () -- C:\Users\Thomas\Documents\default
[2012.07.24 15:26:13 | 004,503,728 | ---- | M] () -- C:\ProgramData\piz_0ef.pad
[2012.07.23 19:00:20 | 002,329,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.19 18:06:00 | 000,064,930 | ---- | M] () -- C:\Users\Thomas\Desktop\Polar Music Prize.jpg
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.15 15:00:19 | 000,002,042 | ---- | C] () -- C:\Users\Thomas\Desktop\SpyHunter.lnk
[2012.08.14 17:30:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.14 17:30:51 | 000,001,735 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.08 00:21:08 | 209,347,993 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.08.06 17:46:23 | 000,001,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Easy Transfer 7.lnk
[2012.08.06 17:06:50 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk
[2012.08.06 16:31:57 | 012,687,385 | ---- | C] () -- C:\Users\Thomas\Documents\Firefox 14.0.1 (de) - 2012-08-06.pcv
[2012.08.06 16:31:05 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.08.06 12:03:14 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad
[2012.08.01 17:49:13 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.08.01 17:40:19 | 000,001,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.08.01 17:13:53 | 000,001,899 | ---- | C] () -- C:\Users\Thomas\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.08.01 17:13:53 | 000,001,828 | ---- | C] () -- C:\Users\Thomas\Desktop\Avira DE-Cleaner.lnk
[2012.08.01 11:41:23 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.08.01 10:55:29 | 000,069,670 | ---- | C] () -- C:\Users\Thomas\Documents\default
[2012.07.23 11:35:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad
[2012.07.19 18:05:59 | 000,064,930 | ---- | C] () -- C:\Users\Thomas\Desktop\Polar Music Prize.jpg
[2012.06.12 11:08:13 | 000,002,141 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel
[2012.05.22 21:06:02 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012.04.18 23:32:46 | 000,004,796 | ---- | C] () -- C:\Users\Thomas\AppData\Local\recently-used.xbel
[2012.03.27 13:12:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.03.27 13:12:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.12.10 22:54:52 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\AppData\Local\{3285F61D-AEB1-4C1D-AFB2-0FEFFF0EE10B}
[2011.12.05 23:36:38 | 000,000,791 | ---- | C] () -- C:\Windows\Spidey.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.10.01 16:40:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2010.06.02 16:38:09 | 000,000,007 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\{7403974B-D721-4DE1-8050-BCC638ACDD63}.dll
[2010.05.28 14:30:48 | 000,017,408 | ---- | C] () -- C:\Users\Thomas\AppData\Local\WebpageIcons.db
[2010.02.15 22:49:51 | 000,009,675 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\UserTile.png
[2009.08.10 21:30:30 | 000,001,471 | ---- | C] () -- C:\Users\Thomas\AppData\Local\RecConfig.xml
[2009.08.04 09:18:07 | 000,000,149 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\default.rss
[2009.07.19 21:23:14 | 000,005,095 | ---- | C] () -- C:\ProgramData\xpbthzbm.qqq
[2008.12.25 19:47:47 | 000,000,552 | ---- | C] () -- C:\Users\Thomas\AppData\Local\d3d8caps.dat
[2008.12.10 16:15:30 | 000,000,680 | ---- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2008.12.10 14:44:37 | 000,022,328 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\PnkBstrK.sys
[2008.12.05 21:19:18 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\wklnhst.dat
[2008.12.05 20:42:27 | 000,185,344 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Thomas\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Thomas\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Thomas\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Thomas\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Thomas\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Thomas\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2011.04.09 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\.minecraft
[2012.03.30 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\5400 Series
[2009.08.26 16:32:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Activision
[2010.03.30 21:16:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\AnvSoft
[2012.06.25 16:25:31 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Babylon
[2011.05.10 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010.01.09 20:28:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\BitDefender
[2009.10.26 21:05:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Broad Intelligence
[2008.12.07 19:58:38 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Broken Sword 2.5
[2009.01.02 14:52:34 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Canneverbe_Limited
[2009.06.04 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\concept design
[2009.01.17 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools
[2012.01.07 20:24:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite
[2009.01.17 18:44:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Pro
[2009.10.26 21:05:13 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Desktopicon
[2009.04.26 15:17:24 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DNA
[2010.06.04 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DonationCoder
[2012.02.12 23:36:54 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox
[2012.04.20 22:51:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DVDVideoSoft
[2012.04.20 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.09.05 14:59:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FileZilla
[2009.10.26 21:21:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FreeFLVConverter
[2012.03.27 13:21:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FreePDF
[2010.08.31 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FreeVideoConverter
[2009.01.02 18:07:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\GameHouse
[2009.05.11 16:12:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Games
[2012.06.12 11:08:13 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\gtk-2.0
[2011.04.09 22:27:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ICQ
[2009.02.01 17:56:53 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\IMVU
[2009.05.23 13:18:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\IMVUClient
[2009.02.09 14:30:56 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Inkscape
[2008.12.05 20:58:04 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\InterTrust
[2009.05.17 16:38:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Laconic Software
[2009.08.08 16:40:56 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Leadertech
[2010.07.17 14:48:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\LolClient
[2010.01.29 18:13:25 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011.11.16 15:56:35 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\LucasArts
[2009.04.03 13:04:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\MilkShape 3D 1.x.x
[2012.08.14 12:57:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Mp3tag
[2012.03.20 22:41:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Notepad++
[2009.05.02 19:50:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Octoshape
[2012.05.21 17:17:38 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenCandy
[2009.08.26 18:18:24 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2009.02.09 14:21:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Opera
[2009.12.19 16:26:45 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Packard Bell
[2009.12.28 19:17:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Participatory Culture Foundation
[2009.06.05 17:30:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Qlikworld
[2009.06.14 13:21:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\rockbox.org
[2010.04.12 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Screaming Bee
[2009.05.21 16:18:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ScreenSeven
[2011.11.11 14:48:35 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ScummVM
[2012.01.17 12:18:54 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SkyMonk
[2009.08.04 14:04:24 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SPORE
[2008.12.05 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Template
[2009.08.10 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TotalRecorder
[2009.01.10 14:31:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TuneUp Software
[2012.06.14 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TuneUpMedia
[2010.01.27 16:44:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Ubisoft
[2009.11.01 16:21:21 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Uniblue
[2012.08.15 14:04:18 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\uTorrent
[2012.01.28 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\VshareComplete
[2009.03.13 18:55:24 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\WaterProof
[2009.04.15 11:15:17 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Xilisoft Corporation
[2012.04.12 11:14:40 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\YCanPDF
[2012.08.15 20:00:15 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.08.15 20:30:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie-Thomas.job
[2012.08.15 20:30:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator-Thomas.job
[2012.08.15 13:50:09 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.27 15:00:00 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE7E33E3-7DE1-4EBE-AB3C-90FA3BC025B5}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2008.12.31 22:48:15 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.08.06 17:34:43 | 000,000,000 | ---D | M] -- C:\archive_db
[2012.01.05 21:39:01 | 000,000,000 | -HSD | M] -- C:\boot
[2009.07.02 16:42:16 | 000,000,000 | ---D | M] -- C:\Cambridge
[2009.04.18 19:44:01 | 000,000,000 | ---D | M] -- C:\desktop
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.12.05 20:16:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.01.04 19:02:57 | 000,000,000 | ---D | M] -- C:\drivers
[2010.08.19 19:54:10 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2011.05.10 22:27:47 | 000,000,000 | ---D | M] -- C:\Expat Shield
[2010.03.06 19:37:30 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.10.12 19:20:56 | 000,000,000 | ---D | M] -- C:\Games
[2009.04.14 11:13:52 | 000,000,000 | ---D | M] -- C:\HammerAutosave
[2010.10.03 21:31:45 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
[2011.10.25 17:31:51 | 000,000,000 | ---D | M] -- C:\karensoft
[2008.11.15 11:55:49 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.05.23 09:46:35 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.04.12 11:14:40 | 000,000,000 | ---D | M] -- C:\output
[2012.04.12 11:04:34 | 000,000,000 | ---D | M] -- C:\PDF
[2008.12.22 19:22:27 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2009.02.01 18:14:07 | 000,000,000 | ---D | M] -- C:\Perl
[2012.08.15 15:00:16 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.08.14 17:30:51 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.12.05 20:16:35 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.04.27 19:26:01 | 000,000,000 | ---D | M] -- C:\Restoration
[2009.12.11 18:07:01 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012.08.15 15:00:46 | 000,000,000 | ---D | M] -- C:\sh4ldr
[2012.02.21 22:36:46 | 000,000,000 | ---D | M] -- C:\Sierra
[2012.04.23 15:17:31 | 000,000,000 | ---D | M] -- C:\sound
[2011.11.16 00:23:32 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.08.15 20:45:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.27 12:52:16 | 000,000,000 | ---D | M] -- C:\temp
[2012.04.12 11:14:40 | 000,000,000 | ---D | M] -- C:\tmp
[2012.05.23 10:28:14 | 000,000,000 | R--D | M] -- C:\Users
[2009.10.18 13:15:36 | 000,000,000 | ---D | M] -- C:\VideoOutput
[2012.08.15 14:58:19 | 000,000,000 | ---D | M] -- C:\Windows
[2010.08.10 19:34:57 | 000,000,000 | ---D | M] -- C:\xampp
[2011.07.29 19:53:39 | 000,000,000 | ---D | M] -- C:\Z
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2007.01.18 21:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\Thomas\AppData\Local\No23 Recorder.exe
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.09.03 15:17:20 | 000,028,797 | R--- | M] () MD5=258ED9A1CCD8102C3236DD97354C51EC -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.06.07 03:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D05F6E26AC960474494356FE703D61BE -- C:\drivers\MOBO\CHIPSET\IDE\WinVista\sata_ide\nvstor32.sys
[2008.06.07 03:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D05F6E26AC960474494356FE703D61BE -- C:\Windows\System32\drivers\nvstor32.sys
[2008.06.07 03:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D05F6E26AC960474494356FE703D61BE -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_2ced8b81\nvstor32.sys
[2008.06.07 03:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D7B213299852D2026DBC90DAB77EF06C -- C:\drivers\MOBO\CHIPSET\IDE\WinVista\sataraid\nvstor32.sys
[2008.06.07 03:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=D7B213299852D2026DBC90DAB77EF06C -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_52f8ebc7\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.12.04 14:44:25 | 000,428,088 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.06.12 11:08:13 | 000,002,141 | ---- | M] () -- C:\Users\Thomas\.recently-used.xbel
[2012.08.15 21:03:12 | 023,592,960 | ---- | M] () -- C:\Users\Thomas\ntuser.dat
[2012.08.15 21:03:12 | 000,262,144 | -H-- | M] () -- C:\Users\Thomas\ntuser.dat.LOG1
[2008.12.05 20:20:09 | 000,000,000 | -H-- | M] () -- C:\Users\Thomas\ntuser.dat.LOG2
[2009.02.03 16:58:07 | 002,097,152 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat_previous
[2010.07.20 16:57:59 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{0e0a132a-cabd-11de-8e0f-001c4aff8507}.TM.blf
[2010.07.20 16:57:59 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{0e0a132a-cabd-11de-8e0f-001c4aff8507}.TMContainer00000000000000000001.regtrans-ms
[2009.11.06 16:59:55 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{0e0a132a-cabd-11de-8e0f-001c4aff8507}.TMContainer00000000000000000002.regtrans-ms
[2012.08.15 14:02:29 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{2356a0d6-37a0-11e1-8fa0-001c4aff8507}.TM.blf
[2012.08.01 23:52:51 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{2356a0d6-37a0-11e1-8fa0-001c4aff8507}.TMContainer00000000000000000001.regtrans-ms
[2012.08.15 14:02:29 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{2356a0d6-37a0-11e1-8fa0-001c4aff8507}.TMContainer00000000000000000002.regtrans-ms
[2009.11.06 15:16:11 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.11.06 15:16:11 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008.12.05 22:25:19 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2012.01.05 21:39:08 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{9fe90c8c-940d-11df-9934-001c4aff8507}.TM.blf
[2011.11.10 17:29:23 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{9fe90c8c-940d-11df-9934-001c4aff8507}.TMContainer00000000000000000001.regtrans-ms
[2012.01.05 21:39:08 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{9fe90c8c-940d-11df-9934-001c4aff8507}.TMContainer00000000000000000002.regtrans-ms
[2008.12.05 20:20:09 | 000,000,020 | -HS- | M] () -- C:\Users\Thomas\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D74B6CF5
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
Grüße

Alt 15.08.2012, 21:23   #5
markusg
/// Malware-holic
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.08.2012, 12:10   #6
dasmann
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


Guten Tag,

hier die Logfile:

Code:
ATTFilter
ComboFix 12-08-16.01 - Thomas 16.08.2012  12:35:12.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.1915 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\BarLcher.dll
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\uninst.exe
c:\program files\StartSearch plugin\vShareBar.dll
c:\program files\StartSearch plugin\vshareplg.crx
c:\programdata\ism_0_llatsni.pad
c:\programdata\piz_0ef.pad
c:\programdata\ras_0oed.pad
c:\programdata\rat_0ybba.pad
c:\programdata\SPLA18F.tmp
c:\users\Thomas\AppData\Local\lame_enc.dll
c:\users\Thomas\AppData\Local\no23xwrapper.dll
c:\users\Thomas\AppData\Local\ogg.dll
c:\users\Thomas\AppData\Local\vorbis.dll
c:\users\Thomas\AppData\Local\vorbisenc.dll
c:\users\Thomas\AppData\Local\vorbisfile.dll
c:\users\Thomas\AppData\Roaming\{7403974B-D721-4DE1-8050-BCC638ACDD63}.dll
c:\users\Thomas\AppData\Roaming\Desktopicon
c:\users\Thomas\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Thomas\AppData\Roaming\Desktopicon\uninst.exe
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-16 bis 2012-08-16  ))))))))))))))))))))))))))))))
.
.
2072-04-03 11:13 . 2008-03-21 12:46	607296	------w-	c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll
2071-07-25 07:13 . 2006-11-21 18:48	203576	------w-	c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-08-16 10:48 . 2012-08-16 10:48	--------	d-----w-	c:\users\Thomas\AppData\Local\temp
2012-08-16 10:48 . 2012-08-16 10:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-16 08:23 . 2012-08-16 08:23	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F8C1D20-C0AA-4DBE-9500-79AEC3D20E4D}\offreg.dll
2012-08-15 13:00 . 2012-08-15 13:00	110080	----a-r-	c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
2012-08-15 13:00 . 2012-08-15 13:00	110080	----a-r-	c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
2012-08-15 13:00 . 2012-08-15 13:00	110080	----a-r-	c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
2012-08-15 13:00 . 2012-08-15 13:00	--------	d-----w-	C:\sh4ldr
2012-08-15 13:00 . 2012-08-15 13:00	--------	d-----w-	c:\program files\Enigma Software Group
2012-08-15 12:58 . 2012-08-15 13:00	--------	d-----w-	c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-15 12:21 . 2012-08-15 12:21	11776	----a-w-	c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-08-15 12:20 . 2012-08-15 12:20	--------	d-----w-	c:\program files\Common Files\xing shared
2012-08-15 12:19 . 2012-08-15 12:19	150736	----a-w-	c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-08-15 12:18 . 2012-08-15 12:18	129176	----a-w-	c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-08-15 12:11 . 2012-06-28 23:44	6891424	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F8C1D20-C0AA-4DBE-9500-79AEC3D20E4D}\mpengine.dll
2012-08-14 08:27 . 2012-06-28 23:44	6891424	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-06 20:13 . 2012-08-06 20:13	--------	d-----w-	c:\windows\system32\config\systemprofile\{686eeaaa-2eb7-40c9-9395-dfde7d994fa8}
2012-08-06 20:05 . 2012-08-06 20:05	--------	d-----w-	c:\program files\Realtek
2012-08-06 20:05 . 2012-08-06 20:13	319456	----a-w-	c:\windows\DIFxAPI.dll
2012-08-06 20:04 . 2012-08-06 20:15	--------	d--h--w-	c:\program files\Temp
2012-08-06 20:04 . 2012-05-25 16:06	1706640	----a-w-	c:\windows\RtlExUpd.dll
2012-08-06 15:51 . 2012-08-06 16:02	--------	dc----w-	c:\users\Thomas\AppData\Local\MigWiz
2012-08-06 15:46 . 2012-08-06 15:46	--------	d-----w-	c:\program files\Windows Easy Transfer 7
2012-08-06 15:34 . 2012-08-06 15:34	--------	d-----w-	C:\archive_db
2012-08-06 15:23 . 2012-08-06 15:23	--------	d-----w-	c:\programdata\backup
2012-08-06 15:22 . 2012-08-06 15:22	--------	d-----w-	c:\programdata\explauncher
2012-08-06 15:22 . 2012-08-06 15:22	--------	d-----w-	c:\programdata\launcher
2012-08-06 15:04 . 2012-08-06 15:04	--------	d-----w-	c:\program files\Paragon Software
2012-08-06 14:31 . 2012-08-06 14:31	--------	d-----w-	c:\program files\MozBackup
2012-08-01 15:48 . 2012-08-01 15:48	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCC1DC2A-B311-4B24-82CD-66409A6CB93C}\gapaengine.dll
2012-08-01 15:38 . 2012-08-01 15:40	--------	d-----w-	c:\program files\Microsoft Security Client
2012-08-01 15:38 . 2010-04-05 20:00	221568	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-01 15:16 . 2012-08-01 15:16	8281168	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-07-23 15:46 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 15:57 . 2012-04-03 18:45	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-15 15:57 . 2011-06-29 14:11	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 15:57 . 2012-05-04 18:57	9826504	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2012-08-15 12:17 . 2003-03-18 18:14	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-08-15 12:17 . 2003-02-21 02:42	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-06-05 16:47 . 2012-07-11 08:32	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 08:32	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 08:32	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 08:13	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 08:13	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 08:12	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 08:12	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 08:13	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 08:13	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 08:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 08:12	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 08:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 08:32	278528	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 08:32	204288	----a-w-	c:\windows\system32\ncrypt.dll
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-09-07 10:01 . 2009-09-07 10:02	251392	----a-w-	c:\program files\opera\program\plugins\dapop.dll
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\opera\program\plugins\ssldivx.dll
2012-07-18 14:00 . 2012-04-20 14:43	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2009-10-19 17:59 . 2010-01-09 18:40	47104	----a-w-	c:\program files\mozilla firefox\components\FFComm.dll
2010-09-28 10:13 . 2010-01-06 17:18	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 09:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2011-04-06 20:49	232696	----a-w-	c:\program files\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 20:20	1515688	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-15 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-28 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-15 296096]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL 
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-08-23 20:20	887976	----a-w-	c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-09-24 17:54	1786168	----a-w-	c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17	3514176	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-04-29 17:55	3338240	----a-w-	c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2011-02-23 20:19	371200	----a-w-	c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-28 10:13	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
2006-11-21 12:27	106496	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\lxcttime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2006-11-22 09:11	291760	----a-w-	c:\program files\Lexmark 5400 Series\lxctmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44	70936	----a-w-	c:\users\Thomas\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-11-03 09:20	220744	----a-w-	c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35	305064	----a-w-	c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RssReader]
2008-10-02 12:55	3067904	----a-w-	c:\users\Thomas\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2010-06-02 19:38	1607272	----a-w-	c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-10-12 20:24	2000112	----a-w-	c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2010-06-07 13:32	111928	----a-r-	c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-15 10:03	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-08-15 12:17	296096	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-22 15:57	399736	----a-w-	c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Steam"="c:\program files\Steam\Steam.exe" -silent
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" /AUTO
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" /s
"Habu"=c:\program files\Razer\Habu\razerhid.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Lizenzierungsdienst;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLC0979CBE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-16 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:57]
.
2012-08-16 c:\windows\Tasks\Erweiterte Garantie-Thomas.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-11-15 10:13]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 12:35]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 12:35]
.
2012-08-16 c:\windows\Tasks\Recovery DVD Creator-Thomas.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-11-15 10:13]
.
2011-06-27 c:\windows\Tasks\User_Feed_Synchronization-{EE7E33E3-7DE1-4EBE-AB3C-90FA3BC025B5}.job
- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://startsear.ch/?aff=1&cf=506d6ac2-4993-11e1-bcbd-001c4aff8507
mStart Page = hxxp://startsear.ch/?aff=1&cf=506d6ac2-4993-11e1-bcbd-001c4aff8507
uInternet Settings,ProxyOverride = fritz.box;*.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Free YouTube Download - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save YouTube Video
IE: Save YouTube Video as MP3
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
TCP: Interfaces\{28BC6EEA-185B-4818-91FB-174737E0AA93}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\r1hpwb9m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Main_Page
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=506d6ac2-4993-11e1-bcbd-001c4aff8507&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-a-squared - c:\program files\a-squared Anti-Malware\a2guard.exe
MSConfigStartUp-ABBYY Screenshot Reader Bonus - c:\program files\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
MSConfigStartUp-BGReminderTool - c:\program files\Dr.Kawashima\ReminderTool\BGReminder.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-DownloadAccelerator - c:\program files\DAP\DAP.EXE
MSConfigStartUp-ICQ - ~c:\program files\ICQ7.4\ICQ.exe
MSConfigStartUp- Malwarebytes Anti-Malware  (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-NeroRebootSetup - c:\users\Thomas\AppData\Local\Temp\nro.tmp\SetupX.exe
MSConfigStartUp-RtHDVCpl - RtHDVCpl.exe
MSConfigStartUp-SkyMonk - c:\program files\SkyMonk\SkyMonk.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SSHNAS - c:\windows\system32\sshnas.dll
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Uninstall_CToolbar - c:\windows\Temp\CTun.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-eBay Icon - c:\users\Thomas\AppData\Roaming\Desktopicon\uninst.exe
AddRemove-Theme Park World - c:\windows\IsUn0407.exe
AddRemove-vShare plugin - c:\program files\StartSearch plugin\uninst.exe
AddRemove-BitTorrent DNA - c:\users\Thomas\Program Files\DNA\btdna.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Thomas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-16 12:48
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
.
c:\users\Thomas\AppData\Roaming\Dropbox\shellext\l\502cd118 124 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3114217596-2929422331-3151722266-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C068CFDE-03EC-ED4C-0227-9AFCEC2ED8E4}*]
"iackcliibgjjpegcgh"=hex:6b,61,6d,6c,68,6c,6e,6a,67,62,6f,6b,6f,65,70,66,67,62,
   66,6b,67,6a,00,00
.
[HKEY_USERS\S-1-5-21-3114217596-2929422331-3151722266-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a6,94,bc,9e,3d,d6,99,bc,59,03,a3,cf,95,78,f1,fa,1c,93,e1,cd,74,71,d4,
   03,51,9c,e1,f7,82,91,a6,9e,bf,83,93,36,a4,32,4d,f6,f6,5b,7f,a6,a7,46,93,7b,\
"??"=hex:03,8a,83,e1,1c,dc,f6,85,73,4c,87,71,0f,94,93,e0
.
[HKEY_USERS\S-1-5-21-3114217596-2929422331-3151722266-1000\Software\SecuROM\License information*]
"datasecu"=hex:7d,fb,4d,44,9f,19,a6,2f,9b,3d,e6,be,c2,3e,5a,fc,91,ac,63,89,7b,
   a6,2b,3d,32,d9,0f,e6,b8,32,99,13,07,18,1c,f3,1d,65,90,44,96,9f,30,89,62,3a,\
"rkeysecu"=hex:10,09,2d,07,56,c3,9e,16,45,e2,c0,7c,f5,6e,84,32
.
[HKEY_USERS\S-1-5-21-3114217596-2929422331-3151722266-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]
@DACL=(02 0000)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(608)
c:\progra~1\SPEEDB~1\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
.
- - - - - - - > 'Explorer.exe'(4664)
c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Zeit der Fertigstellung: 2012-08-16  12:58:03
ComboFix-quarantined-files.txt  2012-08-16 10:57
.
Vor Suchlauf: 31 Verzeichnis(se), 49.095.077.888 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 54.845.853.696 Bytes frei
.
- - End Of File - - 3C4A0A3F4A589BF2D76F12783D142B4E
Grüße

PSer Taskmanager scheint jetzt zu funktionieren, ob es auch so bleibt ist ungewiss...

Alt 16.08.2012, 13:06   #7
markusg
/// Malware-holic
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.08.2012, 13:56   #8
dasmann
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


Hallo,

ich bekomme keine Logs, und nach dem Scan kommt kein Hinweis dass ich neustarten muss. Mache ich etwas falsch? 16 Bedrohungen wurden herausgefischt, die aber alle nur verdächtig sind. Grüße.

Alt 16.08.2012, 16:04   #9
markusg
/// Malware-holic
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


das log liegt auf c:
als tdsskiller-datum-version.txt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.08.2012, 16:22   #10
dasmann
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


Hallo,

danke für den Hinweis. Das Log habe ich als Zip-Archiv angehängt.

Grüße

Alt 16.08.2012, 17:48   #11
markusg
/// Malware-holic
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


ok

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.08.2012, 02:27   #12
dasmann
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


Hallo,

hier die Logfile:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Thomas :: THOMAS-PC [Administrator]

Schutz: Deaktiviert

16.08.2012 22:21:33
mbam-log-2012-08-16 (22-21-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 679775
Laufzeit: 5 Stunde(n), 3 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=506d6ac2-4993-11e1-bcbd-001c4aff8507) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=506d6ac2-4993-11e1-bcbd-001c4aff8507) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Grüße.

Alt 20.08.2012, 11:27   #13
markusg
/// Malware-holic
 
Taskmanager lässt sich nicht schließen, etc - Standard

Taskmanager lässt sich nicht schließen, etc


hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Taskmanager lässt sich nicht schließen, etc
antivir, antivir guard, avira, bho, bonjour, browser, cdburnerxp, computer, desktop, enigma, firefox, google, hijack, hijackthis, logfile, mozilla, plug-in, problem, scan, sekunden, senden, software, stick, system, taskmanager, thomas, traces, trojaner, vista, windows


« GVU-Trojaner WindowsXP | GVU 2.07 - nun bin ich auch dran.. »


Ähnliche Themen: Taskmanager lässt sich nicht schließen, etc


  1. wisptis 2x im Taskmanager und lässt sich nicht beenden
    Plagegeister aller Art und deren Bekämpfung - 24.05.2015 (29)
  2. Blauer Slider, der sich nicht schließen lässt und abnormales Verhalten
    Log-Analyse und Auswertung - 01.12.2014 (10)
  3. Win7: Firefox verhät sich sehr seltsam (lässt sich z.B. nicht schließen)
    Log-Analyse und Auswertung - 21.11.2014 (11)
  4. Fake BKA-Seite lässt sich nicht schließen - Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 22.10.2014 (9)
  5. GVU - Bundespolizeimeldung lässt sich nicht schließen
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (13)
  6. Doppelt unterstrichene Worte bei Firefox & InternetExplorer lässt sich nicht schließen
    Log-Analyse und Auswertung - 23.09.2013 (8)
  7. browsermngr.exe*32 im Taskmanager lässt sich nicht schließen :(
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (17)
  8. DVD Laufwerk öffnet sich von selbst und lässt sich nicht mehr schließen
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (1)
  9. taskmanager lässt sich nicht öffnen
    Log-Analyse und Auswertung - 08.03.2012 (1)
  10. Taskmanager lässt sich nicht mehr öffnen.
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (18)
  11. Internet Explorer öffnet sich automatisch und lässt sich nicht mehr schließen
    Log-Analyse und Auswertung - 27.08.2010 (2)
  12. IExplorer lässt sich nicht schließen im Task-Manager
    Log-Analyse und Auswertung - 23.12.2009 (6)
  13. Internet Explorer 2x geöffnet und lässt sich nicht schließen!
    Plagegeister aller Art und deren Bekämpfung - 12.09.2009 (13)
  14. Taskmanager und Regedit lässt sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 21.02.2009 (20)
  15. XP lässt sich nicht schließen
    Mülltonne - 27.12.2007 (0)
  16. iexplorer.exe lässt sich nicht schließen!
    Log-Analyse und Auswertung - 01.03.2007 (1)
  17. Erbitte Eure Hilfe. Port 139 lässt sich nicht schließen.
    Log-Analyse und Auswertung - 13.01.2007 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Taskmanager lässt sich nicht schließen, etc - Hallo, wenn ich auf meinen Taskmanager zugreifen möchte, öffnet und schließt er sich nach einigen Sekunden automatisch. Es ist sehr wahrscheinlich dass ich einen Trojaner habe. Ich habe alle möglichen - Taskmanager lässt sich nicht schließen, etc...
Archiv
Du betrachtest: Taskmanager lässt sich nicht schließen, etc auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55