Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
trojan.ransom und PUM-UserWLoad

trojan.ransom und PUM-UserWLoad


Plagegeister aller Art und deren Bekämpfung: trojan.ransom und PUM-UserWLoad

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 29.01.2013, 00:51   #1
Dexteron
 
trojan.ransom und PUM-UserWLoad - Standard

trojan.ransom und PUM-UserWLoad


Sehr geehrter Trojaner-Board Mensch, welcher sich dieses Themas annehmen wird ,
ich habe auf meinem Pc die beiden Plagegeister trojan.ransom und PUM.UserWLoad. Malwarebytes bekommt die beiden nicht weg, und aswMBR stürzt immer ab..
Ich hoffe mir ist noch zu helfen, aber ich weiß ja dass ihrs drauf habt

Soo nun die gewünschten Infos:
OTL.txt
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 28.01.2013 23:14:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 45,13% Memory free
4,15 Gb Paging File | 2,88 Gb Available in Paging File | 69,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,94 Gb Total Space | 36,07 Gb Free Space | 25,96% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,94 Gb Free Space | 49,41% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.28 23:13:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.01.16 21:09:18 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.30 16:26:37 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2010.12.21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.07.07 09:23:00 | 001,779,952 | ---- | M] () -- C:\Programme\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009.06.03 13:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.11.21 16:23:41 | 002,195,720 | ---- | M] () -- c:\Users\***\Documents\Tobit ClipInc\Server\ClipInc-Server.exe
PRC - [2008.10.04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.09.23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.08.15 22:03:50 | 004,812,664 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Programme\Dell Video Chat\DellVideoChat.exe
PRC - [2008.07.17 13:00:36 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.07.17 13:00:18 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2008.07.17 13:00:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2008.07.17 13:00:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2008.07.17 11:23:04 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2008.07.17 11:23:02 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe
PRC - [2008.07.17 11:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe
PRC - [2008.07.09 14:31:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2008.07.04 14:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Programme\PrintKey2000\Printkey2000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.16 21:09:33 | 003,022,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.01.12 23:20:22 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013.01.10 20:50:19 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\439eccf3a1fb34830a0a38cdf48afa08\System.Web.Services.ni.dll
MOD - [2013.01.10 20:50:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 20:48:58 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll
MOD - [2013.01.10 20:48:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013.01.10 20:48:09 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.10 20:47:28 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
MOD - [2013.01.10 20:47:09 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.10 20:41:40 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 20:39:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.07.07 09:24:00 | 000,369,904 | ---- | M] () -- C:\Programme\Dell DataSafe Online\de\DataSafeOnline.resources.dll
MOD - [2009.07.07 09:24:00 | 000,268,528 | ---- | M] () -- C:\Programme\Dell DataSafe Online\SdbShared.dll
MOD - [2009.07.07 09:24:00 | 000,140,528 | ---- | M] () -- C:\Programme\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009.07.07 09:24:00 | 000,095,472 | ---- | M] () -- C:\Programme\Dell DataSafe Online\SdbUI.dll
MOD - [2009.07.07 09:24:00 | 000,062,704 | ---- | M] () -- C:\Programme\Dell DataSafe Online\de\SdbShared.resources.dll
MOD - [2009.07.07 09:24:00 | 000,046,320 | ---- | M] () -- C:\Programme\Dell DataSafe Online\de\SdbUI.resources.dll
MOD - [2009.07.07 09:23:00 | 001,779,952 | ---- | M] () -- C:\Programme\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009.07.07 09:23:00 | 000,017,648 | ---- | M] () -- C:\Programme\Dell DataSafe Online\CppUtils.dll
MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.10.03 10:18:00 | 000,058,608 | ---- | M] () -- C:\Programme\Dell DataSafe Online\BalloonWindow.dll
MOD - [2008.08.15 22:00:54 | 006,510,416 | ---- | M] () -- C:\Programme\Dell Video Chat\QtGui4.dll
MOD - [2008.08.15 22:00:54 | 001,657,168 | ---- | M] () -- C:\Programme\Dell Video Chat\QtCore4.dll
MOD - [2008.08.15 22:00:54 | 000,396,112 | ---- | M] () -- C:\Programme\Dell Video Chat\QtOpenGL4.dll
MOD - [2008.08.15 22:00:54 | 000,366,928 | ---- | M] () -- C:\Programme\Dell Video Chat\QtNetwork4.dll
MOD - [2008.08.15 22:00:54 | 000,026,960 | ---- | M] () -- C:\Programme\Dell Video Chat\SDL.dll
MOD - [2008.08.05 13:16:20 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.16 21:09:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.12.18 12:19:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.11.21 16:23:41 | 002,195,720 | ---- | M] () [Auto | Running] -- c:\Users\***\Documents\Tobit ClipInc\Server\ClipInc-Server.exe -- (ClipInc001)
SRV - [2008.10.04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008.09.23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.07.17 11:23:02 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe -- (STacSV)
SRV - [2008.07.17 11:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe -- (AESTFilters)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.03.25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009.03.25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009.03.25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009.03.25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009.03.25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.09.22 09:27:02 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008.09.22 09:27:00 | 000,277,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008.08.05 13:16:06 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.07.28 10:46:32 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008.07.18 09:33:42 | 000,113,664 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.07.17 13:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.07.17 11:23:06 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.07.03 09:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008.07.03 09:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.07.03 09:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.05.29 12:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4081218
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=DD539484-EC47-4291-9EC1-E3D1FD34ACD5
IE - HKCU\..\SearchScopes\{03_TL-TELEFONBUCH-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_telefonbuch&q={searchTerms}&affid=1&uid=DD539484-EC47-4291-9EC1-E3D1FD34ACD5
IE - HKCU\..\SearchScopes\{04_TL-AMAZON-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_amazon&q={searchTerms}&affid=1&uid=DD539484-EC47-4291-9EC1-E3D1FD34ACD5
IE - HKCU\..\SearchScopes\{05_TL-EBAY-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_ebay&q={searchTerms}&affid=1&uid=DD539484-EC47-4291-9EC1-E3D1FD34ACD5
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{08_TL-OTTO-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_otto&q={searchTerms}&affid=1&uid=DD539484-EC47-4291-9EC1-E3D1FD34ACD5
IE - HKCU\..\SearchScopes\{09_TL-CLIPFISH-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_clipfish&q={searchTerms}&affid=1&uid=DD539484-EC47-4291-9EC1-E3D1FD34ACD5
IE - HKCU\..\SearchScopes\{10_TL-MYVIDEO-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_myvideo&q={searchTerms}&affid=1&uid=DD539484-EC47-4291-9EC1-E3D1FD34ACD5
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.01.28 20:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.28 22:57:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2008.12.23 21:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.01.28 19:36:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\qnxwygcp.default\extensions
[2012.02.05 20:07:32 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\qnxwygcp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.01.28 23:00:51 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\qnxwygcp.default\searchplugins\icqplugin-4.xml
[2012.09.25 16:07:08 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\qnxwygcp.default\searchplugins\icqplugin-5.xml
[2011.04.17 15:13:12 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\qnxwygcp.default\searchplugins\icqplugin-6.xml
[2009.06.17 13:27:05 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\qnxwygcp.default\searchplugins\icqplugin-7.xml
[2010.01.07 13:53:23 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\qnxwygcp.default\searchplugins\icqplugin-8.xml
[2010.03.05 23:44:16 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\qnxwygcp.default\searchplugins\icqplugin-9.xml
[2013.01.28 22:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.16 21:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.facebook.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.facebook.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll File not found
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BearShare] "C:\Programme\BearShare.exe" /pause File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon File not found
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon File not found
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ClipIncSrvTray] "c:\Users\***\Documents\Tobit ClipInc\Player\ClipIncTray.exe" File not found
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
F3 - HKCU WinNT: Load - (C:\Users\***\LOCALS~1\Temp\msoyorxw.com) -  File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19291416-641F-46D0-89EE-44B4BBEC32F8}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83C9372E-6FC4-4AE8-AF43-BE71E51B7D1E}: DhcpNameServer = 10.72.0.68 10.72.0.69
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6701753b-3fb0-11e1-abeb-002219dae286}\Shell - "" = AutoRun
O33 - MountPoints2\{6701753b-3fb0-11e1-abeb-002219dae286}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7a891983-643b-11e0-aa45-002219dae286}\Shell - "" = AutoRun
O33 - MountPoints2\{7a891983-643b-11e0-aa45-002219dae286}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9420fd63-2391-11df-baf4-002219dae286}\Shell - "" = AutoRun
O33 - MountPoints2\{9420fd63-2391-11df-baf4-002219dae286}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.28 23:17:54 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.01.28 23:13:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.28 23:09:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Desktop
[2013.01.28 20:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.01.28 20:27:59 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.01.28 20:27:57 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.01.28 20:27:49 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.01.28 20:27:48 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.01.28 20:27:45 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.01.28 20:27:37 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.01.28 20:26:52 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.01.28 20:26:52 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.01.28 20:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.01.28 20:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.01.28 18:29:08 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2013.01.28 18:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013.01.28 18:25:50 | 010,747,936 | ---- | C] (McAfee Inc.) -- C:\Users\***\Desktop\Stinger1020964.exe
[2013.01.28 17:57:53 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.01.27 17:47:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.01.27 17:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.27 17:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.27 17:46:55 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.27 17:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.27 17:43:49 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2013.01.26 21:03:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virus
[2013.01.26 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\***\Local Settings
[2013.01.26 17:14:50 | 000,000,000 | RHSD | C] -- C:\Users\***\46357865364647353
[2013.01.20 21:05:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\20. januar
[2013.01.14 21:53:25 | 000,000,000 | ---D | C] -- C:\output
[2013.01.07 16:54:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Silvester '12,'13
[2013.01.06 16:23:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\neu entwickeln
[2013.01.06 12:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.01.05 14:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.05 14:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.05 14:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.05 14:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.02.27 14:25:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeDD84.dll
[2009.01.24 12:52:53 | 008,270,752 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\***\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.28 23:17:54 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.01.28 23:13:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.28 23:13:07 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.28 23:09:34 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.28 22:57:22 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.28 22:54:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2954114490-868814565-2715574302-1000UA.job
[2013.01.28 22:30:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 22:30:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 22:30:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.28 22:30:41 | 2104,340,480 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.28 20:28:01 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.01.28 20:27:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.01.28 20:18:48 | 097,495,576 | ---- | M] () -- C:\Users\***\Desktop\avast_free_antivirus_setup.exe
[2013.01.28 19:03:06 | 000,007,052 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2013.01.28 18:46:48 | 000,000,040 | RH-- | M] () -- C:\Users\***\Desktop\Stinger1020964.opt
[2013.01.28 18:29:08 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2013.01.28 18:27:06 | 010,747,936 | ---- | M] (McAfee Inc.) -- C:\Users\***\Desktop\Stinger1020964.exe
[2013.01.28 17:59:19 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.01.27 21:15:16 | 000,000,082 | ---- | M] () -- C:\Users\***\Desktop\regsicherung1.reg
[2013.01.27 17:49:45 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.27 17:49:45 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.27 17:49:45 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.27 17:49:44 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.27 17:47:06 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.27 17:38:15 | 000,000,000 | -H-- | M] () -- C:\Users\***\AppData\Roaming\winsvcns.sys
[2013.01.27 00:31:15 | 000,151,040 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.26 16:54:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2954114490-868814565-2715574302-1000Core.job
[2013.01.24 18:07:24 | 000,002,049 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2013.01.10 20:32:12 | 000,358,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.05 14:14:50 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.28 23:13:07 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.28 23:09:33 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.28 22:57:22 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.28 20:28:01 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.01.28 20:19:24 | 097,495,576 | ---- | C] () -- C:\Users\***\Desktop\avast_free_antivirus_setup.exe
[2013.01.28 18:46:48 | 000,000,040 | RH-- | C] () -- C:\Users\***\Desktop\Stinger1020964.opt
[2013.01.27 21:15:16 | 000,000,082 | ---- | C] () -- C:\Users\***\Desktop\regsicherung1.reg
[2013.01.27 17:47:06 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.26 17:14:50 | 000,000,000 | -H-- | C] () -- C:\Users\***\AppData\Roaming\winsvcns.sys
[2013.01.06 12:51:36 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2013.01.05 14:14:50 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.05 13:46:49 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.01.05 13:46:49 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2010.08.27 19:16:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.01.02 10:03:51 | 000,007,052 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.01.01 15:47:31 | 000,012,802 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.12.22 20:45:52 | 000,151,040 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.02.02 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.09.14 21:22:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.01.13 15:51:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cornelsen
[2011.01.22 15:21:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.11.07 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.05.10 16:27:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ-Tools.de
[2012.02.03 17:04:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\McLoad
[2009.11.26 15:49:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.02.27 14:32:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2010.02.27 14:16:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Setup
[2009.05.16 10:13:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\soul.im
[2013.01.27 22:30:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2009.01.01 15:47:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2009.01.24 13:56:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

[/CODE]
Extras.txt:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.01.2013 23:14:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 45,13% Memory free
4,15 Gb Paging File | 2,88 Gb Available in Paging File | 69,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,94 Gb Total Space | 36,07 Gb Free Space | 25,96% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,94 Gb Free Space | 49,41% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0193599F-D286-437D-BE28-EE8687E539A8}" = protocol=17 | dir=in | app=c:\users\***\documents\tobit clipinc\server\clipinc-server.exe | 
"{169CB9B0-6293-4B42-8965-88E746E81A5B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"{25094CC9-3117-466D-B30F-17CD60DD71A6}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{2D131686-A82A-425E-85F4-D3E69AB502D4}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{36E80D42-1135-4778-9360-86B010BF6E20}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{38EE09DF-74A3-491A-BB3E-D15CAC70604A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{3D3EB8EF-E2CF-477F-BBB3-3D791ACF9BD9}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{401C132D-37E7-4710-AE08-350C1C6312C4}" = protocol=6 | dir=in | app=c:\users\***\documents\tobit clipinc\player\clipinc-player.exe | 
"{4F0497BB-E158-483C-B80A-B12C2A1959DA}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{51C07114-70E6-4BB6-BB2C-1C5F15722364}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{520F910E-5B5E-49CC-9D79-32D870DFC4F0}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{52CB8223-29DA-4C77-B3DE-C4ACBF571A29}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{6E6AE7EE-3FF5-421A-B1ED-1FBAE98879BD}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{75215738-9DEC-47D8-96FA-C351583104F7}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{7F99E6BF-B926-4CE7-98A7-205E80EE6E1A}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | 
"{93B34AD7-862B-49E5-B9D7-175B96BC6275}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{A33E742B-ADAC-4FCE-8657-6520CE853E00}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"{A787C78F-D9CA-4503-BBC2-F477329FC941}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{A7EDC12D-CE2A-4B48-B962-BA9C09DA5268}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{A801A895-7F88-4485-800B-7F4F5F10109B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{B21B8369-61FE-4CCB-98A5-7D55ADA106AA}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | 
"{C8408309-A2B5-449D-B03C-7B16CB5662DB}" = protocol=17 | dir=in | app=c:\users\***\documents\tobit clipinc\player\clipinc-player.exe | 
"{C8600089-62EF-43C7-9EC9-47A1F3998E9C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{CBD0EEC1-C77E-4556-BD93-0EB46C49D8FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D33D4A53-473E-46D7-BBB1-3ABD9DBCEB45}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D4B80F55-2618-46EE-8CC7-F8E8B28F761C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{D6FC7C22-7D54-4223-99B0-6A634A8D281F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D9673F35-E3E4-449B-9808-414DB71AB664}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{EAF36134-AE48-42B7-B329-4B014FD6BDEC}" = protocol=6 | dir=in | app=c:\users\***\documents\tobit clipinc\server\clipinc-server.exe | 
"{EE5CEE0C-5DDE-40F5-9312-D1E64A547B9D}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{FE2F7BA3-7478-4672-9C69-650BDA5DF11A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{068F327B-A01D-4F74-A8C8-BD94FB98B5A0}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{12BF817C-3DD2-4E6A-A9A6-FB8003D1726E}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
"TCP Query User{7430097C-6260-4092-88BA-EACDDEF1F9BB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{C2344A26-DA2B-4600-962D-8DAD475BDAB1}C:\program files\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare.exe | 
"UDP Query User{39502BB1-A278-4B48-BF7E-967E701C384E}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{5EA6FA3C-7CEA-4CA2-B3E1-9D1354EAC193}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{71CEC233-17A2-4BF2-9099-F8ADB685A4E9}C:\program files\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare.exe | 
"UDP Query User{ADB6D6BB-A86E-4586-9D9A-B34D1C40B111}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{638EBB3E-04BC-40DB-9176-DDEC2C5CB2BC}" = ArcSoft MediaConverter 2.5
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{948A3F91-22EE-4E24-B4E0-BADB972357F4}" = Print Creations
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C833C7B6-1140-471D-932B-391B5CA66D7D}" = Digital Video
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.50.52
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"avast" = avast! Free Antivirus
"BearShare MediaBar" = MediaBar 2.0
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"Canon MP190 series Benutzerregistrierung" = Canon MP190 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.03.01.0825)  
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ffdshow_is1" = ffdshow [rev 1692] [2007-12-09]
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GeoGebra" = GeoGebra
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McLoad Preinstaller" = McLoad Preinstaller
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"MSOffice" = Microsoft Office Professional
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PrintKey2000" = PrintKey2000
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.10
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.01.2013 12:03:46 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.01.2013 12:31:49 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.01.2013 13:14:20 | Computer Name = ***-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aswMBR.exe, Version 0.9.9.1707, Zeitstempel 
0x509be8bf, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000665c9,  Prozess-ID 0x17a8, Anwendungsstartzeit
 01cdfd78e670fdf2.
 
Error - 28.01.2013 13:21:29 | Computer Name = ***-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aswMBR.exe, Version 0.9.9.1707, Zeitstempel 
0x509be8bf, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000665c9,  Prozess-ID 0x1c4, Anwendungsstartzeit
 01cdfd7b0bf2d1f2.
 
Error - 28.01.2013 14:01:43 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.01.2013 14:39:40 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.01.2013 15:03:12 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.01.2013 16:33:50 | Computer Name = ***-Laptop | Source = EventSystem | ID = 4621
Description = 
 
Error - 28.01.2013 16:38:20 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.01.2013 17:32:21 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 25.11.2012 16:51:51 | Computer Name = ***-Laptop | Source = WLAN-Tray | ID = 0
Description = 21:51:51, Sun, Nov 25, 12 Error - User "" does not have administrative
 privileges on this system 
 
Error - 19.01.2013 18:05:26 | Computer Name = ***-Laptop | Source = WLAN-Tray | ID = 0
Description = 23:05:26, Sat, Jan 19, 13 Error - User "" does not have administrative
 privileges on this system 
 
[ System Events ]
Error - 14.10.2010 17:03:33 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 15.10.2010 05:09:01 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 15.10.2010 05:11:48 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 15.10.2010 18:33:07 | Computer Name = ***-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 16.10.2010 05:59:45 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 16.10.2010 06:02:29 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.10.2010 17:38:32 | Computer Name = ***-Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 17.10.2010 12:42:06 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 17.10.2010 12:46:18 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 18.10.2010 06:48:10 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
--- --- ---


[/CODE]

Edit: Gmer- Log passt wegen zeichenbeschränkung nicht mehr rein. Damit das Thema nicht gepusht ausschaut, reiche ich das Log dann nach.

Und vielen Herzlichen Dank schonmal im Vorraus ))

 

Themen zu trojan.ransom und PUM-UserWLoad
antivirus, aswmbr, autorun, avast, bho, bonjour, defender, error, firefox, flash player, format, home, homepage, install.exe, logfile, mozilla, mp3, ntdll.dll, plug-in, registry, rundll, scan, security, senden, server, software, spotify web helper, trojaner-board, udp, vista, wickel, wlan


« RUNDLL Fehler beim laden von c:\program .... | GVU Trojaner eingefangen »


Ähnliche Themen: trojan.ransom und PUM-UserWLoad


  1. PUM.UserWLoad und Trojan.Ransom kann nicht entfernt werden!
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (19)
  2. Trojan.Ransom, Pum.userWload, PuP.Keygm.Intro
    Log-Analyse und Auswertung - 09.09.2013 (23)
  3. Windows 7 , 64Bit: Malwarebytes findet PUM.UserWLoad und Trojan.Ransom
    Log-Analyse und Auswertung - 09.09.2013 (14)
  4. WIN 7: Malwarebytes Anti-Malware meldet "PUM.UserWLoad" & "Trojan.Ransom"
    Log-Analyse und Auswertung - 04.09.2013 (21)
  5. PUM.UserWLoad & Trojan.Ransom - "schrauber"
    Lob, Kritik und Wünsche - 15.07.2013 (0)
  6. PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden
    Log-Analyse und Auswertung - 14.07.2013 (13)
  7. Trojan.Ransom.SUGen/PUM.Hijack.StartMenu/und Trojan Ransom
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (2)
  8. PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (24)
  9. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  10. Bei einem Virencheck pum.userwload und trojan.ransom gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (9)
  11. PUM.UserWload, Trojan.Ramson und TR/Spy.Banker.Gen2
    Log-Analyse und Auswertung - 03.03.2013 (11)
  12. pum.userwload, trojan.agent und trojan.ransom gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (10)
  13. Trojaner: Ransom und PUM.UserWLoad
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (30)
  14. PUM.UserWLoad und Trojan.Agent auch hier
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (9)
  15. 2 Funde Trojan.Ransom.SUGen Trojan.Ransom
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (15)
  16. BKA-Virus, PUM.UserWLoad, Trojan.Delf, Trojan.Ransom.Gen, alles auf einmal
    Log-Analyse und Auswertung - 18.11.2012 (23)
  17. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema trojan.ransom und PUM-UserWLoad - Sehr geehrter Trojaner-Board Mensch, welcher sich dieses Themas annehmen wird , ich habe auf meinem Pc die beiden Plagegeister trojan.ransom und PUM.UserWLoad. Malwarebytes bekommt die beiden nicht weg, und aswMBR - trojan.ransom und PUM-UserWLoad...
Archiv
Du betrachtest: trojan.ransom und PUM-UserWLoad auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27