Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bProtector entdeckt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.05.2013, 10:09   #1
AndiGrüni
 
bProtector entdeckt - Standard

bProtector entdeckt



Hallo
Ich habe Win7 und heute hat mein Virenscanner bProdector auf meinem PC entdeckt.
Ich habe jetzt auch schon OTL runter geladen (habe ich in diesem Forum gelesen) und scanne momentan meinen PC, was soll ich aber als nächstes tun?
Ich hoffe ihr könnt mir helfen.
Ich verstehe auch nicht, wie man so eine Schadsoftware bekommen kann, wenn ich drei Virenscanner laufen habe.
Andi

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.05.2013 11:02:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 42,92% Memory free
7,99 Gb Paging File | 5,35 Gb Available in Paging File | 66,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 87,66 Gb Free Space | 58,48% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 48,29 Gb Free Space | 96,59% Space Free | Partition Type: NTFS
Drive E: | 9,39 Gb Total Space | 9,31 Gb Free Space | 99,08% Space Free | Partition Type: NTFS
Drive F: | 72,11 Gb Total Space | 70,01 Gb Free Space | 97,09% Space Free | Partition Type: NTFS
Drive G: | 400,00 Gb Total Space | 304,02 Gb Free Space | 76,00% Space Free | Partition Type: NTFS
Drive H: | 250,00 Gb Total Space | 72,52 Gb Free Space | 29,01% Space Free | Partition Type: NTFS
Drive I: | 2,84 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 503,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 931,39 Gb Total Space | 807,49 Gb Free Space | 86,70% Space Free | Partition Type: FAT32
Drive L: | 596,17 Gb Total Space | 501,95 Gb Free Space | 84,20% Space Free | Partition Type: NTFS
Drive M: | 931,50 Gb Total Space | 453,18 Gb Free Space | 48,65% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 144,61 Gb Free Space | 15,52% Space Free | Partition Type: NTFS
 
Computer Name: ANDI-PC | User Name: Andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Andi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\recvrsvc.exe (NETGEAR, Inc.)
PRC - C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\receiver.exe (NETGEAR, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Java\jre7\bin\jp2native.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7a89b81a9a5c4a57d2b1b152beb9b481\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\69236ea8029652460eff6fc27bfc742c\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\4ad81d13ef6282ca68c7298e3e9128e9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c206c0d5425bc25640b647ac986fc236\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\45c1597cf0c989dbbfdc5e3cb067306f\WindowsBase.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7ade41f2c08fe2654323fddba67eee1d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f62409df88e3dde635df0808c7177097\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\293b5e60e01e652ae1bf4096bc6e9f9e\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9471a54aa2b06e04f33b3e5dc9dc412a\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll ()
MOD - C:\Users\Andi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qjpeg4.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (recvrsvc.exe) -- C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\recvrsvc.exe (NETGEAR, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.sys (Samsung Electronics)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com
IE - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=578E300EDD63F437B71AC1506281ACDE&q={searchTerms}
IE - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={59874FDD-B2DB-433F-B22E-5358450AE351}&mid=a5f8971e0f2d47398922987989ebdd46-c8e29afefb912fb8a78a11c7131d4dc6feda4c5f&lang=de&ds=wa011&pr=&d=2012-11-19 14:16:25&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001\..\SearchScopes\{A15FD06A-B847-4D06-9D29-96E569255B9E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=072d9e94-b0aa-48a5-827e-562126a618a9&apn_sauid=77E366A6-2F0C-4D5C-B938-371F5C5190F8
IE - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/ig"
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.2
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=578E300EDD63F437B71AC1506281ACDE&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 21:07:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\df1wgprv.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:36:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.25 22:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Extensions
[2013.05.14 20:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\df1wgprv.default\extensions
[2013.02.04 13:26:22 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\df1wgprv.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.05.14 20:29:49 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\df1wgprv.default\extensions\ffxtlbr@delta.com
[2012.09.26 06:16:48 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\df1wgprv.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.11.03 14:54:42 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\df1wgprv.default\extensions\toolbar@ask.com
[2012.12.20 22:19:09 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\df1wgprv.default\extensions\extension@preispilot.com.xpi
[2013.05.10 12:34:49 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\df1wgprv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.17 21:56:32 | 000,002,706 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\df1wgprv.default\searchplugins\askcom.xml
[2013.05.14 20:29:41 | 000,006,505 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\df1wgprv.default\searchplugins\babylon.xml
[2013.05.14 20:29:50 | 000,001,294 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\mozilla\firefox\profiles\df1wgprv.default\searchplugins\delta.xml
[2013.04.11 21:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.18 21:07:46 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
[2013.04.11 21:36:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.26 06:16:47 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2013.01.11 11:49:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.18 21:07:47 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013.01.11 11:49:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.11 11:49:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.11 11:49:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.11 11:49:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.11 11:49:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-2935030211-3573781357-1883900875-1001..\Run: [NETGEARDigitalEntertainer] C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\receiver.exe (NETGEAR, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 195.202.138.3 195.202.128.3 62.40.128.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B1349A-7504-4746-92BE-6962D23E4EEF}: DhcpNameServer = 192.168.2.1 195.202.138.3 195.202.128.3 62.40.128.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E65EDAEC-7622-4E75-B274-7D915CCA79CE}: DhcpNameServer = 192.168.2.1 195.202.138.3 195.202.128.3 62.40.128.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{54579e23-17c0-11e2-88b0-944452eeaa03}\Shell - "" = AutoRun
O33 - MountPoints2\{54579e23-17c0-11e2-88b0-944452eeaa03}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Ad-Aware Antivirus\Definitions)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 10:59:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
[2013.05.17 08:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.05.17 08:04:39 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2013.05.17 08:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.05.17 08:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.05.17 06:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2013.05.17 06:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.05.17 06:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.05.17 06:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.17 06:21:25 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.05.17 06:21:24 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.05.17 06:21:24 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.17 06:21:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.17 06:21:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.17 06:21:15 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.17 06:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.05.15 22:09:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.15 22:09:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.15 22:09:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 22:09:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 22:09:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.15 22:09:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.15 22:09:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.15 22:09:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.15 22:09:39 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 22:09:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.15 22:09:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.15 22:09:39 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 22:09:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 22:09:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 22:09:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.15 09:27:18 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 09:27:18 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 09:27:10 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 09:27:09 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 09:27:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 09:27:09 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 09:27:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.14 20:29:57 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.05.14 20:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.05.14 20:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.05.14 20:29:46 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Delta
[2013.05.14 20:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.05.14 20:29:27 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Babylon
[2013.05.14 20:28:52 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\OpenCandy
[2013.05.14 20:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.05.14 20:27:58 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\DVDVideoSoft
[2013.05.14 20:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.05.14 20:27:08 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\DVDVideoSoft
[2013.05.14 20:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.05.07 15:43:58 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2012.10.24 16:14:47 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\AppFramework.dll
[2012.10.24 16:14:47 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
[2012.10.24 16:14:47 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files (x86)\Common Files\FlickrProvider.dll
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 11:08:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.17 11:00:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
[2013.05.17 10:52:15 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.17 06:21:00 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.17 06:20:55 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.17 06:20:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.17 06:20:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.17 06:20:48 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.05.17 06:20:48 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.05.16 19:43:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 09:00:27 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 09:00:27 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 08:52:14 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.16 08:51:10 | 3219,841,024 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.15 22:36:04 | 000,417,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 22:13:08 | 001,815,296 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.15 22:13:08 | 000,768,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.15 22:13:08 | 000,711,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.15 22:13:08 | 000,173,266 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.15 22:13:08 | 000,141,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 10:08:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 10:08:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.14 22:26:46 | 000,000,084 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013.05.14 20:29:08 | 000,001,311 | ---- | M] () -- C:\Users\Public\Desktop\Free DVD Video Burner.lnk
[2013.05.14 20:29:06 | 000,002,306 | ---- | M] () -- C:\Users\Public\Desktop\Free Video to DVD Converter.lnk
[2013.05.07 21:22:44 | 000,001,602 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\MyMicroBalanceConfig.ini
[2013.05.07 15:43:46 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.04.18 21:14:54 | 000,001,861 | ---- | M] () -- C:\Users\Andi\Desktop\UseNeXT by Tangysoft.lnk
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.14 20:29:08 | 000,001,311 | ---- | C] () -- C:\Users\Public\Desktop\Free DVD Video Burner.lnk
[2013.05.14 20:29:06 | 000,002,306 | ---- | C] () -- C:\Users\Public\Desktop\Free Video to DVD Converter.lnk
[2013.04.18 21:14:54 | 000,001,861 | ---- | C] () -- C:\Users\Andi\Desktop\UseNeXT by Tangysoft.lnk
[2013.03.31 17:21:44 | 000,000,080 | RHS- | C] () -- C:\Windows\FFSSET.BIN
[2013.02.28 16:07:54 | 000,001,602 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\MyMicroBalanceConfig.ini
[2013.01.09 22:05:32 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2012.12.17 21:58:25 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.12.17 21:56:29 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.11.19 15:25:07 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\scronxdrv.dll
[2012.11.19 15:24:58 | 000,000,042 | ---- | C] () -- C:\ProgramData\Rgshf.dll
[2012.11.19 15:24:58 | 000,000,042 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\dtsxadl.drv
[2012.10.24 16:14:47 | 000,402,800 | ---- | C] () -- C:\Program Files (x86)\Common Files\facebook.dll
[2012.10.24 16:14:47 | 000,148,177 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2012.10.24 16:14:47 | 000,130,416 | ---- | C] () -- C:\Program Files (x86)\Common Files\PluginCommon.dll
[2012.10.11 21:35:03 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.10.11 21:34:04 | 000,116,016 | ---- | C] () -- C:\Windows\Wiainst.exe
[2012.10.11 20:48:04 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.10.01 20:43:57 | 000,010,240 | ---- | C] () -- C:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.01 20:43:30 | 000,002,880 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.10.01 20:43:30 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ADB8F6B95A.sys
[2012.09.27 07:02:21 | 000,000,084 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.09.26 00:07:18 | 001,771,198 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.25 21:42:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.26 09:06:40 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ad-Aware Antivirus
[2013.05.13 10:56:08 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Aquamarin Haushaltsbuch
[2013.05.14 20:29:27 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Babylon
[2013.04.12 14:27:58 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\BayOrganizer
[2012.11.19 15:19:37 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Blumentals
[2012.11.19 16:07:35 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\CoffeeCup Software
[2013.05.14 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Delta
[2012.12.17 22:01:33 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DesktopIconForAmazon
[2013.05.16 08:53:10 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Dropbox
[2013.05.14 20:33:24 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DVDVideoSoft
[2012.09.26 12:13:07 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\InfraRecorder
[2012.11.19 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\KompoZer
[2012.11.19 16:09:20 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\kompozer.net
[2012.10.21 15:21:14 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\NETGEAR
[2012.11.16 23:42:42 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Nvu
[2012.12.17 21:56:25 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\OCS
[2013.05.14 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\OpenCandy
[2012.12.17 21:56:33 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Opera
[2013.03.09 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\PhotoScape
[2012.10.07 15:11:07 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Samsung
[2013.03.31 17:18:57 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ulead Systems
[2013.05.14 20:25:59 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\UseNeXT
[2012.11.19 15:46:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Virtual Mechanics
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:3E6508A3B9E55EC7
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:3241321C

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.05.2013 11:02:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 42,92% Memory free
7,99 Gb Paging File | 5,35 Gb Available in Paging File | 66,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 87,66 Gb Free Space | 58,48% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 48,29 Gb Free Space | 96,59% Space Free | Partition Type: NTFS
Drive E: | 9,39 Gb Total Space | 9,31 Gb Free Space | 99,08% Space Free | Partition Type: NTFS
Drive F: | 72,11 Gb Total Space | 70,01 Gb Free Space | 97,09% Space Free | Partition Type: NTFS
Drive G: | 400,00 Gb Total Space | 304,02 Gb Free Space | 76,00% Space Free | Partition Type: NTFS
Drive H: | 250,00 Gb Total Space | 72,52 Gb Free Space | 29,01% Space Free | Partition Type: NTFS
Drive I: | 2,84 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 503,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 931,39 Gb Total Space | 807,49 Gb Free Space | 86,70% Space Free | Partition Type: FAT32
Drive L: | 596,17 Gb Total Space | 501,95 Gb Free Space | 84,20% Space Free | Partition Type: NTFS
Drive M: | 931,50 Gb Total Space | 453,18 Gb Free Space | 48,65% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 144,61 Gb Free Space | 15,52% Space Free | Partition Type: NTFS
 
Computer Name: ANDI-PC | User Name: Andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2935030211-3573781357-1883900875-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Mit Corel PaintShop Pro X5 durchsuchen] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Mit Corel PaintShop Pro X5 durchsuchen] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"49152:UDP" = 49152:UDP:*:Enabled:UDP49152
"49153:UDP" = 49153:UDP:*:Enabled:UDP49153
"49154:UDP" = 49154:UDP:*:Enabled:UDP49154
"49155:UDP" = 49155:UDP:*:Enabled:UDP49155
"49156:TCP" = 49156:TCP:*:Enabled:TCP49156
"49158:TCP" = 49158:TCP:*:Enabled:TCP49158
"49159:TCP" = 49159:TCP:*:Enabled:TCP49159
"" = 
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"" = 
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"49152:UDP" = 49152:UDP:*:Enabled:UDP49152
"49153:UDP" = 49153:UDP:*:Enabled:UDP49153
"49154:UDP" = 49154:UDP:*:Enabled:UDP49154
"49155:UDP" = 49155:UDP:*:Enabled:UDP49155
"49156:TCP" = 49156:TCP:*:Enabled:TCP49156
"49158:TCP" = 49158:TCP:*:Enabled:TCP49158
"49159:TCP" = 49159:TCP:*:Enabled:TCP49159
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sjcmdwiz.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sjcmdwiz.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\receiver.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\receiver.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\tagtool.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\tagtool.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sharefolder.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sharefolder.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"" = 
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\ffmpeg.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\ffmpeg.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- ()
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sjcmdwiz.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sjcmdwiz.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\receiver.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\receiver.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\tagtool.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\tagtool.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sharefolder.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sharefolder.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"" = 
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\ffmpeg.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\ffmpeg.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\receiver.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\receiver.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\tagtool.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\tagtool.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sjcmdwiz.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sjcmdwiz.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sharefolder.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sharefolder.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"" = 
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\ffmpeg.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\ffmpeg.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- ()
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\receiver.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\receiver.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\tagtool.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\tagtool.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sjcmdwiz.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sjcmdwiz.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sharefolder.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\sharefolder.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- (NETGEAR, Inc.)
"" = 
"C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\ffmpeg.exe" = C:\Program Files (x86)\NETGEAR\NETGEAR Digital Entertainer für Windows\ffmpeg.exe:*:Enabled:NETGEAR Digital Entertainer für Windows -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094B6F0A-5353-47EC-91B0-3E861DFDEFA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0A56B2EF-ACF9-48ED-9048-7D748D965A72}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2AE88125-0309-404E-A031-8062C0E415ED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3F7BBF44-EA38-460A-9D85-B754F692B725}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{4004BEDA-30ED-49E0-8654-A923E674E919}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{449530F3-32D6-4FE5-A243-B43B8D383686}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5C3BAA65-D675-45DC-8535-8107C22A17BB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{867EE579-AE61-4123-B880-74AE15D4216A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9D1B9B7E-18A8-41A2-AFA6-56DE42B16054}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ADF5C281-9657-4EAB-A68C-5602C5090328}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B61E13BB-089F-4C4B-9E39-629B89A24D18}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{B92C17BA-4B70-4FB1-BED7-7B0BD39A2AEE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5064061-F790-4CEC-B281-01A88E03A1CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C6F3B807-753C-4884-BEA0-BCA1DC9FA42E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9BE194D-C10D-4E05-959D-4A1A7F9467A1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CCB1961C-951A-4134-B12F-C2F9C409CF06}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CD1B5932-9CC1-495D-A85D-30637B7265E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{D7E562AE-2838-44D6-ADF7-5F14A7A28B78}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DBEB9779-1A6D-41DF-A186-03D8BE0FE919}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DDAF7667-A16A-40C9-BE2D-1F4BAC40BEB8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E1E0B1FF-44AA-44AA-B2FB-E2726A228726}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EB01ADA7-1D3A-40AD-977F-6736307264BE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{ED8DBD94-BFD1-40FF-A20D-B246C18F54A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{FA51CD31-DD70-4411-8A03-E2AF5D811B30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ACE87B-5400-4F14-8271-378403658FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{01AF94BB-BE3C-4602-85DC-F0F9BCA1898C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{04B0E9D4-B556-4281-AAE4-D853FD026B67}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{05734494-D526-4A1F-B3F2-7BF7E8B73883}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{0DEA0C72-16B7-48B1-A040-F76F11976891}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{108DD30D-CA80-40F7-A93B-736CAF619244}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{11F35FE7-3BAA-4199-989B-1895A2F177C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{169F7EA0-8F68-4E9F-8C66-7C68EECF726A}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{17B47F33-9F91-49BD-872D-403763992456}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{17D09616-C069-49DF-BB7F-051E00BED971}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{21600659-926B-4882-9961-CD8BE2DC9709}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{227C25CC-BF09-4019-ABD0-90958AE81DF7}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe | 
"{2A27C3AB-62D1-4F7B-AFC9-BB3016EFC600}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{361BE1A1-3439-4BA4-B1B0-E4661C4121F4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{3BD295EB-FAC0-4C6F-B87B-0A5AF6F4AD9A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{42F38D5A-AB6C-4AF3-A753-B827FD43813A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{4C0C9EBD-6D48-4F51-9B02-2413B3D32C3E}" = protocol=6 | dir=out | app=system | 
"{5129AC59-DA46-4E1E-B8C8-C08DF82B7A23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52FFB8E0-ABF7-46EC-9266-78ACD7710CBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{562A7EB5-7CDB-4C91-8EF3-7D429033BC31}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{57DF57B6-DDC7-402E-8642-013A61E4A977}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe | 
"{6640B715-9A59-4B41-9CAA-55B21FB8A934}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{725E1633-B537-4771-BFE4-B775D500FC37}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8521BD52-46FB-49FE-8ECA-411F123D79B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{94831972-7385-4D5B-B6EA-295B60BAC696}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{96AB1A1B-11B7-4B10-9E58-F862A955F53F}" = protocol=17 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{98AD4ED9-B984-483C-916C-1DDF40F94670}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9CD87FFE-7209-4018-9ED3-74F6BF76C75F}" = protocol=6 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A04D8922-F913-4E82-A4CC-4FEA26C07622}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{A33EDB69-FC2E-42B4-97B8-E267D075D283}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{A86C51E7-C3E2-4324-94F1-50DCE2E6986D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{B1E384FD-63B4-4E4A-A310-6B05644D7C2A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{C03AFAD6-E828-46A0-85C3-3892F344C79F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{D24FB4AB-6298-4B67-A8D9-45B042048EC4}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{D345B525-304A-47AA-BFE0-474CFCB79AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D44780C2-0B51-494F-9C0E-6052178306C8}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{D725A34A-B1FF-410B-B6E3-9E7E4E856887}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{D8C2404A-3264-473E-A399-250244C822D4}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{E2C73CE8-77E3-442E-BC6A-90D154A08430}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{E548C330-F4BF-404E-9B72-585E3D527FEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E558EA51-22F9-4F2A-9BC0-CC15B56801C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EBA50D55-0291-4733-8D3F-C5BB1D742DBB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EC20AD2F-DC6E-4344-9B12-D7CC1527C49A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED2DD0F1-57F5-4775-A03E-8535FB03F7B8}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe | 
"{FA53A580-9E74-4FC4-8BF6-B0C16F0C8205}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe | 
"TCP Query User{01FFA783-A707-4D70-AB49-FC816D904975}C:\program files (x86)\netgear\netgear digital entertainer für windows\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear\netgear digital entertainer für windows\launcher.exe | 
"TCP Query User{72A63BA7-3AAA-4FFC-8D73-AEDCADC99066}C:\program files (x86)\netgear\netgear digital entertainer für windows\receiver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear\netgear digital entertainer für windows\receiver.exe | 
"TCP Query User{94113260-CEB5-401C-83A6-78C46676EBB8}C:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{D9CD0DA5-E0DF-48FB-801E-A91C6426FB36}C:\program files (x86)\netgear\netgear digital entertainer für windows\receiver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear\netgear digital entertainer für windows\receiver.exe | 
"UDP Query User{032D1AA6-F167-4F7E-8D3B-A0F97DCDD99F}C:\program files (x86)\netgear\netgear digital entertainer für windows\receiver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear\netgear digital entertainer für windows\receiver.exe | 
"UDP Query User{28FDC42E-A066-42D7-AA7C-53DFB213F81B}C:\program files (x86)\netgear\netgear digital entertainer für windows\receiver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear\netgear digital entertainer für windows\receiver.exe | 
"UDP Query User{587A1094-AA31-4A74-97A8-B47AEE3FB2FE}C:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8C073C24-06B8-4DA4-BC21-DE31C4003C15}C:\program files (x86)\netgear\netgear digital entertainer für windows\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear\netgear digital entertainer für windows\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1551A29F-B1B0-43CA-90B5-E6E5186F683E}" = PSPPro64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{44D68614-4CE3-E73C-C37B-EB86D440C6B0}" = ccc-utility64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B88F5E68-B0FB-950F-EC6F-82FB18DF3E5D}" = ATI Catalyst Install Manager
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = Corel PaintShop Pro X5
"_{AE4364BD-ED09-4D94-8DA2-315C10A57CD1}" = Ultimate Creative Collection (X5)
"_{BA7B3A61-EB8C-4C70-8179-93DDA248AA49}" = Nik Color Efex Pro 3.0
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{15002A1B-C1E7-4E91-A3EC-5502BF924A32}" = Setup
"{15180A90-1FC0-47E4-A150-3AECEF07B3B6}" = Corel PaintShop Pro X5
"{1522E36C-3739-41E4-8CD3-A4AFEA70086A}" = PSPPContent
"{153DD765-C8C6-4893-8CEF-D965351D82EC}" = PSPPHelp
"{154B0B16-ABCD-4A06-B0B7-8146B7A89B25}" = IPM_PSP_COM
"{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = ICA
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{15DE85E4-17E4-A68B-CECE-CE93AD9EF037}" = CCC Help Greek
"{1AE1CCB0-DF19-44DF-B8C8-8E259F63B028}" = MyMicroBalance
"{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Aquamarin Haushaltsbuch 2.9.2 b
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F55CD48-E84D-AC4D-8A97-70073943AEBC}" = CCC Help Hungarian
"{1FCAD262-FF72-3B35-3B96-7970FA1E71B8}" = Catalyst Control Center Core Implementation
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2819e172-81d5-4113-88bd-4605b02344e0}" = Ad-Aware Antivirus
"{28971D68-1781-FF8F-A29A-C30D9D474F86}" = CCC Help German
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30E230F7-000C-5FF7-B8D5-743952FC8036}" = CCC Help Portuguese
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CC1A849-80D4-8463-F579-D025A47172FB}" = CCC Help Polish
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{592B6EFD-B341-4802-B3B4-A808AF6CC805}" = AKVIS NatureArt
"{63E154E2-A2F9-4126-A8EB-72C139911AFF}" = NETGEAR Digital Entertainer für Windows
"{6B9815F1-E0B1-01D7-D0D3-7AAADDD2FE87}" = Catalyst Control Center Graphics Light
"{6D32C637-6149-CED1-A9F6-330607532674}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7308D4D7-25E4-EC49-1D07-27AE51F50126}" = CCC Help Italian
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{81EFDD8D-CE79-7C0E-EA26-8E8968B29506}" = CCC Help English
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F769654-32F6-3A18-8E7E-35A31446EE47}" = Catalyst Control Center HydraVision Full
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB91D67A-6CE4-8E06-B3A2-BC1B5F812670}" = CCC Help French
"{ABAD283C-0F52-C7EE-4287-9350CA233862}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AE4364BD-ED09-4D94-8DA2-315C10A57CD1}" = Ultimate Creative Collection (X5)
"{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}" = Belkin F7D1102 Surf Wireless Micro USB Adapter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BA7B3A61-EB8C-4C70-8179-93DDA248AA49}" = Nik Color Efex Pro 3.0
"{BF6CF460-40C3-49BA-800A-4B934B6498B1}" = Scan Assistant
"{C58979C6-C75E-D003-1DA4-83267880FA4C}" = Catalyst Control Center Graphics Previews Vista
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E645C441-5D08-5AA2-C841-7F245C65BE9F}" = Catalyst Control Center Localization All
"{E6DED140-000F-177B-F917-8C65BDB7BE6E}" = ccc-core-static
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EB484E7E-B9A3-FC7A-6739-BDFA6F349884}" = Catalyst Control Center Graphics Full Existing
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio 2
"{FF5A6B87-F8AF-C1D0-3D6D-1BF055210508}" = CCC Help Spanish
"7-Zip" = 7-Zip 9.20
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AnyDVD" = AnyDVD
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"BayOrganizer_is1" = BayOrganizer - Deinstallation
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"delta" = Delta toolbar  
"ESET Online Scanner" = ESET Online Scanner v3
"etope Lister_is1" = 1.36
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.24.430
"InfraRecorder" = InfraRecorder
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nature Effects_is1" = Nature Effects
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung SCX-3200 Series" = Samsung SCX-3200 Series
"Security Task Manager" = Security Task Manager 1.8g
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"VLC media player" = VLC media player 0.9.9
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2935030211-3573781357-1883900875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.05.2013 14:37:37 | Computer Name = Andi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "L:\Downloads\SoftonicDownloader_fuer_hamster-free-video-converter.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 14.05.2013 14:37:38 | Computer Name = Andi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "L:\Downloads\SoftonicDownloader_fuer_koyote-free-video-converter.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 15.05.2013 05:52:48 | Computer Name = Andi-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 16.05.2013 14:41:19 | Computer Name = Andi-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 17.05.2013 00:20:19 | Computer Name = Andi-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 BrowserProtect since QueryServiceConfig API failed  System Error: Das System kann 
die angegebene Datei nicht finden.  .
 
Error - 17.05.2013 01:32:33 | Computer Name = Andi-PC | Source = Application Hang | ID = 1002
Description = Programm health_check_gui.exe, Version 2.2.2374.0 kann nicht mehr 
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: f3c    Startzeit: 01ce52b653b6f6d4    Endzeit: 7    Anwendungspfad: C:\Users\Andi\AppData\Local\Temp\68ce7872-0123-4299-aa86-a4707ea6d362\health_check_gui.exe

Berichts-ID:
 284360d5-beb3-11e2-847f-40618601deb7  
 
Error - 17.05.2013 02:06:17 | Computer Name = Andi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 17.05.2013 02:06:32 | Computer Name = Andi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 17.05.2013 02:56:39 | Computer Name = Andi-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
 Datei  H:\Nina\4. Monat\Therme Lutzmannsburg\CIMG4447.JPG.   [ACCESS_VIOLATION Exception!!
 EIP = 0x74937f32]   Bitte Avira informieren und die obige Datei übersenden!
 
Error - 17.05.2013 02:57:45 | Computer Name = Andi-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
 Datei  H:\Nina\6. Monat\CIMG6269.JPG.   [ACCESS_VIOLATION Exception!! EIP = 0x74937f32]

 Bitte Avira informieren und die obige Datei übersenden!
 
[ System Events ]
Error - 05.04.2013 02:43:24 | Computer Name = Andi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 05.04.2013 02:43:24 | Computer Name = Andi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 05.04.2013 02:43:26 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 05.04.2013 14:00:54 | Computer Name = Andi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 06.04.2013 06:39:48 | Computer Name = Andi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 07.04.2013 08:27:18 | Computer Name = Andi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 08.04.2013 03:03:25 | Computer Name = Andi-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 08.04.2013 03:03:25 | Computer Name = Andi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 08.04.2013 03:03:27 | Computer Name = Andi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.04.2013 13:47:34 | Computer Name = Andi-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---

Alt 17.05.2013, 11:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bProtector entdeckt - Standard

bProtector entdeckt



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Antwort

Themen zu bProtector entdeckt
7-zip, avg secure search, avg security toolbar, avira searchfree toolbar, bprodector, bprotector, browserprotect.dll, entdeck, entdeckt, forum, geladen, heute, hoffe, install.exe, laufe, laufen, momentan, plug-in, richtlinie, runter, scan, scanner, schadsoftware, secure search, tan, usenext, virenscan, virenscanner, vtoolbarupdater, win, win7




Ähnliche Themen: bProtector entdeckt


  1. Windows7: TR/BProtector.Gen
    Log-Analyse und Auswertung - 07.06.2014 (12)
  2. TR/BProtector.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (12)
  3. TR/BProtector.Gen
    Log-Analyse und Auswertung - 03.04.2014 (9)
  4. TR/BProtector.gen
    Plagegeister aller Art und deren Bekämpfung - 02.04.2014 (9)
  5. TR/BProtector.Gen
    Log-Analyse und Auswertung - 30.03.2014 (3)
  6. Trojaner TR/BProtector.Gen
    Plagegeister aller Art und deren Bekämpfung - 12.02.2014 (15)
  7. Trojaner TR/BProtector.Gen
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (5)
  8. adware/bprotector.E
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (26)
  9. ADWARE/BHO.Bprotector.1.4
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (15)
  10. Win7 x64 | Bitguard-Trojaner? - BProtector.F , BProtector.E , BHO.Bprotector.1.4
    Log-Analyse und Auswertung - 15.12.2013 (11)
  11. ADWARE/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (43)
  12. Adware/BProtector.E
    Plagegeister aller Art und deren Bekämpfung - 05.12.2013 (6)
  13. APPL/BProtector.Gen
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (2)
  14. PUP.Webcake / Adware BProtector entdeckt
    Log-Analyse und Auswertung - 30.07.2013 (9)
  15. bProtector for Windows
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (13)
  16. bprotector entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2013 (17)
  17. Trojaner entdeckt / gelöscht, am Folgetag neuen entdeckt (Trojan.Downloader, Trojan.Vundo)
    Plagegeister aller Art und deren Bekämpfung - 30.07.2010 (6)

Zum Thema bProtector entdeckt - Hallo Ich habe Win7 und heute hat mein Virenscanner bProdector auf meinem PC entdeckt. Ich habe jetzt auch schon OTL runter geladen (habe ich in diesem Forum gelesen) und scanne - bProtector entdeckt...
Archiv
Du betrachtest: bProtector entdeckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.