Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Java/Treams.JO in Quarantäne, PC wieder sicher?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 13.02.2013, 13:17   #1
Hugomatic
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Hallo zusammen,

Ich habe gestern bei einem Routinescan von Avira Internet Security 2012 in meinem Temp Ordner den Virus Java/Treams.JO entdeckt und in Quarantäne gesetzt.
Da ich nicht weiss was der macht und wo der herkommt wollte ich hier um Rat fragen wie ich mir sicher sein kann, dass mein PC nun wieder sicher benutzbar ist (wird u.A. für Banking, Einkäufe etc. verwendet, neu aufsetzen wäre aber eine mittlere Katastrophe ).

Kleine Anmerkung, Ich habe weder vor dem Avira Scan noch danach irgendeine Beeinträchtigung meines PCs durch den Virus gemerkt.

Ich habe nun schon in meinem Aktionismus ein paar Schritte gemacht, die hier im Forum unter http://www.trojaner-board.de/129212-...ereinigen.html beschrieben sind. Z.B. mbar, aswMBR, TDSS-Killer und adwCleaner. Während die ersten drei nichts besonderes gezeigt haben (deswegen kein Log im Beitrag), war adwCleaner ziemlich voll (wohl "Standardmüll", siehe gaaanz unten).

Ansonsten habe ich zu dem Virus garnix gefunden, nichtmal Avira hatte eine Beschreibung davon.

Hier die hoffentlich hilfreichen Logs:

Avira Log:
Code:
ATTFilter
Avira Internet Security 2012
Erstellungsdatum der Reportdatei: Dienstag, 12. Februar 2013  12:04

Es wird nach 4995143 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Holger Marten
Seriennummer   : 2220724714-ISECE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Hugomatic
Computername   : HUGOMATIC-PC

Versionsinformationen:
BUILD.DAT      : 12.1.9.1197    48681 Bytes  11.10.2012 15:22:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  13.11.2012 17:59:36
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  15.05.2012 19:09:17
LUKE.DLL       : 12.3.0.15      68304 Bytes  15.05.2012 19:09:18
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  12.05.2012 13:01:31
AVREG.DLL      : 12.3.0.17     232200 Bytes  12.05.2012 13:01:31
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 12:57:26
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 12:58:05
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 12:58:47
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 12:59:00
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 12:59:12
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 08:06:08
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 11:07:18
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 16:07:53
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 12:11:51
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 12:11:52
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 12:11:52
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 12:11:52
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 12:11:52
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 08:11:34
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 08:11:35
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 16:11:31
VBASE016.VDF   : 7.11.60.178     2048 Bytes  11.02.2013 16:11:32
VBASE017.VDF   : 7.11.60.179     2048 Bytes  11.02.2013 16:11:32
VBASE018.VDF   : 7.11.60.180     2048 Bytes  11.02.2013 16:11:32
VBASE019.VDF   : 7.11.60.181     2048 Bytes  11.02.2013 16:11:32
VBASE020.VDF   : 7.11.60.182     2048 Bytes  11.02.2013 16:11:32
VBASE021.VDF   : 7.11.60.183     2048 Bytes  11.02.2013 16:11:32
VBASE022.VDF   : 7.11.60.184     2048 Bytes  11.02.2013 16:11:32
VBASE023.VDF   : 7.11.60.185     2048 Bytes  11.02.2013 16:11:32
VBASE024.VDF   : 7.11.60.186     2048 Bytes  11.02.2013 16:11:32
VBASE025.VDF   : 7.11.60.187     2048 Bytes  11.02.2013 16:11:32
VBASE026.VDF   : 7.11.60.188     2048 Bytes  11.02.2013 16:11:32
VBASE027.VDF   : 7.11.60.189     2048 Bytes  11.02.2013 16:11:33
VBASE028.VDF   : 7.11.60.190     2048 Bytes  11.02.2013 16:11:33
VBASE029.VDF   : 7.11.60.191     2048 Bytes  11.02.2013 16:11:33
VBASE030.VDF   : 7.11.60.192     2048 Bytes  11.02.2013 16:11:33
VBASE031.VDF   : 7.11.60.214   102400 Bytes  12.02.2013 10:11:28
Engineversion  : 8.2.10.250
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 11:05:15
AESCRIPT.DLL   : 8.1.4.88      471417 Bytes  08.02.2013 08:11:32
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 20:07:53
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 19:05:21
AERDL.DLL      : 8.2.0.88      643444 Bytes  11.01.2013 14:08:02
AEPACK.DLL     : 8.3.1.2       819574 Bytes  20.12.2012 16:07:59
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 16:06:44
AEHEUR.DLL     : 8.1.4.198    5751159 Bytes  08.02.2013 08:11:32
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 15:07:17
AEGEN.DLL      : 8.1.6.16      434549 Bytes  24.01.2013 16:11:23
AEEXP.DLL      : 8.3.0.24      188787 Bytes  11.02.2013 08:11:36
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 11:05:14
AECORE.DLL     : 8.1.30.0      201079 Bytes  13.12.2012 20:07:51
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 16:06:35
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  15.05.2012 19:09:17
AVPREF.DLL     : 12.3.0.32      50720 Bytes  13.11.2012 17:59:36
AVREP.DLL      : 12.3.0.15     179208 Bytes  12.05.2012 13:01:31
AVARKT.DLL     : 12.3.0.33     209696 Bytes  13.11.2012 17:59:34
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  15.05.2012 19:09:17
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  15.05.2012 19:09:18
AVSMTP.DLL     : 12.3.0.32      63992 Bytes  01.08.2012 09:05:32
NETNT.DLL      : 12.3.0.15      17104 Bytes  15.05.2012 19:09:18
RCIMAGE.DLL    : 12.3.0.31    4819704 Bytes  01.08.2012 09:05:26
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  13.11.2012 17:59:31

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 12. Februar 2013  12:04

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_5_502_149_ActiveX.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'AlienFXHook32Mngr.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AlienFusionController.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'PerfTuneService.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'wlansrv.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftservice.EXE' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD8Serv.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'PBN.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'AlienwareAlienFXController.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '44' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1737' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\Users\Hugomatic\AppData\Local\Temp\jar_cache2511743082926785305.tmp
  [0] Archivtyp: ZIP
  --> Asdf3cvR55.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Pesur.BT.1
  --> fYGVBJHGHJH666.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dermit.GU.1
  --> kalibton.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Karamel.CC
  --> qDSJHFJHSDFGDSIKFJHD.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JM
  --> S2394834djskfh.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JN
  --> triton.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RI.3
  --> XLR.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RI.3
  --> ZHJGJG7778HGYU7Y8.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JO

Beginne mit der Desinfektion:
C:\Users\Hugomatic\AppData\Local\Temp\jar_cache2511743082926785305.tmp
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JO
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '564a9f93.qua' verschoben!


Ende des Suchlaufs: Dienstag, 12. Februar 2013  13:07
Benötigte Zeit: 58:09 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  28198 Verzeichnisse wurden überprüft
 726141 Dateien wurden geprüft
      8 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 726133 Dateien ohne Befall
   3760 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 563004 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hugomatic :: HUGOMATIC-PC [Administrator]

Schutz: Aktiviert

13.02.2013 10:31:43
mbam-log-2013-02-13 (10-31-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 380246
Laufzeit: 47 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL:
Code:
ATTFilter
OTL logfile created on: 13.02.2013 12:09:50 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hugomatic\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,54 Gb Available Physical Memory | 75,72% Memory free
11,98 Gb Paging File | 10,14 Gb Available in Paging File | 84,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,04 Gb Total Space | 202,60 Gb Free Space | 44,33% Space Free | Partition Type: NTFS
 
Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hugomatic\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe ()
PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
PRC - C:\Programme\Alienware\Command Center\AlienFXHook32Mngr.exe (Alienware)
PRC - C:\Programme\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
PRC - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.PID0x513.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.74.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.74.0__bebb3c8816410241\AlienwareAlienFXTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.65.0__bebb3c8816410241\AlienLabsTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.65.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.74.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.74.0__bebb3c8816410241\AlienFX.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.74.0__bebb3c8816410241\AlienFX.Communication.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe ()
SRV - (DAUpdaterSvc) -- C:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (AlienFusionService) -- C:\Programme\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV - (XTUService) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys File not found
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AWOPFilterDriver) -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys ()
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh564.sys (Broadcom Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (smbusp) -- C:\Windows\SysNative\drivers\intelsmb.sys (Intel Corporation)
DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (IOCBIOS) -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys (Intel Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienware.com/
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com [binary data]
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{57FEA219-F77E-4D8F-BBBF-74C3C6F4108C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=39EBBF6C-D99A-4A24-A3CD-2B7C94F5A45F&apn_sauid=4F91A191-E256-45FD-85AD-2B5B98174300
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE358
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{787314A1-2B24-4861-8134-B583E6FC6B01}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58e40010-e0c2-11de-bd5e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{58e40010-e0c2-11de-bd5e-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\World of Warcraft Setup.exe"
O33 - MountPoints2\{ba292377-f98c-11df-b299-9444526e6ad1}\Shell - "" = AutoRun
O33 - MountPoints2\{ba292377-f98c-11df-b299-9444526e6ad1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.13 11:59:51 | 000,000,000 | R--D | C] -- C:\Users\Hugomatic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013.02.13 11:25:59 | 000,000,000 | ---D | C] -- C:\Logs
[2013.02.13 10:24:35 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Roaming\Malwarebytes
[2013.02.13 10:24:01 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Local\Programs
[2013.02.12 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.12 17:21:29 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\Desktop\mbar
[2013.02.03 13:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\.pdfsam
[2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic
[2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Split And Merge Basic
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.13 12:07:39 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 12:07:39 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 12:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.13 11:59:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.13 11:59:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.13 11:59:41 | 529,731,583 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.13 11:32:48 | 000,000,000 | ---- | M] () -- C:\Users\Hugomatic\defogger_reenable
[2013.02.13 11:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.12 17:43:21 | 000,034,875 | ---- | M] () -- C:\Users\Hugomatic\Documents\combofix.odt
[2013.02.12 17:13:47 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.12 17:13:47 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.12 17:13:47 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.12 17:13:47 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.12 17:13:47 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.02 16:22:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.13 11:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Hugomatic\defogger_reenable
[2013.02.12 17:43:19 | 000,034,875 | ---- | C] () -- C:\Users\Hugomatic\Documents\combofix.odt
[2012.09.10 15:55:03 | 000,060,304 | ---- | C] () -- C:\Users\Hugomatic\g2mdlhlpx.exe
[2012.09.10 13:03:38 | 004,129,378 | ---- | C] () -- C:\Users\Hugomatic\ProStation Manual.pdf
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.24 11:29:05 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.07.24 11:29:05 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.06.30 17:16:54 | 000,007,607 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\Resmon.ResmonCfg
[2010.02.18 18:08:37 | 000,000,097 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.03.28 19:44:25 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\Canon
[2010.01.06 19:26:53 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\CheckPoint
[2012.08.01 09:13:17 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\OpenOffice.org
[2010.07.13 18:51:16 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\ProtectDisc
[2011.11.04 18:15:57 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\PunkBuster
[2010.03.09 19:27:51 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\Ubisoft
[2012.09.10 12:27:41 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\WH SELFINVEST
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 13.02.2013 08:49:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hugomatic\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,36 Gb Available Physical Memory | 72,82% Memory free
11,98 Gb Paging File | 9,89 Gb Available in Paging File | 82,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,04 Gb Total Space | 205,25 Gb Free Space | 44,91% Space Free | Partition Type: NTFS
 
Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FE80F0-1DCB-4434-A071-B24CBB9C96C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{038164F5-F02D-4BED-8A32-59DEF920335A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{09E79B72-08FF-4913-885F-639105320E43}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | 
"{0FADFCAE-7A0C-4BCC-B0FE-5E18152A6B44}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{1680D63B-07D6-4F25-A340-449681A23D12}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{1A36B73D-2986-49CE-8DDE-EB263103856A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{1E066D5D-DA62-462C-B710-320764406034}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{1EBCA0DD-BAF1-4DEC-9987-BCB994C39051}" = protocol=6 | dir=in | app=c:\dragon age\daoriginslauncher.exe | 
"{20D42473-B6F8-4890-8C0D-1265A4A6D746}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{24DA52CB-20DC-4872-88CE-A70A41E54883}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{25A2D7E8-5030-4E56-B46C-5FB180A6D430}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{29C61B44-0F92-48D1-899B-830EA6020E85}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2BDED0D1-EBC2-4FB7-B63A-D918575E9D69}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{2C34BDFF-9C8F-421F-9D70-11F52E727A38}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{2E2E38E6-0503-448F-9626-360CBBFAA46D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{31321D17-93EB-49C3-B148-3E4D7BCC857A}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe | 
"{351E8D68-0BD1-454D-8505-1F303D74BE45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{35A3D5DF-405B-487F-93D2-C3C1DBAFC4B1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{3BCD4BEE-D4D7-4648-AB69-0DB3651FF166}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe | 
"{4BB1AE14-1D84-427D-A937-0FC8678EEE9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{4C85BDD2-0D82-41F8-9305-A433A96896A2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{541EBEC0-7EF1-47F2-8368-9E57A9664E04}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{566C9EF0-FC8D-45CF-9512-46F6F4BC24F1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5975A1D8-D1B3-4FB8-BB23-B790A48C1A02}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6787D9C8-8B05-4C03-94BA-90C2EF1AF564}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{6B3ABD99-5823-4D03-8FE6-90D7EBD59497}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{747E2F9E-DFC4-4713-9EC1-E9D27AEAE66D}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{7C2E5ED5-10CF-4D26-8932-919FB9DEADA0}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe | 
"{7CD53D4D-E043-4BE7-AD9C-84D1D26F7165}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{7F16A3D2-2126-4A2A-8D75-44A3691EDB7E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{80F546B4-0A9C-4129-A5B9-B87B2BA73997}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{8A9F476D-53ED-427F-9AAA-A9A2470AB342}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe | 
"{8E70EE16-6945-474E-BECE-D624268EE510}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{90FB8D19-9B31-4BB3-B511-67FFF8DC98AA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{92AF711C-CCA8-45F8-887A-C083A6B256DF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{9C715D5C-D04C-4D59-B274-88E538BB1112}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{9F3B501C-5018-4A36-9B3F-60C19F6B0551}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A1A35A1B-2DFE-4677-8BDE-176498E3CF3F}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe | 
"{A24300E5-F2B2-4520-8003-AB4989926DA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A5A50408-D708-4DFA-A69A-085C60D11860}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{ADB92EC1-3DFF-4265-BBBC-744EA4E67D44}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{B3DD45FD-49CB-492B-9B7A-AF8A5DE8F3C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{BDEE0490-78EF-426B-9DCF-98CC87C988BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{C1E53C6C-6C8A-443C-9E59-1A303913D10F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{C23F5C61-E714-4E86-987E-C1C3C0B47572}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{C528B8CC-2716-4191-94EE-328CD78B8969}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{C57DD692-31BF-4FE8-BAF0-470EE31CC575}" = protocol=17 | dir=in | app=c:\dragon age\daoriginslauncher.exe | 
"{C5FBFD34-4A62-45A9-A3E3-2B12C1F64491}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{C699DD47-34A4-46E5-8E8C-139335AA449C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{C9FB4CB7-62B4-406A-BBFE-5BF04DB8694C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{CBC335B8-DFEA-4F73-B01A-6D9C258C9B1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{CBFA15B1-4526-487C-9E7A-97164ED4E920}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{CED8196E-C321-4109-8AC0-F4091C4F84FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{D41DE1CF-E958-4838-8BEC-83738F6E1205}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D764A164-761E-4B99-9C27-8C3F7EABD167}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D76BC965-6156-4D41-A760-613E3159B546}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DB193F07-BEC1-4FE0-8BE8-8D7B9C639E72}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{DB1D4A78-596E-40FA-9653-F6BD5C91B85D}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{DB2219D0-C483-487C-A56A-776EB735D072}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{DFDD853A-4F4E-466E-9F3F-000F2E614EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{E1B0B810-C1B6-41B5-8374-3C7A201E0CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | 
"{E1DF79F8-6374-4758-9707-7C138BC0F484}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{E4C465C6-4124-400F-BA8B-9C4C16E4D6C7}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe | 
"{E581981C-05E2-4CC1-B670-D26DC6E95C2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{E608582A-34AB-425F-9640-6E08315FF407}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E66E66CC-024B-44FB-A069-EE71265C44A8}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{E910728F-F2D6-4877-8D55-17159716557F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{F2149C7F-2987-4A0B-A56C-1619EDCC3DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{F79FC874-B686-4715-8B7A-09E621028FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{35FBBE37-D205-B85B-A072-F306AF0DA6AB}" = ccc-utility64
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B9DBB81-1F48-48B0-8CB3-051311DC73F7}" = Adobe Photoshop Lightroom 2.7 64-bit
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SMBus" = Intel(R) SMBus
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{01F7C7DB-3112-5099-C9E7-DD287AE5CD34}" = CCC Help Greek
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A957041-A0D3-8227-0B1C-34A0B9B4BCE9}" = Catalyst Control Center Graphics Full New
"{0EC66655-20A4-DC5F-3145-B60C54F1BEDC}" = Catalyst Control Center Localization All
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1633A40C-B60C-54A8-79EC-1D83F24F3102}" = CCC Help Russian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D824414-EEA0-8288-A694-ADB2C96C2420}" = Catalyst Control Center Graphics Light
"{1E897CA6-5DA8-449D-5F0F-64473BCF7A92}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{30204391-70DE-706C-1907-50E0CEEEE763}" = CCC Help Spanish
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34E1B3D3-D636-3D6A-8089-CD055365A84D}" = CCC Help Danish
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{481BD864-726E-2B54-1F55-26623C47B9F4}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FF85B8C-4BE5-99FA-895A-7876E3279C0B}" = Catalyst Control Center InstallProxy
"{61CF87C1-172B-3594-0504-69AEB723C61B}" = Catalyst Control Center Graphics Full Existing
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{62AE603D-5599-C19C-1FD6-457B803E86A3}" = Skins
"{62EA3947-00F0-CD3C-B4F1-409D03353E8C}" = CCC Help Norwegian
"{66896432-C843-3937-AFC5-9A753F2ACE55}" = Catalyst Control Center Core Implementation
"{6B388EFD-35DF-AB18-37B6-498784F38C92}" = CCC Help Hungarian
"{6DB66382-0C4E-FEA5-F6B9-037714E7D695}" = CCC Help Chinese Traditional
"{72198521-36AE-472E-EDC1-36E9E66EF706}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{74cc0977-aec9-4d27-8883-888baff04160}" = Nero 9 Essentials
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{818395BC-8C56-9DBB-06DB-7A5C4FAA1EAA}" = CCC Help Polish
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8402C81C-7202-B07E-E556-5DCF9C91A37A}" = CCC Help Italian
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{8C87ECBD-9B68-ABA9-9EB0-2545C2746C3B}" = CCC Help Turkish
"{91A9CEFA-1506-B9BA-1663-1205B55BC51C}" = CCC Help French
"{91EE7DC4-F14A-4A98-B6A9-D2851D9EA213}" = CCC Help English
"{9685F3F9-5581-07A7-90B7-CFF046694FCA}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A933D9C3-56EF-68F4-BECA-05BE7337918F}" = CCC Help German
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{BCBDC685-EF9F-FE17-A5B7-FAD72A41997B}" = CCC Help Japanese
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C20FF6AA-1CE7-ABC5-6B74-2D644731E3D2}" = CCC Help Thai
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D4E45F96-61E5-0C00-8972-228B9BFFB091}" = Catalyst Control Center Graphics Previews Vista
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E26B007E-4F63-6F24-D440-2A509A89C00E}" = Catalyst Control Center Graphics Previews Common
"{E4EE40C4-29E4-D860-78C0-72B9B29C4184}" = CCC Help Czech
"{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC79D1A6-1D7D-B7A3-B113-1591E6CA78DF}" = CCC Help Korean
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F12614C4-BF95-57EC-BFB3-04F934A8ED8A}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{FA5D0718-40E2-7FEE-BB9B-028162A7B2FC}" = CCC Help Chinese Standard
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Diablo III" = Diablo III
"DPP" = Canon Utilities Digital Photo Professional 3.9
"Drakensang_is1" = Drakensang
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"EA Download Manager" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Two Worlds II" = Two Worlds II
"WFTK" = Canon Utilities WFT Utility
"World of Warcraft" = World of Warcraft
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
"InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.02.2013 08:14:43 | Computer Name = Hugomatic-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 77c    Startzeit: 01ce052c944ed2d1    Endzeit: 8    Anwendungspfad: C:\Program
 Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 07.02.2013 10:18:44 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-07,
 15:18:44.0301108 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 08.02.2013 02:57:50 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-08,
 07:57:50.1221000 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 11.02.2013 03:24:37 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-11,
 08:24:37.8419108 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 11.02.2013 10:13:50 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-11,
 15:13:50.1033078 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 12.02.2013 03:14:04 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-12,
 08:14:04.0538929 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 12.02.2013 07:01:46 | Computer Name = Hugomatic-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Wow-64.exe, Version: 5.1.0.16357,
 Zeitstempel: 0x50bd644f  Name des fehlerhaften Moduls: Wow-64.exe, Version: 5.1.0.16357,
 Zeitstempel: 0x50bd644f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000004d6e93
ID
 des fehlerhaften Prozesses: 0x3ec  Startzeit der fehlerhaften Anwendung: 0x01ce08f65f038f32
Pfad
 der fehlerhaften Anwendung: C:\Users\Public\Games\World of Warcraft\Wow-64.exe  Pfad
 des fehlerhaften Moduls: C:\Users\Public\Games\World of Warcraft\Wow-64.exe  Berichtskennung:
 9720347a-7503-11e2-825b-9444526e6ad1
 
Error - 12.02.2013 11:51:55 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-12,
 16:51:55.1197035 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 13.02.2013 03:04:05 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-13,
 08:04:05.0924871 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 13.02.2013 03:39:29 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-13,
 08:39:29.0157028 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
[ System Events ]
Error - 12.02.2013 12:09:55 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.02.2013 12:09:55 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.02.2013 12:09:56 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.02.2013 12:09:56 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.02.2013 03:03:29 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 13.02.2013 03:03:29 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 13.02.2013 03:38:43 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 13.02.2013 03:38:43 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 13.02.2013 03:39:15 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Alienware Fusion Service erreicht.
 
Error - 13.02.2013 03:39:15 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Alienware Fusion Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         
Gmer-Log:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 11:58:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.05.0 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\HUGOMA~1\AppData\Local\Temp\fwriruog.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                     0000000075e01401 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                       0000000075e01419 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                     0000000075e01431 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                     0000000075e0144a 2 bytes [E0, 75]
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                        0000000075e014dd 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                 0000000075e014f5 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                        0000000075e0150d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                 0000000075e01525 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                       0000000075e0153d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                            0000000075e01555 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                     0000000075e0156d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                       0000000075e01585 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                          0000000075e0159d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                       0000000075e015b5 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                     0000000075e015cd 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                 0000000075e016b2 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                 0000000075e016bd 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                              0000000075e01401 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                0000000075e01419 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                              0000000075e01431 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                              0000000075e0144a 2 bytes [E0, 75]
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                 0000000075e014dd 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                          0000000075e014f5 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                 0000000075e0150d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                          0000000075e01525 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                0000000075e0153d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                     0000000075e01555 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                              0000000075e0156d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                0000000075e01585 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                   0000000075e0159d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                0000000075e015b5 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                              0000000075e015cd 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                          0000000075e016b2 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                          0000000075e016bd 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                           00000000725617fa 2 bytes [56, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                       0000000072561860 2 bytes [56, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                     0000000072561942 2 bytes [56, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                    000000007256194d 2 bytes [56, 72]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075e01401 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075e01419 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075e01431 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000075e0144a 2 bytes [E0, 75]
.text  ...                                                                                                                                        * 9
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000075e014dd 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000075e014f5 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000075e0150d 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075e01525 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000075e0153d 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000075e01555 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000075e0156d 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075e01585 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000075e0159d 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000075e015b5 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000075e015cd 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000075e016b2 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000075e016bd 2 bytes [E0, 75]

---- EOF - GMER 2.0 ----
         
adwCleaner:
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 13/02/2013 um 08:35:25 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Hugomatic - HUGOMATIC-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hugomatic\Downloads\adwcleaner0.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\Hugomatic\AppData\Local\APN
Ordner Gefunden : C:\Users\Hugomatic\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Hugomatic\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Hugomatic\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Hugomatic\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5805 octets] - [13/02/2013 08:35:25]

########## EOF - C:\AdwCleaner[R1].txt - [5865 octets] ##########
         

Vielleicht kann mir jemand noch Tipps geben, ob ich noch etwas überprüfen sollte.

Bis dahin
Viele Grüße

 

Themen zu Java/Treams.JO in Quarantäne, PC wieder sicher?
antivir, appdatalow, aswmbr, autorun, avira, bho, browser, canon, desktop, error, februar 2013, firefox, flash player, frage, google, helper, homepage, iexplore.exe, install.exe, internet, internet browser, logfile, neu aufsetzen, object, plug-in, programm, realtek, registrierungsdatenbank, registry, rundll, security, software, virus, windows




Ähnliche Themen: Java/Treams.JO in Quarantäne, PC wieder sicher?


  1. db29.exe. kommt immer wieder trotz virenscan und quarantäne
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (16)
  2. Java - Kann man Java sicher installieren ?
    Diskussionsforum - 30.01.2015 (13)
  3. TR Trash Gen wir jede Stunde gefunden und in Quarantäne verschoben. Erscheint immer wieder
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (5)
  4. 'TR/Sisproc.A.2763' [trojan] gefunden. Angeblich in Quarantäne, kommt dennoch wieder
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (15)
  5. AVIRA hat den Trojaner TR/Matsnu.G in Quarantäne verschoben, reicht das aus? Ist das System wieder sicher?
    Log-Analyse und Auswertung - 13.11.2013 (5)
  6. Nach GVU Trojaner wieder sicher?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2013 (18)
  7. Viren/Trojanerfund Trojan.0Access und JAVA/Treams.IX & Consorten
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (12)
  8. tr/crypt.zpack.gen2 in Quarantäne, ist mein System nun wieder sicher? Oder muss ich weitere Schritte befolgen?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (17)
  9. Fund Java/Dldr.Treams.CX durch AntiVir
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (11)
  10. (crossposting) java/dldr.treams.cq
    Mülltonne - 11.08.2012 (1)
  11. Diverse Trojaner in Quarantäne bei antivir welche daten sind sicher? Analyse vom infiziertem PC?
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (9)
  12. User\*****\AppData\Roaming\appconf32 in Quarantäne, ist mein System wieder sicher?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (1)
  13. JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"?
    Plagegeister aller Art und deren Bekämpfung - 09.11.2011 (19)
  14. VLC ist wieder sicher
    Nachrichten - 13.04.2011 (0)
  15. AntiVir findet 2 Viren: JAVA/OpenConnect.AI und schiebt sie in Quarantäne. Hab ich nun ein problem?
    Log-Analyse und Auswertung - 22.03.2011 (1)
  16. JAVA/Dldr.Agent.D durch Antivir gefunden, in Quarantäne verschoben. Und nun?
    Antiviren-, Firewall- und andere Schutzprogramme - 18.08.2010 (10)
  17. System wieder sicher?
    Mülltonne - 15.06.2008 (0)

Zum Thema Java/Treams.JO in Quarantäne, PC wieder sicher? - Hallo zusammen, Ich habe gestern bei einem Routinescan von Avira Internet Security 2012 in meinem Temp Ordner den Virus Java/Treams.JO entdeckt und in Quarantäne gesetzt. Da ich nicht weiss was - Java/Treams.JO in Quarantäne, PC wieder sicher?...
Archiv
Du betrachtest: Java/Treams.JO in Quarantäne, PC wieder sicher? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.