Virus "Deutsche Post" Aufforderung zur Sendungsabholung

cosinus · 26.12.2012, 21:15

Tur mir ja echt Leid, aber es gibt wieder eine neue Version vom adwCleaner

Bitte wieder neu runterladen und ein neues Suchlog machen

Mamalia · 26.12.2012, 21:31

ich gehöre wohl zu den härteren fällen, befürchte ich. kannst du mir ein paar tips geben, welche programme ich auf dem pc haben sollte?

Code:

ATTFilter

# AdwCleaner v2.103 - Datei am 26/12/2012 um 21:27:18 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Amalia - AMALIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Amalia\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Amalia\AppData\Roaming\Mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6161 octets] - [23/12/2012 21:30:33]
AdwCleaner[R2].txt - [1036 octets] - [24/12/2012 19:59:39]
AdwCleaner[S1].txt - [5923 octets] - [23/12/2012 22:17:12]
AdwCleaner[S2].txt - [971 octets] - [26/12/2012 21:27:18]

########## EOF - C:\AdwCleaner[S2].txt - [1030 octets] ##########

die neue suche:

Code:

ATTFilter

# AdwCleaner v2.103 - Datei am 26/12/2012 um 21:33:14 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Amalia - AMALIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Amalia\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Ask.com.tmp

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Amalia\AppData\Roaming\Mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6161 octets] - [23/12/2012 21:30:33]
AdwCleaner[R2].txt - [1036 octets] - [24/12/2012 19:59:39]
AdwCleaner[R3].txt - [909 octets] - [26/12/2012 21:33:14]
AdwCleaner[S1].txt - [5923 octets] - [23/12/2012 22:17:12]
AdwCleaner[S2].txt - [1099 octets] - [26/12/2012 21:27:18]

########## EOF - C:\AdwCleaner[R3].txt - [1088 octets] ##########

kurze info, löschen erfolgte nach deinem ersten text (nach update adw), neue suche nach dem 2.

cosinus · 26.12.2012, 22:02

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Mamalia · 27.12.2012, 10:47

Code:

ATTFilter

# AdwCleaner v2.103 - Datei am 27/12/2012 um 10:44:19 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Amalia - AMALIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Amalia\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Amalia\AppData\Roaming\Mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6161 octets] - [23/12/2012 21:30:33]
AdwCleaner[R2].txt - [1036 octets] - [24/12/2012 19:59:39]
AdwCleaner[R3].txt - [1157 octets] - [26/12/2012 21:33:14]
AdwCleaner[S1].txt - [5923 octets] - [23/12/2012 22:17:12]
AdwCleaner[S2].txt - [1099 octets] - [26/12/2012 21:27:18]
AdwCleaner[S3].txt - [1091 octets] - [27/12/2012 10:44:19]

########## EOF - C:\AdwCleaner[S3].txt - [1151 octets] ##########

cosinus · 27.12.2012, 10:56

Wie weit ist OTL?

Mamalia · 27.12.2012, 10:56

Code:

ATTFilter

OTL logfile created on: 27.12.2012 10:49:17 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Amalia\Desktop\Anwendungen
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,34% Memory free
8,00 Gb Paging File | 6,62 Gb Available in Paging File | 82,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 254,35 Gb Free Space | 84,78% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 539,50 Gb Free Space | 57,92% Space Free | Partition Type: NTFS
Drive E: | 629,50 Gb Total Space | 606,14 Gb Free Space | 96,29% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: AMALIA-PC | User Name: Amalia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Amalia\Desktop\Anwendungen\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
PRC - C:\Windows\vsnp325.exe ()
PRC - C:\Windows\tsnp325.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\vsnp325.exe ()
MOD - C:\Windows\tsnp325.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SNP325) -- C:\Windows\SysNative\drivers\snp325.sys (Sonix Co. Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A4F3E31-641E-4F75-B017-9B931AA6BB6E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{5F59A8CE-D2B8-45D6-9204-8DAEF870D309}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 [binary data]
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{15B4B87A-2861-4246-8E8B-1597293E3F16}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{297F7C10-951E-4F69-9E9F-30FA301B3E00}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10399&src=crm&q={searchTerms}&locale=de_NL&apn_ptnrs=^ABX&apn_dtid=^YYYYYY^YY^NL&apn_uid=bc48a339-2861-41cb-98eb-763bf62b7128&apn_sauid=5486F1A9-363B-4610-985E-7FBE7E72CD3D
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{4BBF489A-0EF5-4F2D-9F10-6BDF06A37AE1}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{59232AD8-C372-4ABF-9A95-6D178D3606BB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8E256A99-D1CD-4775-8174-10E6C012BCC8}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8EE1426C-AD21-4249-A822-8F5D45920740}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amalia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.07.01 13:32:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Extensions
[2012.12.22 17:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\extensions
[2012.12.22 17:51:06 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\firefox\profiles\hgcsgmew.default-1356193177807\extensions\toolbar@web.de.xpi
[2012.12.06 18:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.06 18:38:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.06 18:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.12.06 18:38:24 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.12.06 18:38:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 06:35:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.16 09:53:37 | 000,000,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.23 20:23:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - D:\IEButtonAmazonInterface.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - D:\IEButtonEbayInterface.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Amalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: amazon Suche - D:\Searchamazon.htm ()
O8:64bit: - Extra context menu item: amazon Suche starten - D:\Searchamazon.htm ()
O8:64bit: - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm ()
O8:64bit: - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm ()
O8:64bit: - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm ()
O8:64bit: - Extra context menu item: eBay Suche starten - D:\SearchEbay.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Suche - D:\SearchGoogle.htm ()
O8:64bit: - Extra context menu item: Google Suche starten - D:\SearchGoogle.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: amazon Suche - D:\Searchamazon.htm ()
O8 - Extra context menu item: amazon Suche starten - D:\Searchamazon.htm ()
O8 - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm ()
O8 - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm ()
O8 - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm ()
O8 - Extra context menu item: eBay Suche starten - D:\SearchEbay.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Suche - D:\SearchGoogle.htm ()
O8 - Extra context menu item: Google Suche starten - D:\SearchGoogle.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CE6E1C-4D7C-4B32-AA8B-3D5F48CC0C9B}: DhcpNameServer = 83.169.184.161 83.169.184.225
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.23 22:19:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.23 20:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.23 20:16:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.23 20:16:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.23 20:16:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 20:16:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 20:16:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 19:41:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Amalia\Desktop\tdsskiller.exe
[2012.12.23 19:39:26 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Amalia\Desktop\aswMBR.exe
[2012.12.22 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Malwarebytes
[2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.22 17:19:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.22 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.22 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Yges
[2012.12.22 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Opovr
[2012.12.06 18:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.12.04 17:37:10 | 000,000,000 | ---D | C] -- C:\NVIDIA
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 10:45:25 | 3219,984,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.27 10:36:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000UA.job
[2012.12.27 10:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 08:54:47 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 08:54:47 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.26 21:27:02 | 000,550,017 | ---- | M] () -- C:\Users\Amalia\Desktop\adwcleaner.exe
[2012.12.26 19:36:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000Core.job
[2012.12.23 20:23:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.23 19:41:29 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Amalia\Desktop\tdsskiller.exe
[2012.12.23 19:40:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Amalia\Desktop\aswMBR.exe
[2012.12.22 17:20:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.22 17:20:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.22 17:20:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.22 17:20:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.22 17:20:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.21 13:56:08 | 000,427,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
 
========== Files Created - No Company Name ==========
 
[2012.12.26 21:26:55 | 000,550,017 | ---- | C] () -- C:\Users\Amalia\Desktop\adwcleaner.exe
[2012.12.23 20:16:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.23 20:16:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.23 20:16:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.23 20:16:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.23 20:16:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.01 10:32:26 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2012.03.30 17:06:11 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2012.03.30 17:06:11 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2012.03.30 17:06:11 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll
[2012.03.30 17:06:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpx32.dll
[2012.03.30 17:06:11 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2012.03.30 16:48:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll
[2012.03.30 16:48:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll
[2011.12.17 14:37:52 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.17 14:33:15 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010.05.06 20:40:15 | 000,000,017 | ---- | C] () -- C:\Users\Amalia\AppData\Local\resmon.resmoncfg
[2010.05.04 18:01:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.13 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\1&1 Mail & Media GmbH
[2011.12.17 14:45:04 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\DesktopIconForAmazon
[2011.12.11 11:30:54 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\DVDVideoSoft
[2011.12.11 11:30:48 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.14 12:41:57 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\EPSON
[2012.05.16 09:53:39 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Gutscheinmieze
[2011.02.03 17:02:08 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\ICQ
[2011.01.08 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\IrfanView
[2011.12.17 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\OCS
[2011.12.17 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Opera
[2012.12.22 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Opovr
[2012.09.17 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\PhotoScape
[2012.01.12 17:03:50 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Sony
[2012.08.28 14:28:38 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Thunderbird
[2011.09.14 17:18:25 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\TS3Client
[2010.05.06 19:57:54 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\TuneUp Software
[2012.12.23 20:04:09 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Yges
 
========== Purity Check ==========
 
 

< End of report >

oh war auf quick scan statt scan. nochmal machen?

cosinus · 27.12.2012, 11:03

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{297F7C10-951E-4F69-9E9F-30FA301B3E00}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10399&src=crm&q={searchTerms}&locale=de_NL&apn_ptnrs=^ABX&apn_dtid=^YYYYYY^YY^NL&apn_uid=bc48a339-2861-41cb-98eb-763bf62b7128&apn_sauid=5486F1A9-363B-4610-985E-7FBE7E72CD3D
[2012.05.16 09:53:37 | 000,000,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - D:\IEButtonAmazonInterface.dll ()
O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - D:\IEButtonEbayInterface.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O8:64bit: - Extra context menu item: amazon Suche - D:\Searchamazon.htm ()
O8:64bit: - Extra context menu item: amazon Suche starten - D:\Searchamazon.htm ()
O8:64bit: - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm ()
O8:64bit: - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm ()
O8:64bit: - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm ()
O8:64bit: - Extra context menu item: eBay Suche starten - D:\SearchEbay.htm ()
O8:64bit: - Extra context menu item: Google Suche - D:\SearchGoogle.htm ()
O8:64bit: - Extra context menu item: Google Suche starten - D:\SearchGoogle.htm ()
O8 - Extra context menu item: amazon Suche - D:\Searchamazon.htm ()
O8 - Extra context menu item: amazon Suche starten - D:\Searchamazon.htm ()
O8 - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm ()
O8 - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm ()
O8 - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm ()
O8 - Extra context menu item: eBay Suche starten - D:\SearchEbay.htm ()
O8 - Extra context menu item: Google Suche - D:\SearchGoogle.htm ()
O8 - Extra context menu item: Google Suche starten - D:\SearchGoogle.htm ()
:Files
C:\Users\Amalia\AppData\Roaming\Gutscheinmieze
C:\Users\Amalia\AppData\Roaming\Yges
C:\Users\Amalia\AppData\Roaming\Opovr
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Mamalia · 27.12.2012, 11:16

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e\\| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e\\#| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e\\&| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e\\?| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e\\+| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e\\=| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e\\MenuText| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb\\| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb\\#| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb\\&| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb\\?| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb\\+| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb\\=| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb\\MenuText| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba\\| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba\\#| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba\\&| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba\\?| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba\\+| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba\\=| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba\\MenuText| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay\\| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay\\#| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay\\&| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay\\?| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay\\+| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay\\=| /E : value set successfully!
HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay\\MenuText| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchScopes\{297F7C10-951E-4F69-9E9F-30FA301B3E00}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{297F7C10-951E-4F69-9E9F-30FA301B3E00}\ not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84B94901-3645-4D80-A6B7-4D0050B19455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84B94901-3645-4D80-A6B7-4D0050B19455}\ deleted successfully.
D:\IEButtonAmazonInterface.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD9B7762-DFBC-42B1-BB30-02A78287B456}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD9B7762-DFBC-42B1-BB30-02A78287B456}\ deleted successfully.
D:\IEButtonEbayInterface.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\amazon Suche\ deleted successfully.
D:\Searchamazon.htm moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\amazon Suche starten\ deleted successfully.
File D:\Searchamazon.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\eBay\ not found.
File Mein eBay - D:\SearchEbaymein.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\eBay\ not found.
File Powersuche - D:\SearchEbaypower.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\eBay\ not found.
File Startseite - D:\SearchEbay.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\eBay Suche starten\ deleted successfully.
D:\SearchEbay.htm moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Suche\ deleted successfully.
D:\SearchGoogle.htm moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Suche starten\ deleted successfully.
File D:\SearchGoogle.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\amazon Suche\ not found.
File D:\Searchamazon.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\amazon Suche starten\ not found.
File D:\Searchamazon.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\eBay\ not found.
File Mein eBay - D:\SearchEbaymein.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\eBay\ not found.
File Powersuche - D:\SearchEbaypower.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\eBay\ not found.
File Startseite - D:\SearchEbay.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\eBay Suche starten\ not found.
File D:\SearchEbay.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Suche\ not found.
File D:\SearchGoogle.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Suche starten\ not found.
File D:\SearchGoogle.htm not found.
========== FILES ==========
C:\Users\Amalia\AppData\Roaming\Gutscheinmieze folder moved successfully.
C:\Users\Amalia\AppData\Roaming\Yges folder moved successfully.
C:\Users\Amalia\AppData\Roaming\Opovr folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Amalia\Desktop\Anwendungen\cmd.bat deleted successfully.
C:\Users\Amalia\Desktop\Anwendungen\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Amalia
->Temp folder emptied: 13325701 bytes
->Temporary Internet Files folder emptied: 6047573 bytes
->Java cache emptied: 12598930 bytes
->FireFox cache emptied: 20510087 bytes
->Flash cache emptied: 3090603 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11102524 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 210874 bytes
 
Total Files Cleaned = 64,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 12272012_111236

Files\Folders moved on Reboot...
C:\Users\Amalia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 27.12.2012, 11:16

Sehr schön

Mach bitte ein neues Log mit OTL wie gehabt zur erneuten Kontrolle

Mamalia · 27.12.2012, 11:32

Code:

ATTFilter

OTL logfile created on: 27.12.2012 11:19:39 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Amalia\Desktop\Anwendungen
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,12% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 254,39 Gb Free Space | 84,80% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 539,50 Gb Free Space | 57,92% Space Free | Partition Type: NTFS
Drive E: | 629,50 Gb Total Space | 606,14 Gb Free Space | 96,29% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: AMALIA-PC | User Name: Amalia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Amalia\Desktop\Anwendungen\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
PRC - C:\Windows\vsnp325.exe ()
PRC - C:\Windows\tsnp325.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\vsnp325.exe ()
MOD - C:\Windows\tsnp325.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SNP325) -- C:\Windows\SysNative\drivers\snp325.sys (Sonix Co. Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A4F3E31-641E-4F75-B017-9B931AA6BB6E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{5F59A8CE-D2B8-45D6-9204-8DAEF870D309}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 [binary data]
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e, = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,# = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,& = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,? = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,+ = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,= = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb, = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,# = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,& = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,? = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,= = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba, = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,# = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,& = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,? = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,= = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay, = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{15B4B87A-2861-4246-8E8B-1597293E3F16}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{4BBF489A-0EF5-4F2D-9F10-6BDF06A37AE1}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{59232AD8-C372-4ABF-9A95-6D178D3606BB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8E256A99-D1CD-4775-8174-10E6C012BCC8}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8EE1426C-AD21-4249-A822-8F5D45920740}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amalia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.07.01 13:32:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Extensions
[2012.12.22 17:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\extensions
[2012.12.22 17:51:06 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\firefox\profiles\hgcsgmew.default-1356193177807\extensions\toolbar@web.de.xpi
[2012.12.06 18:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.06 18:38:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.06 18:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.12.06 18:38:24 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.12.06 18:38:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 06:35:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.23 20:23:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Amalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm ()
O8:64bit: - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm ()
O8:64bit: - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm ()
O8 - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm ()
O8 - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CE6E1C-4D7C-4B32-AA8B-3D5F48CC0C9B}: DhcpNameServer = 83.169.184.161 83.169.184.225
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.27 11:12:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.23 22:19:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.23 20:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.23 20:16:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.23 20:16:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.23 20:16:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 20:16:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 20:16:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 19:41:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Amalia\Desktop\tdsskiller.exe
[2012.12.23 19:39:26 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Amalia\Desktop\aswMBR.exe
[2012.12.22 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Malwarebytes
[2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.22 17:19:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.22 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.21 07:41:48 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 07:41:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 07:41:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.21 07:41:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.13 07:52:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 07:52:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 07:52:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 07:52:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 07:52:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 07:52:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 07:52:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 07:52:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 07:52:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 07:52:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 07:52:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 07:52:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 07:52:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 07:52:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 07:52:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 07:41:04 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 07:41:04 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 07:41:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 07:41:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 07:41:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 07:41:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 07:41:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 07:41:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 07:41:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 07:41:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 07:41:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 07:41:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 07:41:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 07:41:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 07:41:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 07:41:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 07:41:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 07:41:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.13 07:40:54 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 07:40:54 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.08 12:45:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.12.08 12:45:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.12.08 12:45:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.12.08 12:45:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.12.08 12:45:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.12.08 12:45:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.12.08 12:45:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.12.08 12:45:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.12.08 12:45:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.12.08 12:45:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.12.08 12:45:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.12.08 12:45:39 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.12.08 12:45:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.12.08 12:45:38 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.12.08 12:45:38 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.12.08 12:45:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.12.08 12:45:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.12.08 12:45:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.12.08 12:45:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.12.08 12:45:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.12.08 12:45:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.12.08 12:45:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.12.08 12:45:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.12.08 12:45:37 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.12.08 12:45:01 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.12.08 12:45:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.12.06 18:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.12.04 17:37:53 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012.12.04 17:37:53 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.12.04 17:37:53 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.12.04 17:37:52 | 026,811,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.12.04 17:37:52 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.12.04 17:37:52 | 020,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.12.04 17:37:52 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.12.04 17:37:52 | 009,271,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.12.04 17:37:52 | 007,819,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.12.04 17:37:52 | 007,446,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.12.04 17:37:52 | 006,149,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.12.04 17:37:52 | 002,784,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.12.04 17:37:52 | 002,606,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.12.04 17:37:52 | 002,226,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.12.04 17:37:52 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.12.04 17:37:10 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.11.30 22:43:52 | 000,438,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 11:21:28 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 11:21:28 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 11:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 11:13:54 | 3219,984,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.27 10:36:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000UA.job
[2012.12.26 21:27:02 | 000,550,017 | ---- | M] () -- C:\Users\Amalia\Desktop\adwcleaner.exe
[2012.12.26 19:36:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000Core.job
[2012.12.23 20:23:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.23 19:41:29 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Amalia\Desktop\tdsskiller.exe
[2012.12.23 19:40:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Amalia\Desktop\aswMBR.exe
[2012.12.22 17:20:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.22 17:20:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.22 17:20:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.22 17:20:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.22 17:20:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.21 13:56:08 | 000,427,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.12 16:20:16 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 16:20:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.03 16:47:14 | 026,811,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.12.03 16:47:14 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.12.03 16:47:14 | 020,335,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.12.03 16:47:14 | 018,045,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.12.03 16:47:14 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.12.03 16:47:14 | 015,122,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.12.03 16:47:14 | 015,016,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.12.03 16:47:14 | 012,603,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.12.03 16:47:14 | 009,271,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.12.03 16:47:14 | 007,819,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.12.03 16:47:14 | 007,446,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.12.03 16:47:14 | 006,149,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.12.03 16:47:14 | 002,816,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.12.03 16:47:14 | 002,784,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.12.03 16:47:14 | 002,606,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.12.03 16:47:14 | 002,496,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.12.03 16:47:14 | 002,226,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.12.03 16:47:14 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.12.03 16:47:14 | 001,805,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.12.03 16:47:14 | 001,504,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.01 06:49:26 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.12.01 06:49:25 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.12.01 06:49:25 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.12.01 06:48:41 | 006,223,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.12.01 06:48:37 | 003,311,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.11.30 22:43:52 | 000,438,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
 
========== Files Created - No Company Name ==========
 
[2012.12.26 21:26:55 | 000,550,017 | ---- | C] () -- C:\Users\Amalia\Desktop\adwcleaner.exe
[2012.12.23 20:16:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.23 20:16:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.23 20:16:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.23 20:16:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.23 20:16:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.01 10:32:26 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2012.03.30 17:06:11 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2012.03.30 17:06:11 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2012.03.30 17:06:11 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll
[2012.03.30 17:06:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpx32.dll
[2012.03.30 17:06:11 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2012.03.30 16:48:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll
[2012.03.30 16:48:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll
[2011.12.17 14:37:52 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.17 14:33:15 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010.05.06 20:40:15 | 000,000,017 | ---- | C] () -- C:\Users\Amalia\AppData\Local\resmon.resmoncfg
[2010.05.04 18:01:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 27.12.2012 11:19:39 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Amalia\Desktop\Anwendungen
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,12% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 254,39 Gb Free Space | 84,80% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 539,50 Gb Free Space | 57,92% Space Free | Partition Type: NTFS
Drive E: | 629,50 Gb Total Space | 606,14 Gb Free Space | 96,29% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: AMALIA-PC | User Name: Amalia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0153A012-A83E-4696-93EF-78471954BE3D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0330F4DD-7DC8-47CD-BB7D-8EFD361D44E6}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe | 
"{041D5C64-2301-4DA7-AE60-7ECBB0A7E1A8}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{0623118B-7FF0-438A-88E8-4B1A4AD3E3A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{07E29018-88DC-403F-97E7-D7C22B74F33B}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe | 
"{149481D4-C49E-4031-9BF3-01FE7E66E968}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14E1BC27-7CD1-4011-BB0C-EB9C530B0758}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{19573F3A-593F-4D5F-A520-9EBE61D74F5F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{1B8BC06A-BC29-40A8-8F82-DF3EDD9C0458}" = rport=139 | protocol=6 | dir=out | app=system | 
"{20B27E73-9F5E-47B2-B3E8-A928BBFA00B0}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{218B14D2-5AC2-443B-8152-C07D82863621}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{22C75A9E-6205-4C63-A598-27704B7F0A3E}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{248FB794-2CA9-46E3-ABDB-949E0618F5B2}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{266F16B1-A4F4-4713-92D3-341ED8D8D2B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2BA1623C-3221-400C-9AA9-2BEA5977B155}" = lport=443 | protocol=6 | dir=in | app=system | 
"{2D1843E7-CD9B-43DD-8486-E65B0FC6A537}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2EBAE9E9-281A-48D2-B12D-13A334B5D7BF}" = lport=10245 | protocol=6 | dir=in | app=system | 
"{304D6EA1-F228-41E4-9B12-E1CE9F38A887}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe | 
"{309B415C-2AA2-4E83-9C0D-168EE44D3ACA}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{3299CA7B-C5A3-431C-B7C2-B796A5A4BC78}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3561E932-B6A7-44B9-969B-4AFA037B8F11}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3806DFE1-DA05-4157-9EE0-F3E0A723F28C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3CAA85A2-38DB-466A-802F-4F9B968D0846}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{44525CC5-1424-4876-B102-6A92F660E67D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{49C9DC27-29C6-4049-A1F4-5ABD7B57ACC4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{500902F4-B382-4F1C-AC50-6D5EB803B7E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59D6DDC3-F6CA-4D84-A614-85D988302C1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F52CDC9-04D8-4610-AC86-3B8FC879867C}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{6DA2723E-1658-495F-BE1F-3D421C96A334}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{6E3893FB-313F-4358-B74A-8B4BE81EADE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{70F4E74B-4E15-4BED-B4C1-1B2A1C1FAEDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7166D1F6-82B8-4A4D-B68D-D189DD241CE8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{72DE9C05-95DD-41F6-AAD4-FCCCF8F96EF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{791F1B98-BC4C-4C9A-816A-A03C62452130}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7AA3A99F-9E96-4FFD-89EF-72C757A38E26}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8146E82A-037B-41CC-8611-69DA711CE05C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{815E0B4E-6B6F-4EB7-A077-065D0AE82D33}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{82858F5A-39D4-41AC-833D-FE8E6C8EA69F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{837AE6B8-85F0-4761-9EFE-6B7A32B99879}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{85D8634D-8310-4ED5-AD96-DD2508B0A826}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe | 
"{8B88D51A-8192-4E08-B1C1-970C1810D0F1}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{8D36CD8E-9FB2-4781-A34E-AFED3F921D80}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{8D8E4621-FCCD-468F-A712-729077152CAC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E84F65E-6B11-40BA-ADE9-A3D2CF36FF7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9401BCD8-8C34-45C9-9356-9DD36CF3CE28}" = lport=445 | protocol=6 | dir=in | app=system | 
"{94286CC8-4494-4402-8A4E-C82DA8A8A6BA}" = lport=80 | protocol=6 | dir=in | app=system | 
"{9D4214AF-0F44-41EF-BD4E-C8E457130C82}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9D8BB10D-32A4-450C-906F-93A0B0BE37F6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A2615FC9-682C-43F4-B309-14B13FEDDF34}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe | 
"{A54902FE-B6BA-484E-920B-0F4EED2B74C4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A83F7ABD-EC45-4695-92E8-66A00A64E33D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AAA54C37-E5A5-478E-9415-7E93CCC7748E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ADEEC9D1-BDCB-41D6-91AC-F3648B4C725C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B0CC6AD2-794D-44ED-B645-AC7F183FFCAD}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{B0F51A19-F62C-4309-BB66-1E2D820F69B2}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe | 
"{B2D92BC4-8ACE-4D83-9190-0E95653C59FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{B4FE0105-FC18-49D2-BC63-B6709865656A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B637CAE5-826D-4072-BF66-B85FA857039B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{BEFE314B-7C55-44A6-AF4F-1EE72E365E29}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{BFF9C548-0A07-482D-94CB-3D8F21B5D6EE}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{C244656D-7439-4A1C-B7B8-733E6E69E171}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CE9ECF38-777C-4311-AF19-F8E54D71BA64}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=%systemroot%\system32\snmptrap.exe | 
"{D48AF527-2134-4669-A304-C15749B74A4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{D5DBC691-4F5F-4B38-90E3-890D1308EB98}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D7DA73AF-8321-42E1-856E-C3ED0B06568A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D8DF24ED-CBB3-4D0C-B107-A2ACD9E7AFD4}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{E9505B57-97F0-4312-8879-971E5B5B738D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EFD79D64-E4EE-460D-8337-0E4FCEBDA78D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{F3A50E6E-4DB5-4FF6-AFF9-04FC21574420}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=%systemroot%\system32\svchost.exe | 
"{F77D1206-A014-4DAA-AAFE-8A4F72D6E540}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FCB2D2CC-C05C-4A38-9609-1F42D04068DA}" = lport=3390 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03240E39-F716-44A3-87B1-897C9CD34456}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{055C56C2-1D73-4654-8E6F-41D34F14B94A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0819228A-A41F-4227-B204-A5348C8394D0}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe | 
"{0BC6B742-4A87-486A-91D2-E811C23C0564}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0D9BBFCF-892B-4323-A7C4-5BDF900F3565}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{0EDF796C-2C75-487E-AAE8-D582A9FE5936}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1063A553-E15E-454D-B6B2-4591FDD06FB0}" = dir=in | app=c:\users\amalia\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{1515667F-004B-425C-AEC3-1F7126B0777D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{16B854BA-470B-4AB8-A4D5-70C6BD7A922D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{230EF796-44FA-4328-872F-7A0A806A730C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{35898413-ABB5-49F0-BB7B-CC7D12C38EDD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3D43A713-4EF1-44BC-9F51-F936345A7F43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{46EE5822-9ABF-4343-A9DB-9354797FF97D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4885A0F5-6C25-465A-815D-3E39F2C9F612}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4C42C775-3A92-4A29-A5D0-8D1B4F6A7B6D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{4DF7099D-304B-40BF-A87D-568B34570538}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4F42BCF2-E5AB-4B65-85C3-FC32C88E4703}" = protocol=17 | dir=in | app=c:\program files (x86)\fujitsu\launchcenter\launchcenter.exe | 
"{551EC3D8-183A-4BAB-AA0F-C69B4059910D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{60DF8CD5-3B50-406A-AFE8-4EEBA0CC4E7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6517C735-F645-4F38-B41F-CF135468A0A7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6B66D56B-6471-4B0D-9136-B911DD136F37}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{73754468-5626-466F-8DF3-561DFEE74C95}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 
"{73E895F3-6123-436F-8FFF-392B00B55E73}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{748F7FED-22C3-4125-9DE9-E9E6A8F54D8C}" = protocol=6 | dir=in | app=%systemroot%\system32\msdtc.exe | 
"{85210534-D8EF-41E3-903B-FC5EF0C52CAB}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe | 
"{8A7A1888-EEED-4ED7-86B6-203A3B4BBF86}" = protocol=6 | dir=in | app=c:\windows\system32\xpsrchvw.exe | 
"{8DBDBD99-06FB-433F-B82D-58CA537FF081}" = protocol=6 | dir=in | app=c:\program files (x86)\fujitsu\launchcenter\launchcenter.exe | 
"{8E2184A5-78DA-4CAF-83C9-3ACB5091871C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{930ADC0C-DEC8-48CB-A266-D91FD8C23993}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe | 
"{980E0017-9691-452E-BF9B-4D1350E70E4E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{9833404E-5ACA-40F1-A695-E1355ACE0D16}" = protocol=17 | dir=in | app=c:\windows\system32\xpsrchvw.exe | 
"{98A7174F-C07D-4A3F-A002-F8B69F90E8BA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{9A22EE72-9CDE-477D-B8E9-FB6A2CCFD259}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A11FB719-EA23-41FD-BAAD-43C2AD22776E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1E7B5A2-1370-457B-A76F-BE539599BA31}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A5C5D733-1917-4E51-9E76-57E38F464AB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A690EA88-792A-4D29-A9C8-E6B8C5A41503}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{A71020A5-F5CC-491D-ADED-F0C43163B127}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe | 
"{A7E27397-D614-4E6C-B043-8F8D3181F1FE}" = protocol=47 | dir=in | app=system | 
"{A980C34B-FDE5-493D-B91C-E70744267DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{AC29A4A7-075D-461C-9F87-47AE8B943BE9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{BE6AE44B-EAC9-409B-AC42-0A7B556C91E3}" = protocol=47 | dir=out | app=system | 
"{BF24DD6B-62ED-41F4-811F-FBFF7E101301}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C4137874-5E55-4332-9BAA-71FB741ED727}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E0E5D289-E0D7-4564-88A6-44D7FEBE32D9}" = protocol=6 | dir=out | app=%systemroot%\system32\msdtc.exe | 
"{E2E68302-31CD-408F-8B7A-1B9C9FE03BED}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E715E7AE-E284-4265-82A9-9EE6CACEF974}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2F77838-0429-4CDD-926C-70056F8A41B6}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 
"{F6545452-E63C-4768-9AD9-732A0B958EFC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{FC683782-83E5-4DC3-A149-5538A8F9A2B8}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"TCP Query User{22B2BEE1-CACE-4E22-BFE7-A3ED87E8678E}E:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{2AFEEEE3-8D60-424E-8EC0-F35F7B620F3B}C:\users\amalia\appdata\roaming\yhzul\umavg.exe" = protocol=6 | dir=in | app=c:\users\amalia\appdata\roaming\yhzul\umavg.exe | 
"TCP Query User{9D30C3DE-380F-4389-9EE3-7EEA74F6DC9E}E:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe" = protocol=6 | dir=in | app=e:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe | 
"UDP Query User{2E638314-4640-4767-A053-D185FAF51186}E:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe" = protocol=17 | dir=in | app=e:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe | 
"UDP Query User{4119BB55-74C8-4553-B8F0-4D1E74E35C73}E:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{E6BF811A-3B5A-4F3E-B259-1965C75B312B}C:\users\amalia\appdata\roaming\yhzul\umavg.exe" = protocol=17 | dir=in | app=c:\users\amalia\appdata\roaming\yhzul\umavg.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON SX410 Series" = Druckerdeinstallation für EPSON SX410 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}" = teXXas
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam RW-100
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Don't Get Angry! 2_is1" = Don't Get Angry! 2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Haushaltsbuch2" = Softwarenetz Haushaltsbuch2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.12.2012 12:54:19 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 6d0    Startzeit: 
01cde064e0341710    Endzeit: 94    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 38124a61-4c58-11e2-b41d-00199977be0c  
 
Error - 22.12.2012 12:55:01 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c38    Startzeit: 
01cde064fcf6bb00    Endzeit: 62    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 512ff291-4c58-11e2-b41d-00199977be0c  
 
Error - 22.12.2012 15:32:21 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11fc    Startzeit:
 01cde07aff676ec8    Endzeit: 124    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 4c0d8079-4c6e-11e2-b41d-00199977be0c  
 
Error - 23.12.2012 02:02:19 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm thunderbird.exe, Version 17.0.0.4703 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 3dc    Startzeit: 01cde0d2a24521b0    Endzeit: 10    Anwendungspfad: 
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe    Berichts-ID: 4d738c71-4cc6-11e2-9e41-00199977be0c

 
Error - 23.12.2012 02:54:22 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0023000a  ID des fehlerhaften
 Prozesses: 0xc6c  Startzeit der fehlerhaften Anwendung: 0x01cde0da5467c6c0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 940e0e60-4ccd-11e2-9e41-00199977be0c
 
Error - 23.12.2012 04:12:38 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f0c    Startzeit: 
01cde0e52f473d98    Endzeit: 172    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 81c0d369-4cd8-11e2-9e41-00199977be0c  
 
Error - 23.12.2012 04:13:26 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ce8    Startzeit: 
01cde0e547fc0a08    Endzeit: 125    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 9ea007d9-4cd8-11e2-9e41-00199977be0c  
 
Error - 23.12.2012 04:16:21 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: IEButtonAmazonInterface.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x06ad9587  ID des fehlerhaften Prozesses: 0x49c  Startzeit der fehlerhaften Anwendung:
 0x01cde0e5999e4358  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\iexplore.exe  Pfad des fehlerhaften Moduls: IEButtonAmazonInterface.dll  Berichtskennung:
 0806d968-4cd9-11e2-9e41-00199977be0c
 
Error - 23.12.2012 14:44:54 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
 Zeitstempel: 0x50b7198b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00144ed8  ID des fehlerhaften
 Prozesses: 0xe1c  Startzeit der fehlerhaften Anwendung: 0x01cde0ed8efd1ca0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 d70c4444-4d30-11e2-9170-00199977be0c
 
Error - 26.12.2012 02:44:48 | Computer Name = Amalia-PC | Source = MsiInstaller | ID = 11609
Description = 
 
[ System Events ]
Error - 29.11.2012 14:55:16 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 05.12.2012 01:09:13 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 05.12.2012 01:09:13 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 16.12.2012 16:11:11 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 23.12.2012 15:16:14 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 23.12.2012 15:20:42 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 23.12.2012 15:22:33 | Computer Name = Amalia-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 23.12.2012 15:23:41 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 24.12.2012 09:10:23 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
   %%1115
 
Error - 27.12.2012 06:12:36 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
 
< End of report >

Mamalia · 27.12.2012, 11:33

Code:

ATTFilter

OTL logfile created on: 27.12.2012 11:19:39 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Amalia\Desktop\Anwendungen
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,12% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 254,39 Gb Free Space | 84,80% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 539,50 Gb Free Space | 57,92% Space Free | Partition Type: NTFS
Drive E: | 629,50 Gb Total Space | 606,14 Gb Free Space | 96,29% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: AMALIA-PC | User Name: Amalia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Amalia\Desktop\Anwendungen\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
PRC - C:\Windows\vsnp325.exe ()
PRC - C:\Windows\tsnp325.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\vsnp325.exe ()
MOD - C:\Windows\tsnp325.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SNP325) -- C:\Windows\SysNative\drivers\snp325.sys (Sonix Co. Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A4F3E31-641E-4F75-B017-9B931AA6BB6E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{5F59A8CE-D2B8-45D6-9204-8DAEF870D309}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 [binary data]
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e, = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,# = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,& = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,? = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,+ = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,= = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb, = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,# = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,& = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,? = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,= = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba, = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,# = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,& = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,? = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,= = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay, = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{15B4B87A-2861-4246-8E8B-1597293E3F16}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{4BBF489A-0EF5-4F2D-9F10-6BDF06A37AE1}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{59232AD8-C372-4ABF-9A95-6D178D3606BB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8E256A99-D1CD-4775-8174-10E6C012BCC8}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8EE1426C-AD21-4249-A822-8F5D45920740}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amalia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.07.01 13:32:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Extensions
[2012.12.22 17:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\extensions
[2012.12.22 17:51:06 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\firefox\profiles\hgcsgmew.default-1356193177807\extensions\toolbar@web.de.xpi
[2012.12.06 18:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.06 18:38:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.06 18:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.12.06 18:38:24 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.12.06 18:38:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 06:35:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.23 20:23:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Amalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm ()
O8:64bit: - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm ()
O8:64bit: - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm ()
O8 - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm ()
O8 - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CE6E1C-4D7C-4B32-AA8B-3D5F48CC0C9B}: DhcpNameServer = 83.169.184.161 83.169.184.225
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.27 11:12:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.23 22:19:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.23 20:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.23 20:16:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.23 20:16:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.23 20:16:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 20:16:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 20:16:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 19:41:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Amalia\Desktop\tdsskiller.exe
[2012.12.23 19:39:26 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Amalia\Desktop\aswMBR.exe
[2012.12.22 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Malwarebytes
[2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.22 17:19:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.22 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.21 07:41:48 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 07:41:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 07:41:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.21 07:41:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.13 07:52:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 07:52:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 07:52:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 07:52:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 07:52:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 07:52:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 07:52:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 07:52:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 07:52:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 07:52:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 07:52:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 07:52:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 07:52:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 07:52:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 07:52:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 07:41:04 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 07:41:04 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 07:41:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 07:41:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 07:41:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 07:41:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 07:41:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 07:41:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 07:41:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 07:41:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 07:41:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 07:41:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 07:41:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 07:41:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 07:41:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 07:41:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 07:41:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 07:41:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.13 07:40:54 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 07:40:54 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.08 12:45:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.12.08 12:45:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.12.08 12:45:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.12.08 12:45:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.12.08 12:45:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.12.08 12:45:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.12.08 12:45:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.12.08 12:45:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.12.08 12:45:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.12.08 12:45:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.12.08 12:45:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.12.08 12:45:39 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.12.08 12:45:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.12.08 12:45:38 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.12.08 12:45:38 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.12.08 12:45:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.12.08 12:45:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.12.08 12:45:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.12.08 12:45:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.12.08 12:45:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.12.08 12:45:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.12.08 12:45:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.12.08 12:45:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.12.08 12:45:37 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.12.08 12:45:01 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.12.08 12:45:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.12.06 18:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.12.04 17:37:53 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012.12.04 17:37:53 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.12.04 17:37:53 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.12.04 17:37:52 | 026,811,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.12.04 17:37:52 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.12.04 17:37:52 | 020,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.12.04 17:37:52 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.12.04 17:37:52 | 009,271,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.12.04 17:37:52 | 007,819,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.12.04 17:37:52 | 007,446,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.12.04 17:37:52 | 006,149,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.12.04 17:37:52 | 002,784,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.12.04 17:37:52 | 002,606,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.12.04 17:37:52 | 002,226,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.12.04 17:37:52 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.12.04 17:37:10 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.11.30 22:43:52 | 000,438,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 11:21:28 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 11:21:28 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 11:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 11:13:54 | 3219,984,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.27 10:36:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000UA.job
[2012.12.26 21:27:02 | 000,550,017 | ---- | M] () -- C:\Users\Amalia\Desktop\adwcleaner.exe
[2012.12.26 19:36:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000Core.job
[2012.12.23 20:23:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.23 19:41:29 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Amalia\Desktop\tdsskiller.exe
[2012.12.23 19:40:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Amalia\Desktop\aswMBR.exe
[2012.12.22 17:20:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.22 17:20:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.22 17:20:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.22 17:20:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.22 17:20:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.21 13:56:08 | 000,427,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.12 16:20:16 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 16:20:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.03 16:47:14 | 026,811,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.12.03 16:47:14 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.12.03 16:47:14 | 020,335,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.12.03 16:47:14 | 018,045,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.12.03 16:47:14 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.12.03 16:47:14 | 015,122,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.12.03 16:47:14 | 015,016,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.12.03 16:47:14 | 012,603,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.12.03 16:47:14 | 009,271,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.12.03 16:47:14 | 007,819,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.12.03 16:47:14 | 007,446,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.12.03 16:47:14 | 006,149,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.12.03 16:47:14 | 002,816,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.12.03 16:47:14 | 002,784,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.12.03 16:47:14 | 002,606,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.12.03 16:47:14 | 002,496,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.12.03 16:47:14 | 002,226,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.12.03 16:47:14 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.12.03 16:47:14 | 001,805,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.12.03 16:47:14 | 001,504,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.01 06:49:26 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.12.01 06:49:25 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.12.01 06:49:25 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.12.01 06:48:41 | 006,223,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.12.01 06:48:37 | 003,311,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.11.30 22:43:52 | 000,438,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
 
========== Files Created - No Company Name ==========
 
[2012.12.26 21:26:55 | 000,550,017 | ---- | C] () -- C:\Users\Amalia\Desktop\adwcleaner.exe
[2012.12.23 20:16:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.23 20:16:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.23 20:16:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.23 20:16:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.23 20:16:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.01 10:32:26 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2012.03.30 17:06:11 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2012.03.30 17:06:11 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2012.03.30 17:06:11 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll
[2012.03.30 17:06:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpx32.dll
[2012.03.30 17:06:11 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2012.03.30 16:48:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll
[2012.03.30 16:48:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll
[2011.12.17 14:37:52 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.17 14:33:15 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010.05.06 20:40:15 | 000,000,017 | ---- | C] () -- C:\Users\Amalia\AppData\Local\resmon.resmoncfg
[2010.05.04 18:01:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 27.12.2012 11:19:39 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Amalia\Desktop\Anwendungen
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,12% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 254,39 Gb Free Space | 84,80% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 539,50 Gb Free Space | 57,92% Space Free | Partition Type: NTFS
Drive E: | 629,50 Gb Total Space | 606,14 Gb Free Space | 96,29% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: AMALIA-PC | User Name: Amalia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0153A012-A83E-4696-93EF-78471954BE3D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0330F4DD-7DC8-47CD-BB7D-8EFD361D44E6}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe | 
"{041D5C64-2301-4DA7-AE60-7ECBB0A7E1A8}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{0623118B-7FF0-438A-88E8-4B1A4AD3E3A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{07E29018-88DC-403F-97E7-D7C22B74F33B}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe | 
"{149481D4-C49E-4031-9BF3-01FE7E66E968}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14E1BC27-7CD1-4011-BB0C-EB9C530B0758}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{19573F3A-593F-4D5F-A520-9EBE61D74F5F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{1B8BC06A-BC29-40A8-8F82-DF3EDD9C0458}" = rport=139 | protocol=6 | dir=out | app=system | 
"{20B27E73-9F5E-47B2-B3E8-A928BBFA00B0}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{218B14D2-5AC2-443B-8152-C07D82863621}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{22C75A9E-6205-4C63-A598-27704B7F0A3E}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{248FB794-2CA9-46E3-ABDB-949E0618F5B2}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{266F16B1-A4F4-4713-92D3-341ED8D8D2B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2BA1623C-3221-400C-9AA9-2BEA5977B155}" = lport=443 | protocol=6 | dir=in | app=system | 
"{2D1843E7-CD9B-43DD-8486-E65B0FC6A537}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2EBAE9E9-281A-48D2-B12D-13A334B5D7BF}" = lport=10245 | protocol=6 | dir=in | app=system | 
"{304D6EA1-F228-41E4-9B12-E1CE9F38A887}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe | 
"{309B415C-2AA2-4E83-9C0D-168EE44D3ACA}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{3299CA7B-C5A3-431C-B7C2-B796A5A4BC78}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3561E932-B6A7-44B9-969B-4AFA037B8F11}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3806DFE1-DA05-4157-9EE0-F3E0A723F28C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3CAA85A2-38DB-466A-802F-4F9B968D0846}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{44525CC5-1424-4876-B102-6A92F660E67D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{49C9DC27-29C6-4049-A1F4-5ABD7B57ACC4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{500902F4-B382-4F1C-AC50-6D5EB803B7E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59D6DDC3-F6CA-4D84-A614-85D988302C1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F52CDC9-04D8-4610-AC86-3B8FC879867C}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{6DA2723E-1658-495F-BE1F-3D421C96A334}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{6E3893FB-313F-4358-B74A-8B4BE81EADE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{70F4E74B-4E15-4BED-B4C1-1B2A1C1FAEDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7166D1F6-82B8-4A4D-B68D-D189DD241CE8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{72DE9C05-95DD-41F6-AAD4-FCCCF8F96EF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{791F1B98-BC4C-4C9A-816A-A03C62452130}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7AA3A99F-9E96-4FFD-89EF-72C757A38E26}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8146E82A-037B-41CC-8611-69DA711CE05C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{815E0B4E-6B6F-4EB7-A077-065D0AE82D33}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{82858F5A-39D4-41AC-833D-FE8E6C8EA69F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{837AE6B8-85F0-4761-9EFE-6B7A32B99879}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{85D8634D-8310-4ED5-AD96-DD2508B0A826}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe | 
"{8B88D51A-8192-4E08-B1C1-970C1810D0F1}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{8D36CD8E-9FB2-4781-A34E-AFED3F921D80}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{8D8E4621-FCCD-468F-A712-729077152CAC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E84F65E-6B11-40BA-ADE9-A3D2CF36FF7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9401BCD8-8C34-45C9-9356-9DD36CF3CE28}" = lport=445 | protocol=6 | dir=in | app=system | 
"{94286CC8-4494-4402-8A4E-C82DA8A8A6BA}" = lport=80 | protocol=6 | dir=in | app=system | 
"{9D4214AF-0F44-41EF-BD4E-C8E457130C82}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9D8BB10D-32A4-450C-906F-93A0B0BE37F6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A2615FC9-682C-43F4-B309-14B13FEDDF34}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe | 
"{A54902FE-B6BA-484E-920B-0F4EED2B74C4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A83F7ABD-EC45-4695-92E8-66A00A64E33D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AAA54C37-E5A5-478E-9415-7E93CCC7748E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ADEEC9D1-BDCB-41D6-91AC-F3648B4C725C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B0CC6AD2-794D-44ED-B645-AC7F183FFCAD}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{B0F51A19-F62C-4309-BB66-1E2D820F69B2}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe | 
"{B2D92BC4-8ACE-4D83-9190-0E95653C59FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{B4FE0105-FC18-49D2-BC63-B6709865656A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B637CAE5-826D-4072-BF66-B85FA857039B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{BEFE314B-7C55-44A6-AF4F-1EE72E365E29}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{BFF9C548-0A07-482D-94CB-3D8F21B5D6EE}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{C244656D-7439-4A1C-B7B8-733E6E69E171}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CE9ECF38-777C-4311-AF19-F8E54D71BA64}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=%systemroot%\system32\snmptrap.exe | 
"{D48AF527-2134-4669-A304-C15749B74A4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{D5DBC691-4F5F-4B38-90E3-890D1308EB98}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{D7DA73AF-8321-42E1-856E-C3ED0B06568A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D8DF24ED-CBB3-4D0C-B107-A2ACD9E7AFD4}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{E9505B57-97F0-4312-8879-971E5B5B738D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EFD79D64-E4EE-460D-8337-0E4FCEBDA78D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{F3A50E6E-4DB5-4FF6-AFF9-04FC21574420}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=%systemroot%\system32\svchost.exe | 
"{F77D1206-A014-4DAA-AAFE-8A4F72D6E540}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FCB2D2CC-C05C-4A38-9609-1F42D04068DA}" = lport=3390 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03240E39-F716-44A3-87B1-897C9CD34456}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{055C56C2-1D73-4654-8E6F-41D34F14B94A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0819228A-A41F-4227-B204-A5348C8394D0}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe | 
"{0BC6B742-4A87-486A-91D2-E811C23C0564}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0D9BBFCF-892B-4323-A7C4-5BDF900F3565}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{0EDF796C-2C75-487E-AAE8-D582A9FE5936}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1063A553-E15E-454D-B6B2-4591FDD06FB0}" = dir=in | app=c:\users\amalia\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{1515667F-004B-425C-AEC3-1F7126B0777D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{16B854BA-470B-4AB8-A4D5-70C6BD7A922D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{230EF796-44FA-4328-872F-7A0A806A730C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{35898413-ABB5-49F0-BB7B-CC7D12C38EDD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3D43A713-4EF1-44BC-9F51-F936345A7F43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{46EE5822-9ABF-4343-A9DB-9354797FF97D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4885A0F5-6C25-465A-815D-3E39F2C9F612}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4C42C775-3A92-4A29-A5D0-8D1B4F6A7B6D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{4DF7099D-304B-40BF-A87D-568B34570538}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4F42BCF2-E5AB-4B65-85C3-FC32C88E4703}" = protocol=17 | dir=in | app=c:\program files (x86)\fujitsu\launchcenter\launchcenter.exe | 
"{551EC3D8-183A-4BAB-AA0F-C69B4059910D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{60DF8CD5-3B50-406A-AFE8-4EEBA0CC4E7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6517C735-F645-4F38-B41F-CF135468A0A7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6B66D56B-6471-4B0D-9136-B911DD136F37}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{73754468-5626-466F-8DF3-561DFEE74C95}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 
"{73E895F3-6123-436F-8FFF-392B00B55E73}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{748F7FED-22C3-4125-9DE9-E9E6A8F54D8C}" = protocol=6 | dir=in | app=%systemroot%\system32\msdtc.exe | 
"{85210534-D8EF-41E3-903B-FC5EF0C52CAB}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe | 
"{8A7A1888-EEED-4ED7-86B6-203A3B4BBF86}" = protocol=6 | dir=in | app=c:\windows\system32\xpsrchvw.exe | 
"{8DBDBD99-06FB-433F-B82D-58CA537FF081}" = protocol=6 | dir=in | app=c:\program files (x86)\fujitsu\launchcenter\launchcenter.exe | 
"{8E2184A5-78DA-4CAF-83C9-3ACB5091871C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{930ADC0C-DEC8-48CB-A266-D91FD8C23993}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe | 
"{980E0017-9691-452E-BF9B-4D1350E70E4E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{9833404E-5ACA-40F1-A695-E1355ACE0D16}" = protocol=17 | dir=in | app=c:\windows\system32\xpsrchvw.exe | 
"{98A7174F-C07D-4A3F-A002-F8B69F90E8BA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{9A22EE72-9CDE-477D-B8E9-FB6A2CCFD259}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A11FB719-EA23-41FD-BAAD-43C2AD22776E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1E7B5A2-1370-457B-A76F-BE539599BA31}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A5C5D733-1917-4E51-9E76-57E38F464AB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A690EA88-792A-4D29-A9C8-E6B8C5A41503}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{A71020A5-F5CC-491D-ADED-F0C43163B127}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe | 
"{A7E27397-D614-4E6C-B043-8F8D3181F1FE}" = protocol=47 | dir=in | app=system | 
"{A980C34B-FDE5-493D-B91C-E70744267DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{AC29A4A7-075D-461C-9F87-47AE8B943BE9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{BE6AE44B-EAC9-409B-AC42-0A7B556C91E3}" = protocol=47 | dir=out | app=system | 
"{BF24DD6B-62ED-41F4-811F-FBFF7E101301}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C4137874-5E55-4332-9BAA-71FB741ED727}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E0E5D289-E0D7-4564-88A6-44D7FEBE32D9}" = protocol=6 | dir=out | app=%systemroot%\system32\msdtc.exe | 
"{E2E68302-31CD-408F-8B7A-1B9C9FE03BED}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E715E7AE-E284-4265-82A9-9EE6CACEF974}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2F77838-0429-4CDD-926C-70056F8A41B6}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 
"{F6545452-E63C-4768-9AD9-732A0B958EFC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{FC683782-83E5-4DC3-A149-5538A8F9A2B8}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"TCP Query User{22B2BEE1-CACE-4E22-BFE7-A3ED87E8678E}E:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{2AFEEEE3-8D60-424E-8EC0-F35F7B620F3B}C:\users\amalia\appdata\roaming\yhzul\umavg.exe" = protocol=6 | dir=in | app=c:\users\amalia\appdata\roaming\yhzul\umavg.exe | 
"TCP Query User{9D30C3DE-380F-4389-9EE3-7EEA74F6DC9E}E:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe" = protocol=6 | dir=in | app=e:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe | 
"UDP Query User{2E638314-4640-4767-A053-D185FAF51186}E:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe" = protocol=17 | dir=in | app=e:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe | 
"UDP Query User{4119BB55-74C8-4553-B8F0-4D1E74E35C73}E:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{E6BF811A-3B5A-4F3E-B259-1965C75B312B}C:\users\amalia\appdata\roaming\yhzul\umavg.exe" = protocol=17 | dir=in | app=c:\users\amalia\appdata\roaming\yhzul\umavg.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON SX410 Series" = Druckerdeinstallation für EPSON SX410 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}" = teXXas
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam RW-100
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Don't Get Angry! 2_is1" = Don't Get Angry! 2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Haushaltsbuch2" = Softwarenetz Haushaltsbuch2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.12.2012 12:54:19 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 6d0    Startzeit: 
01cde064e0341710    Endzeit: 94    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 38124a61-4c58-11e2-b41d-00199977be0c  
 
Error - 22.12.2012 12:55:01 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c38    Startzeit: 
01cde064fcf6bb00    Endzeit: 62    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 512ff291-4c58-11e2-b41d-00199977be0c  
 
Error - 22.12.2012 15:32:21 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11fc    Startzeit:
 01cde07aff676ec8    Endzeit: 124    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 4c0d8079-4c6e-11e2-b41d-00199977be0c  
 
Error - 23.12.2012 02:02:19 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm thunderbird.exe, Version 17.0.0.4703 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 3dc    Startzeit: 01cde0d2a24521b0    Endzeit: 10    Anwendungspfad: 
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe    Berichts-ID: 4d738c71-4cc6-11e2-9e41-00199977be0c

 
Error - 23.12.2012 02:54:22 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0023000a  ID des fehlerhaften
 Prozesses: 0xc6c  Startzeit der fehlerhaften Anwendung: 0x01cde0da5467c6c0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 940e0e60-4ccd-11e2-9e41-00199977be0c
 
Error - 23.12.2012 04:12:38 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f0c    Startzeit: 
01cde0e52f473d98    Endzeit: 172    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 81c0d369-4cd8-11e2-9e41-00199977be0c  
 
Error - 23.12.2012 04:13:26 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ce8    Startzeit: 
01cde0e547fc0a08    Endzeit: 125    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 9ea007d9-4cd8-11e2-9e41-00199977be0c  
 
Error - 23.12.2012 04:16:21 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: IEButtonAmazonInterface.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x06ad9587  ID des fehlerhaften Prozesses: 0x49c  Startzeit der fehlerhaften Anwendung:
 0x01cde0e5999e4358  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\iexplore.exe  Pfad des fehlerhaften Moduls: IEButtonAmazonInterface.dll  Berichtskennung:
 0806d968-4cd9-11e2-9e41-00199977be0c
 
Error - 23.12.2012 14:44:54 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
 Zeitstempel: 0x50b7198b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00144ed8  ID des fehlerhaften
 Prozesses: 0xe1c  Startzeit der fehlerhaften Anwendung: 0x01cde0ed8efd1ca0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 d70c4444-4d30-11e2-9170-00199977be0c
 
Error - 26.12.2012 02:44:48 | Computer Name = Amalia-PC | Source = MsiInstaller | ID = 11609
Description = 
 
[ System Events ]
Error - 29.11.2012 14:55:16 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 05.12.2012 01:09:13 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 05.12.2012 01:09:13 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 16.12.2012 16:11:11 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 23.12.2012 15:16:14 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 23.12.2012 15:20:42 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 23.12.2012 15:22:33 | Computer Name = Amalia-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 23.12.2012 15:23:41 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 24.12.2012 09:10:23 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
   %%1115
 
Error - 27.12.2012 06:12:36 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
 
< End of report >

cosinus · 27.12.2012, 11:35

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Mamalia · 27.12.2012, 12:19

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Amalia :: AMALIA-PC [Administrator]

Schutz: Aktiviert

27.12.2012 12:16:59
mbam-log-2012-12-27 (12-16-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 233722
Laufzeit: 1 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 27.12.2012, 12:47

Ok, wie weit ist ESET?

Mamalia · 27.12.2012, 12:57

eset läuft seit ner halben stunde, müsste bald fertig sein (bin grad am 2. pc)

endlich, nach 3:45 std scan:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=f5019ac5a4f9df4f9017c708ba9ccf56
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-27 03:07:55
# local_time=2012-12-27 04:07:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 98 76395 222044165 69176 0
# compatibility_mode=5893 16776573 100 94 70809 108250725 0 0
# scanned=203217
# found=23
# cleaned=0
# scan_time=13444
C:\Qoobox\Quarantine\C\Users\Amalia\AppData\Roaming\Yhzul\umavg.exe.vir	Win32/Spy.Zbot.AAO trojan (unable to clean)	B88D2173ABFA6CC544221630A8B7C12DDB7327D9	I
C:\Users\Amalia\Downloads\Cossacks_EW_Setup.exe	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	D9417E91B5FFC969C116C9EA4D36086CDDC04495	I
D:\AMALIA-PC\Backup Set 2012-05-20 190003\Backup Files 2012-05-20 190003\Backup files 8.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	2F3CA554E089DA167F6F62F6A27FD14D7F348E21	I
D:\AMALIA-PC\Backup Set 2012-06-03 190002\Backup Files 2012-06-03 190002\Backup files 8.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	F8EB9860B54D71CB06D21A2E354268B21D06E116	I
D:\AMALIA-PC\Backup Set 2012-06-10 190002\Backup Files 2012-06-10 190002\Backup files 4.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	8FF4131EC4F994CA01B6FCFE8839182D76C4667B	I
D:\AMALIA-PC\Backup Set 2012-06-24 190004\Backup Files 2012-06-24 190004\Backup files 8.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	542681799BF1819184A4FE75B0F41E93181490AA	I
D:\AMALIA-PC\Backup Set 2012-07-01 190002\Backup Files 2012-07-01 190002\Backup files 6.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	3CD0177450E25FE78A06A89FE3C595A87BE19DD1	I
D:\AMALIA-PC\Backup Set 2012-07-15 190002\Backup Files 2012-07-15 190002\Backup files 2.zip	multiple threats (unable to clean)	2BCF146F33044807A6FC7650F0E52DF782C0ADD2	I
D:\AMALIA-PC\Backup Set 2012-07-15 190002\Backup Files 2012-07-15 190002\Backup files 4.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	797E1834D9D13288706AB4C79CBF70318E2BDA24	I
D:\AMALIA-PC\Backup Set 2012-08-05 190003\Backup Files 2012-08-05 190003\Backup files 7.zip	multiple threats (unable to clean)	AAF8372D7B4CC6065B65883353972BA603778523	I
D:\AMALIA-PC\Backup Set 2012-08-05 190003\Backup Files 2012-08-05 190003\Backup files 9.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	256077C03DF8B11BFCA3AC29A3176D94038AF456	I
D:\AMALIA-PC\Backup Set 2012-08-26 125942\Backup Files 2012-08-26 125942\Backup files 3.zip	multiple threats (unable to clean)	C9CAFDD32DBDF7CB00E28491874F89E42C25D791	I
D:\AMALIA-PC\Backup Set 2012-08-26 125942\Backup Files 2012-08-26 125942\Backup files 7.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	FAA06E329722B20286A8AA39CE96302E1D39BE56	I
D:\AMALIA-PC\Backup Set 2012-09-03 073438\Backup Files 2012-09-03 073438\Backup files 8.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	27D2287F25AF79731487643CA5D1C9E3613FE26D	I
D:\AMALIA-PC\Backup Set 2012-09-16 190002\Backup Files 2012-09-16 190002\Backup files 9.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	2AA464CCA56954CE2C5D8E5ACA030947158CA01D	I
D:\AMALIA-PC\Backup Set 2012-09-30 190004\Backup Files 2012-09-30 190004\Backup files 9.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	5488ADC38E410AB42232C9E43A1BFA10B334474F	I
D:\AMALIA-PC\Backup Set 2012-09-30 190004\Backup Files 2012-10-07 190009\Backup files 3.zip	JS/Exploit.Pdfka.PVN trojan (unable to clean)	62C5DB88A64A9B088FE3BF96A973D256DFFB734F	I
D:\AMALIA-PC\Backup Set 2012-10-14 190002\Backup Files 2012-10-14 190002\Backup files 9.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	F1D894236F86055969C7618654F81D07DA3331C5	I
D:\AMALIA-PC\Backup Set 2012-10-28 190005\Backup Files 2012-10-28 190005\Backup files 9.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	3BD5473CD4BE287B0EFC07F6D53F979283EE7E0F	I
D:\AMALIA-PC\Backup Set 2012-11-11 190003\Backup Files 2012-11-11 190003\Backup files 8.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	A7AB6F259B839A7FDFAE331ABBA1B00122EBAA65	I
D:\AMALIA-PC\Backup Set 2012-11-25 190003\Backup Files 2012-11-25 190003\Backup files 10.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	DAC96244D3C6E95B0806F0C7E0F1E7EEC7BC4807	I
D:\AMALIA-PC\Backup Set 2012-12-09 190003\Backup Files 2012-12-09 190003\Backup files 10.zip	a variant of Win32/Adware.ToolPlugin.A application (unable to clean)	2288174457264E451F92B839A1181513411FF298	I
D:\AMALIA-PC\Backup Set 2012-12-09 190003\Backup Files 2012-12-23 190003\Backup files 1.zip	Win32/Spy.Zbot.AAO trojan (unable to clean)	E0C10316869DAF5B72ADFF71CD8ED7AE027D549E	I

scheint wohl doch noch etwas mehr gefunden zu haben

26.12.2012, 21:15	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus "Deutsche Post" Aufforderung zur Sendungsabholung Tur mir ja echt Leid, aber es gibt wieder eine neue Version vom adwCleaner Bitte wieder neu runterladen und ein neues Suchlog machen __________________ Logfiles bitte immer in CODE-Tags posten

27.12.2012, 10:56	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus "Deutsche Post" Aufforderung zur Sendungsabholung Wie weit ist OTL? __________________ Logfiles bitte immer in CODE-Tags posten

27.12.2012, 11:16	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus "Deutsche Post" Aufforderung zur Sendungsabholung Sehr schön Mach bitte ein neues Log mit OTL wie gehabt zur erneuten Kontrolle __________________ Logfiles bitte immer in CODE-Tags posten

27.12.2012, 12:47	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus "Deutsche Post" Aufforderung zur Sendungsabholung Ok, wie weit ist ESET? __________________ Logfiles bitte immer in CODE-Tags posten

Virus "Deutsche Post" Aufforderung zur Sendungsabholung

Log-Analyse und Auswertung: Virus "Deutsche Post" Aufforderung zur Sendungsabholung