Google Redirect Virus

Fabs123 · 04.10.2012, 17:11

Liebe Leute,

seit ein paar Tagen werde ich nach anklicken eines Ergebnisses der google Suche häufig auf völlig fremde Seiten umgelenkt. Dazu ist der Windows-Sicherheitscenter deaktiviert und lässt sich auch nicht wieder aktivieren.

Nach einigen Recherchen bin ich auf den google redirect Virus gestoßen, der ähnliche Symptome verursacht. Allerdings tritt das Problem auch bei Yahoo Suchen auf. Im Rahmen mehrerer Viren und Spyware Scans (SuperAntispyware, Spybot, Avira Antivir, Malwarebytes) habe ich einen Trojaner löschen können. Zurzeit findet keines der Programme Trojaner oder Viren auf meinem Rechner. Das Problem tritt aber unverändert auf.

Ich bin mit meinem Latein am Ende, kann mir jemand sagen, wie ich den Mist wieder los werde?

Viele Dank und Grüße, Fabs

markusg · 04.10.2012, 17:59

hi
was hast du womit gelöscht? ich benötige den dazugehörenen bericht.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Fabs123 · 04.10.2012, 20:39

Danke für die schnelle Antwort. Unten die Ergebnisse:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10/4/2012 9:22:12 PM - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Fabian\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.89% Memory free
5.93 Gb Paging File | 4.55 Gb Available in Paging File | 76.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.26 Gb Total Space | 23.66 Gb Free Space | 38.01% Space Free | Partition Type: NTFS
Drive D: | 220.73 Gb Total Space | 154.68 Gb Free Space | 70.07% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/04 21:08:11 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
PRC - [2012/09/07 09:38:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/07/04 08:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/07/04 08:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/06/14 17:20:22 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/07/03 11:51:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 16:21:47 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/03 12:05:34 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/07/29 15:26:48 | 004,456,448 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/07/29 15:26:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/09/12 14:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/09/07 12:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/08/23 06:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Program Files\maxdome\DCBin\DCService.exe
PRC - [2009/03/28 04:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/09/07 09:38:58 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/04 01:16:08 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/06/15 06:43:15 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\961b28b18dc304d4434ca9938abd1d60\WindowsFormsIntegration.ni.dll
MOD - [2012/06/15 06:39:23 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012/06/15 06:38:55 | 014,325,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
MOD - [2012/06/15 06:38:04 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/15 06:37:40 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/06/15 06:37:15 | 012,218,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
MOD - [2012/05/10 14:15:40 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll
MOD - [2012/05/10 14:11:51 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 14:11:27 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 14:10:21 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/10 14:10:10 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/10 14:10:05 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/10 14:10:04 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/10 14:09:13 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/09/17 16:19:02 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009/09/17 16:18:50 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009/09/17 16:18:48 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/09/17 16:18:48 | 000,208,896 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/09/21 08:04:10 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 09:38:58 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/04 08:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/06/14 17:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/03/09 23:48:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/03 11:51:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 16:21:47 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/07/29 15:26:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/07/29 15:25:00 | 000,952,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/07/29 15:24:28 | 000,483,840 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2009/09/28 10:22:00 | 000,364,544 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/05/01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2009/03/28 04:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | System | Stopped] -- C:\windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2012/10/04 11:15:38 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) [File_System | Boot | Unknown] -- C:\Windows\System32\drivers\10759133.sys -- (76718129)
DRV - [2012/10/02 16:15:32 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012/10/02 16:15:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012/07/04 08:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/07/04 08:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/07/04 07:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/02/23 14:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/12/13 04:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/03 11:51:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/03 11:51:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/12 11:46:00 | 000,013,824 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HPub4DE3.sys -- (HPub4DE3)
DRV - [2011/03/09 10:44:52 | 000,020,992 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HPMo4DE3.sys -- (HPMo4DE3)
DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/08/18 13:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/08/18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009/08/18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/08/18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/08/18 13:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/08/18 13:06:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/08/10 20:43:34 | 000,237,696 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMC326.sys -- (VMC326)
DRV - [2009/07/22 00:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2005/12/01 11:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drhard.sys -- (drhard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&tt=201208_mnt_n_3512_6&babsrc=SP_ss&mntrId=6c6e06ca0000000000002226b652b377
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=&src=crm&q={searchTerms}&locale=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.nytimes.com/"
FF - prefs.js..extensions.enabledItems: playbox@toolbar:1.0.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=6c6e06ca0000000000002226b652b377&tlver=1.6.9.12&instlRef=sst&babTrack&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/23 23:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 09:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/15 11:36:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/12 07:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/08/23 20:29:24 | 000,000,000 | ---D | M]
 
[2010/01/23 22:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2010/01/23 22:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/02 11:01:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\z5jnz8ao.default\extensions
[2010/03/21 16:32:37 | 000,002,253 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\z5jnz8ao.default\searchplugins\askcom.xml
[2012/09/07 09:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/09/07 09:38:58 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/11 16:40:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/26 07:57:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/28 11:15:19 | 000,002,362 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/08/30 19:15:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/26 07:57:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/26 07:57:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/26 07:57:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/26 07:57:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/07/24 09:53:02 | 000,414,842 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	å…¨è®¯ç½‘,åšå½©ä¼˜æƒ*,çš‡å†*æ*£ç½‘cr67com,çš‡å†*æ¯”åˆ†,çš‡å†*å³æ—¶æŒ‡æ•°,å¤ªé˜³åŸŽä»£ç†112scg,ttå¨±ä¹åŸŽ8bc8,ç½‘ä¸ŠçœŸé’±å¨±
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	²©²ÊÍ¨,²©²ÊÍø,½ð±¦²©188,²©²ÊÍ¨ÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14322 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] C:\windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [X-Lite] C:\Program Files\CounterPath\X-Lite\X-Lite.exe (CounterPath)
O4 - HKLM..\RunOnce: [5193EBE7-9D95-4EFE-A619-673799DEB089] C:\windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\Office\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CCAF921-CEF7-4DAF-8C20-CB6663161137}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1621fb38-8cf6-11e0-a4f7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1621fb38-8cf6-11e0-a4f7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a416ea0c-9555-11df-a024-d0ba6f5a203a}\Shell - "" = AutoRun
O33 - MountPoints2\{a416ea0c-9555-11df-a024-d0ba6f5a203a}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^maxdome Download Manager.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Fabian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/04 21:07:53 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012/10/04 11:15:38 | 000,177,496 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\System32\drivers\10759133.sys
[2012/10/04 11:15:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/03 17:27:50 | 000,020,992 | ---- | C] (TPMX Electronics Ltd.) -- C:\windows\System32\drivers\HPMo4DE3.sys
[2012/10/03 17:27:50 | 000,013,824 | ---- | C] (TPMX Electronics Ltd.) -- C:\windows\System32\drivers\HPub4DE3.sys
[2012/10/03 13:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/03 13:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/03 11:44:53 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes
[2012/10/03 11:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/03 11:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/03 11:44:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/10/03 11:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/02 16:17:11 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/10/02 16:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2012/10/02 16:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2012/10/02 07:36:33 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/02 07:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/02 07:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/02 07:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/01 19:47:15 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Electronic Arts
[2012/10/01 19:46:51 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\System32\CmdLineExt.dll
[2012/10/01 19:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/10/01 19:36:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Electronic Arts
[2012/10/01 19:08:51 | 000,000,000 | ---D | C] -- C:\temp
[2012/10/01 19:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sport
[2012/10/01 15:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/10/01 15:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/10/01 15:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012/10/01 15:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/10/01 15:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/09/19 09:10:39 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Research In Motion
[2012/09/07 09:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/23 02:59:40 | 002,495,080 | ---- | C] (Amazon.com) -- C:\Program Files\AmazonMP3Downloader.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/04 21:08:11 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012/10/04 21:04:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/04 20:38:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/04 17:38:00 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 15:36:00 | 000,000,512 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 13252aca-bcae-4632-b44e-34dc74b29344.job
[2012/10/04 11:15:38 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\System32\drivers\10759133.sys
[2012/10/04 07:21:19 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 07:21:19 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 07:11:30 | 000,000,312 | ---- | M] () -- C:\windows\tasks\mcfoiau.job
[2012/10/04 07:11:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/04 07:11:20 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/03 17:27:53 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_HPub4DE3_01009.Wdf
[2012/10/03 15:39:40 | 000,424,320 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/10/03 14:00:50 | 000,340,668 | ---- | M] () -- C:\Users\Fabian\Desktop\cc_20121003_140028.reg
[2012/10/03 13:25:01 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/03 13:11:44 | 000,001,216 | ---- | M] () -- C:\Users\Fabian\Desktop\Spybot - Search & Destroy.lnk
[2012/10/03 11:44:37 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/02 16:15:32 | 000,281,760 | ---- | M] () -- C:\windows\System32\drivers\atksgt.sys
[2012/10/02 16:15:32 | 000,025,888 | ---- | M] () -- C:\windows\System32\drivers\lirsgt.sys
[2012/10/02 16:15:02 | 000,000,751 | ---- | M] () -- C:\Users\Fabian\Desktop\Call of Duty® 2 - SinglePlayer.lnk
[2012/10/02 16:15:02 | 000,000,751 | ---- | M] () -- C:\Users\Fabian\Desktop\Call of Duty® 2 - MultiPlayer.lnk
[2012/10/02 08:34:14 | 000,000,512 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task f31966fe-d7c4-4c9d-8878-6ce625e9df77.job
[2012/10/02 07:36:30 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/01 19:46:51 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\System32\CmdLineExt.dll
[2012/10/01 19:42:59 | 000,001,468 | ---- | M] () -- C:\Users\Public\Desktop\Dead Space™.lnk
[2012/10/01 07:22:09 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/10/01 07:22:09 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/10/01 07:22:09 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/10/01 07:22:09 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/30 15:50:23 | 000,114,688 | RHS- | M] () -- C:\windows\System32\tcpmibv.dll
[2012/09/27 10:52:37 | 000,108,886 | ---- | M] () -- C:\Users\Fabian\Desktop\Max_Weber___Die__Objektivit_t__sozialwissenschaftlicher_und_sozialpolitischer_Erkenntnis_.pdf
[2012/09/19 09:10:10 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2012/09/13 22:45:54 | 000,264,374 | ---- | M] () -- C:\Users\Fabian\Desktop\urwahlinfo2.pdf
[2012/09/09 12:22:20 | 000,464,798 | ---- | M] () -- C:\Users\Fabian\Desktop\TwoDoorCinemaClub23.11.pdf
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012/10/03 17:27:53 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_HPub4DE3_01009.Wdf
[2012/10/03 15:39:26 | 000,424,320 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2012/10/03 14:00:36 | 000,340,668 | ---- | C] () -- C:\Users\Fabian\Desktop\cc_20121003_140028.reg
[2012/10/03 13:25:01 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/03 13:11:44 | 000,001,216 | ---- | C] () -- C:\Users\Fabian\Desktop\Spybot - Search & Destroy.lnk
[2012/10/03 11:44:37 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/10/02 16:15:32 | 000,281,760 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2012/10/02 16:15:32 | 000,025,888 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2012/10/02 16:15:02 | 000,000,751 | ---- | C] () -- C:\Users\Fabian\Desktop\Call of Duty® 2 - SinglePlayer.lnk
[2012/10/02 16:15:02 | 000,000,751 | ---- | C] () -- C:\Users\Fabian\Desktop\Call of Duty® 2 - MultiPlayer.lnk
[2012/10/02 07:36:49 | 000,000,512 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 13252aca-bcae-4632-b44e-34dc74b29344.job
[2012/10/02 07:36:48 | 000,000,512 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task f31966fe-d7c4-4c9d-8878-6ce625e9df77.job
[2012/10/02 07:36:30 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/01 19:42:59 | 000,001,468 | ---- | C] () -- C:\Users\Public\Desktop\Dead Space™.lnk
[2012/09/30 15:50:23 | 000,114,688 | RHS- | C] () -- C:\windows\System32\tcpmibv.dll
[2012/09/30 15:50:23 | 000,000,312 | ---- | C] () -- C:\windows\tasks\mcfoiau.job
[2012/09/27 10:52:37 | 000,108,886 | ---- | C] () -- C:\Users\Fabian\Desktop\Max_Weber___Die__Objektivit_t__sozialwissenschaftlicher_und_sozialpolitischer_Erkenntnis_.pdf
[2012/09/19 09:10:10 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2012/09/13 22:45:53 | 000,264,374 | ---- | C] () -- C:\Users\Fabian\Desktop\urwahlinfo2.pdf
[2012/09/09 12:22:19 | 000,464,798 | ---- | C] () -- C:\Users\Fabian\Desktop\TwoDoorCinemaClub23.11.pdf
[2012/08/01 17:32:07 | 000,000,028 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\PhonerLitesettings.ini
[2012/07/21 20:10:29 | 000,650,752 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2012/07/21 20:10:29 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2012/07/21 20:10:29 | 000,216,064 | ---- | C] ( ) -- C:\windows\System32\lagarith.dll
[2012/07/21 20:10:28 | 000,178,688 | ---- | C] () -- C:\windows\System32\unrar.dll
[2012/07/21 20:10:25 | 000,079,872 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2012/07/04 07:27:30 | 000,204,952 | ---- | C] () -- C:\windows\System32\ativvsvl.dat
[2012/07/04 07:27:30 | 000,157,144 | ---- | C] () -- C:\windows\System32\ativvsva.dat
[2012/07/04 02:32:18 | 000,159,232 | ---- | C] () -- C:\windows\System32\clinfo.exe
[2012/05/25 12:57:45 | 000,003,584 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/18 19:39:06 | 000,028,672 | ---- | C] () -- C:\windows\System32\kdbsdk32.dll
[2012/03/13 15:32:14 | 000,000,001 | ---- | C] () -- C:\Users\Fabian\.SIG_PINSTATUS_VOREINSTELLUNG
[2012/03/13 15:32:14 | 000,000,001 | ---- | C] () -- C:\Users\Fabian\.SIG_DIALOG_VOREINSTELLUNG
[2012/03/06 19:59:32 | 000,618,823 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2011/10/02 12:59:57 | 000,070,701 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2011/09/20 07:43:10 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat
[2011/09/20 07:43:10 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat
[2011/09/13 01:06:16 | 000,003,917 | ---- | C] () -- C:\windows\System32\atipblag.dat
[2011/05/25 08:35:50 | 000,080,896 | ---- | C] () -- C:\windows\cadkasdeinst01.exe
[2010/11/09 10:57:45 | 000,000,000 | ---- | C] () -- C:\windows\ViewNX.INI
[2010/09/28 15:10:42 | 000,000,131 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/07/30 16:14:48 | 000,000,268 | RH-- | C] () -- C:\ProgramData\External Build System
[2010/07/30 16:14:48 | 000,000,268 | RH-- | C] () -- C:\Users\Fabian\AppData\Roaming\Equalizer
[2010/07/30 16:14:48 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/07/30 16:14:48 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Flowers
[2010/07/30 16:13:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Examples
[2010/07/30 16:13:04 | 000,000,268 | RH-- | C] () -- C:\Users\Fabian\AppData\Roaming\Enhance Timing
[2010/07/30 16:13:04 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/07/30 16:13:04 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Filters
[2010/03/27 12:43:56 | 000,000,884 | ---- | C] () -- C:\Users\Fabian\.recently-used.xbel
[2010/01/23 16:09:18 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/01/21 23:59:14 | 000,009,107 | ---- | C] () -- C:\Program Files\Readme.html
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/01/24 12:00:03 | 000,000,000 | -HSD | M] -- C:\Users\Fabian\AppData\Roaming\.#
[2012/07/25 11:11:14 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ad-Aware Antivirus
[2010/12/20 17:32:34 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Amazon
[2010/01/30 11:45:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\BitTorrent
[2010/07/24 09:41:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\BOM
[2012/01/17 18:52:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Buhl Data Service
[2012/01/17 19:26:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Buhl Data Service GmbH
[2011/05/25 08:35:58 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\CAD-KAS
[2010/03/04 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Canon
[2012/03/04 19:09:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\elsterformular
[2011/01/07 13:40:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\FrenzelSoft
[2010/01/23 17:28:07 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\GameConsole
[2010/03/27 12:43:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0
[2010/09/26 11:01:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\HandBrake
[2010/01/24 02:15:38 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\IrfanView
[2010/07/22 10:45:15 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\LG Electronics
[2010/11/09 10:57:39 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Nikon
[2012/08/28 11:19:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\pdfforge
[2011/05/25 08:44:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PixelPlanet
[2012/08/03 10:59:34 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Placetel
[2012/09/19 09:10:39 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Research In Motion
[2012/08/30 08:30:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Softland
[2010/01/23 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Thunderbird
[2012/10/03 13:59:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\uTorrent
[2011/06/02 10:11:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Vodafone
[2011/06/26 22:42:40 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010/01/23 16:25:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/04/08 13:36:16 | 000,000,000 | ---D | M] -- C:\6dbb642b3af1085822a6402faf77
[2012/02/27 22:20:31 | 000,000,000 | ---D | M] -- C:\AMD
[2010/10/23 17:25:03 | 000,000,000 | ---D | M] -- C:\CFLog
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/09/16 23:49:38 | 000,000,000 | ---D | M] -- C:\Intel
[2010/01/23 17:39:18 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/10/03 13:24:58 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/10/03 15:35:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/01/23 16:05:12 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/10/04 21:24:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/10/04 11:15:37 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2012/10/01 19:08:51 | 000,000,000 | ---D | M] -- C:\temp
[2010/01/23 16:07:11 | 000,000,000 | R--D | M] -- C:\Users
[2010/06/27 17:59:08 | 000,000,000 | -H-D | M] -- C:\VritualRoot
[2012/10/03 15:39:42 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2010/01/23 02:59:40 | 002,495,080 | ---- | M] (Amazon.com) -- C:\Program Files\AmazonMP3Downloader.exe
[2011/10/02 13:00:13 | 000,070,701 | ---- | M] () -- C:\Program Files\Uninstall.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009/07/14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 06:53:46 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2011/03/26 22:48:02 | 000,001,094 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/03/26 22:48:03 | 000,001,098 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/05 08:42:30 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012/09/30 15:50:23 | 000,000,312 | ---- | C] () -- C:\windows\Tasks\mcfoiau.job
[2012/10/02 07:36:48 | 000,000,512 | ---- | C] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task f31966fe-d7c4-4c9d-8878-6ce625e9df77.job
[2012/10/02 07:36:49 | 000,000,512 | ---- | C] () -- C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 13252aca-bcae-4632-b44e-34dc74b29344.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012/07/04 08:21:46 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\windows\system32\ATIDEMGX.dll
[2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\LocationApi.dll
[2012/09/30 15:50:23 | 000,114,688 | RHS- | M] () Unable to obtain MD5 -- C:\windows\system32\tcpmibv.dll
 
< %USERPROFILE%\*.* >
[2010/03/27 12:43:56 | 000,000,884 | ---- | M] () -- C:\Users\Fabian\.recently-used.xbel
[2012/03/13 15:32:14 | 000,000,001 | ---- | M] () -- C:\Users\Fabian\.SIG_DIALOG_VOREINSTELLUNG
[2012/03/13 15:32:14 | 000,000,001 | ---- | M] () -- C:\Users\Fabian\.SIG_PINSTATUS_VOREINSTELLUNG
[2012/10/04 21:35:39 | 008,126,464 | -HS- | M] () -- C:\Users\Fabian\ntuser.dat
[2012/10/04 21:35:39 | 000,262,144 | -HS- | M] () -- C:\Users\Fabian\ntuser.dat.LOG1
[2010/01/23 16:07:12 | 000,000,000 | -HS- | M] () -- C:\Users\Fabian\ntuser.dat.LOG2
[2011/04/08 19:00:52 | 000,065,536 | -HS- | M] () -- C:\Users\Fabian\ntuser.dat{1059f235-61d1-11e0-b09e-0024541aa92e}.TM.blf
[2011/04/08 19:00:52 | 000,524,288 | -HS- | M] () -- C:\Users\Fabian\ntuser.dat{1059f235-61d1-11e0-b09e-0024541aa92e}.TMContainer00000000000000000001.regtrans-ms
[2011/04/08 19:00:52 | 000,524,288 | -HS- | M] () -- C:\Users\Fabian\ntuser.dat{1059f235-61d1-11e0-b09e-0024541aa92e}.TMContainer00000000000000000002.regtrans-ms
[2010/01/23 16:28:34 | 000,065,536 | -HS- | M] () -- C:\Users\Fabian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/01/23 16:28:34 | 000,524,288 | -HS- | M] () -- C:\Users\Fabian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/01/23 16:28:34 | 000,524,288 | -HS- | M] () -- C:\Users\Fabian\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/01/23 16:07:12 | 000,000,020 | -HS- | M] () -- C:\Users\Fabian\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10/4/2012 9:22:12 PM - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Fabian\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.89% Memory free
5.93 Gb Paging File | 4.55 Gb Available in Paging File | 76.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.26 Gb Total Space | 23.66 Gb Free Space | 38.01% Space Free | Partition Type: NTFS
Drive D: | 220.73 Gb Total Space | 154.68 Gb Free Space | 70.07% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\Office\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECEC67-FCDF-453A-835D-5FFD3BC9BC37}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0750743F-3D68-48FA-84F6-CB4B53E055B8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{10CC3EC4-4110-4188-9E9D-A38021FB04F6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{20A1BFE3-B229-43CE-B2BE-3D26551CFD22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2608EDA8-4D7B-488B-B624-E0D4C5EF3947}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3521BFAA-4F61-45E2-8CD9-2B43DAF39150}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{358E4F45-A308-4B0D-BDAF-07344B043E45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{45FC478D-A7BA-4FD3-811E-120DA54EE1A3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{46E5C4AE-24CC-4CE8-9087-9B44BA75D675}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5E3C78B9-6194-42C0-91AD-06C030A60D9E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{665B47D6-B5F1-4E12-9981-1CF2C4EA48F2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{698E05C0-360D-4DC0-8B6E-0032D7021AD5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6F476F0E-0A4E-46A5-8E64-5ADC17676A9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7984F02F-7EA9-45C7-B8A3-59C1C4296049}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8AEF4FF4-1D4D-4EAE-8E6B-C1B066A28802}" = rport=137 | protocol=17 | dir=out | app=system | 
"{910690B5-47DA-449F-B14A-891D78F3203C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{93917803-DB83-4BFE-8C4D-F7392B5EF670}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4F8566E-18B7-430C-8900-BA9A550FE08F}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{A8811F09-C118-4512-9D0F-FC0D50684C6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AF8020B3-3EC5-48F2-A24F-71BDF4372414}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B68B07EA-D5EB-4C2A-97F5-64AF5245B72E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B88AEBD6-9A12-40F9-BAC9-C4290310BE27}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA0F148B-9FFA-4CF2-903F-438ABDAD808C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BCF935C8-B39C-4425-893F-DFFD3509C3D2}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{BDE373BA-693D-466C-84A1-C227F2ED23A3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CF88A431-F3EF-4345-8A6E-DD279913D95C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EEE8F261-2253-4DBE-8045-64E2418112B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087F67D6-70F3-40E0-B547-D331D38DE4A0}" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"{0F46A52B-978B-4645-8F9D-AD1DBB4E90E6}" = protocol=6 | dir=out | app=system | 
"{1EE050FD-1D87-42CB-BB99-E61781F6D4D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{294D4BAD-2B0E-4B39-B4A0-12BE82117729}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3554AA81-3B19-46C6-8F29-9D418329D547}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{39653860-14F9-4148-AC70-F43A5C0892A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3FA4A72D-0CBB-4E24-930F-3039A073929A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{46A6EB74-D5AD-4E28-96FE-CDC1209854E7}" = protocol=17 | dir=in | app=c:\program files\office\office12\onenote.exe | 
"{54B51C9C-EBA5-4A03-8BC9-87F9037DBF96}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{62E7E19B-5215-468D-97DC-2FEC34375B74}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | 
"{6EA77036-E644-4232-B204-6DB8545705BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EE75DC9-03AF-47A6-9E4B-4C113460546C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{76D4DE08-58AC-483B-93FE-A2D649C4ECCD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B7BC387-7D25-44D4-94F1-93A2233C6F51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{970A43FC-CB25-4468-B14B-EBA4C0E5A788}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{A1A2C828-3E3A-40EE-9F60-04F85072C110}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA22D95E-59B1-4760-AD49-A51813B3BE30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF058860-4393-48E6-A893-DF333BBF5BEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B63245E7-4E87-4999-8D6A-B2684DFE7F2D}" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"{BD0A9786-A383-48F3-AC32-7A4702B467A2}" = protocol=58 | dir=in | app=system | 
"{C7773662-0E6B-4F31-AF10-01FB05ECDEF6}" = protocol=6 | dir=in | app=c:\program files\office\office12\onenote.exe | 
"{CC203B0D-03EE-47FC-B453-148272D97A3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D59918CA-4D3D-4A8E-955C-90364AAC7BE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D75C2B73-9C93-4EB6-993A-DAC32ED31E59}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{DBB769E9-98F0-4529-A8AA-D17AD4398BFA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD711C86-FD66-415A-9A5C-F1B076113721}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E243708C-78AE-4537-A609-06AC12DC07FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E294C92F-027B-4B7F-AA8B-17F50DA90B90}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{FDD3F7FB-9546-43A4-A2D9-951581F4DD26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{FE95ED2B-333A-4B1A-ACE2-DF7F2DD48613}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{A88D560D-C038-4616-85E9-C32E1BA97C58}C:\program files\placetel\placetel.exe" = protocol=6 | dir=in | app=c:\program files\placetel\placetel.exe | 
"TCP Query User{A8CD31B0-84C7-47F2-A58A-45547468CF21}D:\spiele\dead space.exe" = protocol=6 | dir=in | app=d:\spiele\dead space.exe | 
"TCP Query User{C10FD93E-FC26-4E2B-A525-E841B080F42C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{CDE4977D-17A0-4AE9-B0A1-9171A8821F90}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=6 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe | 
"UDP Query User{3B9D94E9-5FA9-41F6-A172-D334D9709E7F}D:\spiele\dead space.exe" = protocol=17 | dir=in | app=d:\spiele\dead space.exe | 
"UDP Query User{887C0A58-1B43-4C2D-92DE-6D8D9037F3A9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{B17EB0D7-FB9A-4AB4-A64F-3C1E977DE108}C:\program files\placetel\placetel.exe" = protocol=17 | dir=in | app=c:\program files\placetel\placetel.exe | 
"UDP Query User{D698793C-32B7-43E2-B91C-E7A2468972C9}C:\program files\counterpath\x-lite\x-lite.exe" = protocol=17 | dir=in | app=c:\program files\counterpath\x-lite\x-lite.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.9
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{31FC28E2-D8F9-411E-A2F5-71AC76C0C79C}" = Hoppenstedt Auskunfts-CD Firmendatenbank
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{426E4F54-EFFE-4C5B-A02A-23CFE8C3C679}" = X-Lite
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4C374853-D0D7-4503-9664-3A8D05D3C638}" = WD SmartWare
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FE08FEF-280B-72A9-7AD0-458062EC5D1B}" = AMD Drag and Drop Transcoding
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8741AB4D-67B7-4BB5-A4B1-8B2249ADE50F}" = BlackBerry App World Browser Plugin
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8DB53114-2FF5-4B26-994B-526298148653}_is1" = Call of Duty® 2
"{8E7C5578-1985-141E-4D5E-1FDEA31265C9}" = ccc-utility
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9064317A-39C7-40D5-8CF5-04A254747B88}" = BlackBerry Device Software Updater
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1249D34-EF3A-8FD7-CB9D-8215EE83D835}" = AMD Accelerated Video Transcoding
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC016E44-FF11-414F-A505-68C1D09C22F6}_is1" = Placetel Beta Version 1.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor (32bit)
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EAB74CB6-760C-2136-FC77-9549721FB84A}" = AMD Catalyst Install Manager
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{EC663A85-7749-429C-A99B-C3B5BE44E25A}" = FrenzelSoft Stock Ticker
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5A29695-BDAD-E83E-E364-330D3029B642}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BeCyPDFMetaEdit" = BeCyPDFMetaEdit
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"doPDF 7 printer_is1" = doPDF 7.3 printer
"Downloader" = Downloader
"Dr. Hardware 2010_is1" = Dr. Hardware 2010 10.1d
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular 13.1.0.8394u" = ElsterFormular
"EPSON S22 Series" = Druckerdeinstallation für EPSON S22 Series
"EPSON S22 Series Manual" = EPSON S22 Series Handbuch
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.0.2
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"PDF Editor 3" = PDF Editor 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"Wajam" = Wajam
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.2.7.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/4/2012 6:00:28 AM | Computer Name = Fabian-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 10/4/2012 9:59:35 AM | Computer Name = Fabian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe".  Die abhängige Assemblierung
 "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/4/2012 9:59:41 AM | Computer Name = Fabian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/4/2012 10:00:07 AM | Computer Name = Fabian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/4/2012 10:02:17 AM | Computer Name = Fabian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/4/2012 10:02:18 AM | Computer Name = Fabian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/4/2012 10:02:20 AM | Computer Name = Fabian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 10/4/2012 3:12:43 PM | Computer Name = Fabian-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.70.2 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11a4    Startzeit:
 01cda263e725d774    Endzeit: 16    Anwendungspfad: C:\Users\Fabian\Desktop\OTL.exe    Berichts-ID:
   
 
Error - 10/4/2012 3:16:47 PM | Computer Name = Fabian-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.70.2 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 150c    Startzeit:
 01cda264ab9f52e2    Endzeit: 0    Anwendungspfad: C:\Users\Fabian\Desktop\OTL.exe    Berichts-ID:
   
 
Error - 10/4/2012 3:19:28 PM | Computer Name = Fabian-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.70.2 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 176c    Startzeit:
 01cda264cec5246e    Endzeit: 16    Anwendungspfad: C:\Users\Fabian\Desktop\OTL.exe    Berichts-ID:
   
 
[ Media Center Events ]
Error - 2/10/2011 2:09:40 PM | Computer Name = Fabian-PC | Source = MCUpdate | ID = 0
Description = 19:09:39 - Fehler beim Herstellen der Internetverbindung.  19:09:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/10/2011 2:09:57 PM | Computer Name = Fabian-PC | Source = MCUpdate | ID = 0
Description = 19:09:45 - Fehler beim Herstellen der Internetverbindung.  19:09:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/11/2011 3:08:49 AM | Computer Name = Fabian-PC | Source = MCUpdate | ID = 0
Description = 08:08:49 - Fehler beim Herstellen der Internetverbindung.  08:08:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/11/2011 3:08:58 AM | Computer Name = Fabian-PC | Source = MCUpdate | ID = 0
Description = 08:08:54 - Fehler beim Herstellen der Internetverbindung.  08:08:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/13/2011 8:27:11 AM | Computer Name = Fabian-PC | Source = MCUpdate | ID = 0
Description = 13:27:10 - Fehler beim Herstellen der Internetverbindung.  13:27:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/13/2011 8:27:19 AM | Computer Name = Fabian-PC | Source = MCUpdate | ID = 0
Description = 13:27:16 - Fehler beim Herstellen der Internetverbindung.  13:27:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/15/2011 3:51:11 AM | Computer Name = Fabian-PC | Source = MCUpdate | ID = 0
Description = 08:51:11 - Fehler beim Herstellen der Internetverbindung.  08:51:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/15/2011 3:51:20 AM | Computer Name = Fabian-PC | Source = MCUpdate | ID = 0
Description = 08:51:16 - Fehler beim Herstellen der Internetverbindung.  08:51:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/17/2011 3:49:21 AM | Computer Name = Fabian-PC | Source = MCUpdate | ID = 0
Description = 08:49:21 - Fehler beim Herstellen der Internetverbindung.  08:49:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/17/2011 3:49:30 AM | Computer Name = Fabian-PC | Source = MCUpdate | ID = 0
Description = 08:49:26 - Fehler beim Herstellen der Internetverbindung.  08:49:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 6/3/2011 7:43:17 AM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5175
 seconds with 4020 seconds of active time.  This session ended with a crash.
 
Error - 9/13/2011 6:06:33 AM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1140
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 1/12/2012 8:56:17 AM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3161
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 8/17/2012 8:37:30 AM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7148
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10/3/2012 12:14:55 PM | Computer Name = Fabian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 10/4/2012 1:11:40 AM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 10/4/2012 1:12:14 AM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 WD File Management Engine erreicht.
 
Error - 10/4/2012 1:12:14 AM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WD File Management Engine" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 10/4/2012 1:12:44 AM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 WD File Management Shadow Engine erreicht.
 
Error - 10/4/2012 1:12:44 AM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WD File Management Shadow Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 10/4/2012 1:12:49 AM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:   %%126
 
Error - 10/4/2012 1:13:05 AM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd  SBRE
 
Error - 10/4/2012 1:13:06 AM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 10/4/2012 8:05:08 AM | Computer Name = Fabian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 10/4/2012 8:14:30 AM | Computer Name = Fabian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 10/4/2012 3:05:36 PM | Computer Name = Fabian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 10/4/2012 3:09:54 PM | Computer Name = Fabian-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

--- --- ---

Google Redirect Virus

Log-Analyse und Auswertung: Google Redirect Virus