Win7 GVU/BKA Trojaner / webcam bild / abgesicherter Modus läuft nicht /

TobiB · 16.07.2013, 22:38

Liebes Trojaner-Board Team.

Ich habe mir vor ner Weile einen GVU / BKA Trojaner eingefangen.
Ich benutze ein Laptop mit win7 64 bit und Ubuntu auf einer weiteren Partition.
Ich habe, bevor ich auf dieses Forum gestoßen bin, versucht von Ubuntu aus die Registry durch
das Registry Backup zu ersetzen um wieder auf mein System zugreifen zu können. Das hat nichts geholfen.
ich habe mir von ubuntu aus frst64 auf den USB-Speicher geladen, (da ich keinen weiteren Rechner zur verfügung habe) und schonmal einen scan vorgenommen.

Jetzt hoffe ich, dass mir einer von euch helfen kann.
Vielen Dank schonmal im Voraus.

hier das logfile von frst64:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 03
Ran by SYSTEM on 16-07-2013 22:27:53
Running from G:\
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] - "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1912832 2012-10-04] (Dominik Reichl)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKU\Tobias\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Tobias\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1561968 2013-05-23] (Samsung)
HKU\Tobias\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [578560 2013-05-22] (Samsung Electronics)
HKU\Tobias\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKU\Tobias\...\Policies\system: [DisableTaskMgr] 1
HKU\Tobias\...\Winlogon: [Shell] explorer.exe,C:\Users\Tobias\AppData\Roaming\skype.dat [59392 2011-11-17] () <==== ATTENTION 

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S2 MSSQL$COCHLEAR; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S2 TwDrvService; C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe [183296 2010-09-08] (3M Touch Systems, Inc.)
S2 TwRegSvc; C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe [44544 2009-11-12] (3M Touch Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 TwBus; C:\Windows\System32\DRIVERS\TwBus.sys [18856 2010-03-01] (3M)
S3 TwTouch; C:\Windows\System32\DRIVERS\TwTouch.sys [112640 2011-05-05] (3M)
S3 fireface; system32\drivers\fireface_64.sys [x]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 20:44 - 2013-07-16 20:44 - 00000000 ____D C:\FRST
2013-07-04 17:43 - 2013-07-04 17:43 - 00000000 ____D C:\.Trash-1000
2013-07-04 15:39 - 2013-07-04 15:39 - 01048576 ___SH C:\Windows\System32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.2.regtrans-ms.back
2013-07-04 15:39 - 2013-07-04 15:39 - 01048576 ___SH C:\Windows\System32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.1.regtrans-ms.back
2013-07-04 15:39 - 2013-07-04 15:39 - 01048576 ___SH C:\Windows\System32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.0.regtrans-ms.back
2013-07-04 15:39 - 2013-07-04 15:39 - 00065536 ___SH C:\Windows\System32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.blf.back
2013-07-04 15:22 - 2013-07-04 20:14 - 00000004 _____ C:\Users\Tobias\AppData\Roaming\skype.ini
2013-07-03 20:13 - 2013-07-04 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-29 23:19 - 2013-06-29 23:19 - 21561344 _____ C:\Users\Tobias\Desktop\BigBeat.wav
2013-06-27 16:59 - 2013-06-27 16:59 - 00000000 ____D C:\Users\Tobias\AppData\Local\{CCCD344E-EABD-41EF-94B7-C42B34223EB8}
2013-06-26 19:30 - 2013-06-26 19:30 - 00000000 ____D C:\Users\Tobias\AppData\Local\{E5CC9112-DBD4-4331-A3CF-95058D3209EB}
2013-06-25 18:56 - 2013-06-25 18:56 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-25 18:52 - 2013-06-25 18:52 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\AVS4YOU
2013-06-25 18:52 - 2013-06-25 18:52 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-25 18:51 - 2012-12-17 14:12 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-06-25 18:51 - 2012-12-17 14:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2013-06-25 18:50 - 2013-06-25 18:54 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-25 18:36 - 2013-06-25 18:56 - 00000000 ____D C:\Users\Tobias\Documents\SelfMV
2013-06-23 21:15 - 2013-06-28 02:04 - 00000000 ____D C:\Users\Tobias\Desktop\DSH
2013-06-22 00:53 - 2013-06-22 00:53 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-22 00:53 - 2013-06-22 00:53 - 00001996 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-22 00:53 - 2013-06-22 00:53 - 00000000 ____D C:\Users\Tobias\Documents\samsung
2013-06-22 00:53 - 2013-06-22 00:53 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Samsung
2013-06-22 00:53 - 2013-06-22 00:53 - 00000000 ____D C:\Users\Tobias\AppData\Local\Samsung
2013-06-22 00:53 - 2013-06-22 00:53 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-22 00:51 - 2013-06-22 00:51 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-22 00:48 - 2013-05-22 19:43 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2013-06-22 00:48 - 2013-05-22 19:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2013-06-22 00:47 - 2013-06-22 00:51 - 00000000 ____D C:\ProgramData\Samsung
2013-06-22 00:47 - 2013-06-22 00:51 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-22 00:37 - 2013-06-22 00:37 - 00000000 ____D C:\Users\Tobias\AppData\Local\Downloaded Installations
2013-06-22 00:23 - 2013-06-22 09:43 - 00000000 ____D C:\Program Files (x86)\No23 Recorder
2013-06-22 00:23 - 2013-06-22 00:23 - 00001061 _____ C:\Users\Public\Desktop\No23 Recorder.lnk
2013-06-22 00:23 - 2013-06-22 00:23 - 00000000 ____D C:\ProgramData\Caphyon

==================== One Month Modified Files and Folders =======

2013-07-16 20:49 - 2010-04-28 03:46 - 01711375 _____ C:\Windows\WindowsUpdate.log
2013-07-16 20:49 - 2009-07-14 05:45 - 00014976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 20:49 - 2009-07-14 05:45 - 00014976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 20:47 - 2009-07-14 18:58 - 00761260 _____ C:\Windows\System32\perfh007.dat
2013-07-16 20:47 - 2009-07-14 18:58 - 00173350 _____ C:\Windows\System32\perfc007.dat
2013-07-16 20:47 - 2009-07-14 06:13 - 01808512 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-16 20:44 - 2013-07-16 20:44 - 00000000 ____D C:\FRST
2013-07-16 20:42 - 2013-03-04 21:17 - 00128488 _____ C:\Users\Polina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-16 20:41 - 2013-03-04 21:17 - 00000000 ___RD C:\Users\Polina\Virtual Machines
2013-07-16 20:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-16 20:41 - 2009-07-14 05:51 - 00101219 _____ C:\Windows\setupact.log
2013-07-04 20:14 - 2013-07-04 15:22 - 00000004 _____ C:\Users\Tobias\AppData\Roaming\skype.ini
2013-07-04 17:43 - 2013-07-04 17:43 - 00000000 ____D C:\.Trash-1000
2013-07-04 16:01 - 2009-07-14 03:34 - 18874368 _____ C:\Windows\System32\config\SYSTEM.back
2013-07-04 16:01 - 2009-07-14 03:34 - 112197632 _____ C:\Windows\System32\config\SOFTWARE.back
2013-07-04 16:01 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\System32\config\DEFAULT.back
2013-07-04 16:01 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\System32\config\SECURITY.back
2013-07-04 16:01 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\System32\config\SAM.back
2013-07-04 15:40 - 2012-07-30 11:21 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Skype
2013-07-04 15:40 - 2010-04-28 19:05 - 00000000 ___RD C:\Users\Tobias\Documents\My Dropbox
2013-07-04 15:40 - 2010-04-28 19:03 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Dropbox
2013-07-04 15:39 - 2013-07-04 15:39 - 01048576 ___SH C:\Windows\System32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.2.regtrans-ms.back
2013-07-04 15:39 - 2013-07-04 15:39 - 01048576 ___SH C:\Windows\System32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.1.regtrans-ms.back
2013-07-04 15:39 - 2013-07-04 15:39 - 01048576 ___SH C:\Windows\System32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.0.regtrans-ms.back
2013-07-04 15:39 - 2013-07-04 15:39 - 00065536 ___SH C:\Windows\System32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.blf.back
2013-07-04 15:39 - 2009-07-14 03:34 - 51118080 _____ C:\Windows\System32\config\components.back
2013-07-04 15:05 - 2012-07-15 23:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 13:13 - 2013-07-03 20:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 13:13 - 2012-04-27 05:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 10:54 - 2012-10-15 16:50 - 00065536 ___SH C:\Windows\System32\config\components{72dadbf1-16df-11e2-9568-00269e9d20bb}.TM.blf.back
2013-07-03 18:06 - 2010-10-26 11:28 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0CA5BF6D-E052-4ADB-A7C2-6ED8E8532722}
2013-06-29 23:19 - 2013-06-29 23:19 - 21561344 _____ C:\Users\Tobias\Desktop\BigBeat.wav
2013-06-28 02:04 - 2013-06-23 21:15 - 00000000 ____D C:\Users\Tobias\Desktop\DSH
2013-06-27 19:05 - 2013-06-12 20:27 - 00000000 ____D C:\Users\Tobias\Desktop\Diamentenindustry
2013-06-27 16:59 - 2013-06-27 16:59 - 00000000 ____D C:\Users\Tobias\AppData\Local\{CCCD344E-EABD-41EF-94B7-C42B34223EB8}
2013-06-27 08:57 - 2010-05-01 15:37 - 00000284 _____ C:\Windows\matlab.ini
2013-06-27 08:13 - 2010-05-01 15:37 - 00000000 ____D C:\Users\Tobias\Documents\MATLAB
2013-06-26 19:30 - 2013-06-26 19:30 - 00000000 ____D C:\Users\Tobias\AppData\Local\{E5CC9112-DBD4-4331-A3CF-95058D3209EB}
2013-06-26 18:09 - 2010-04-29 10:34 - 00059294 _____ C:\Windows\PFRO.log
2013-06-26 18:09 - 2009-07-14 05:45 - 00460504 _____ C:\Windows\System32\FNTCACHE.DAT
2013-06-25 18:56 - 2013-06-25 18:56 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-25 18:56 - 2013-06-25 18:36 - 00000000 ____D C:\Users\Tobias\Documents\SelfMV
2013-06-25 18:54 - 2013-06-25 18:50 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-25 18:52 - 2013-06-25 18:52 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\AVS4YOU
2013-06-25 18:52 - 2013-06-25 18:52 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-25 18:52 - 2010-04-28 04:03 - 00128488 _____ C:\Users\Tobias\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 21:19 - 2013-02-08 14:47 - 00000000 ____D C:\Users\Tobias\Desktop\Polina
2013-06-22 09:43 - 2013-06-22 00:23 - 00000000 ____D C:\Program Files (x86)\No23 Recorder
2013-06-22 00:53 - 2013-06-22 00:53 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-22 00:53 - 2013-06-22 00:53 - 00001996 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-22 00:53 - 2013-06-22 00:53 - 00000000 ____D C:\Users\Tobias\Documents\samsung
2013-06-22 00:53 - 2013-06-22 00:53 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Samsung
2013-06-22 00:53 - 2013-06-22 00:53 - 00000000 ____D C:\Users\Tobias\AppData\Local\Samsung
2013-06-22 00:53 - 2013-06-22 00:53 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-22 00:51 - 2013-06-22 00:51 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-22 00:51 - 2013-06-22 00:47 - 00000000 ____D C:\ProgramData\Samsung
2013-06-22 00:51 - 2013-06-22 00:47 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-22 00:48 - 2010-04-28 12:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-22 00:37 - 2013-06-22 00:37 - 00000000 ____D C:\Users\Tobias\AppData\Local\Downloaded Installations
2013-06-22 00:23 - 2013-06-22 00:23 - 00001061 _____ C:\Users\Public\Desktop\No23 Recorder.lnk
2013-06-22 00:23 - 2013-06-22 00:23 - 00000000 ____D C:\ProgramData\Caphyon

Files to move or delete:
====================
C:\Users\Tobias\AppData\Roaming\skype.dat
C:\Users\Tobias\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-15 01:00:25
Restore point made on: 2013-06-18 20:27:46
Restore point made on: 2013-06-21 20:57:00
Restore point made on: 2013-06-22 00:23:31
Restore point made on: 2013-06-22 00:46:34
Restore point made on: 2013-06-24 23:05:00
Restore point made on: 2013-06-28 06:00:11
Restore point made on: 2013-07-01 21:06:44
Restore point made on: 2013-07-03 18:07:41
Restore point made on: 2013-07-16 20:43:43

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 4092.2 MB
Available physical RAM: 3427.54 MB
Total Pagefile: 4090.35 MB
Available Pagefile: 3418.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:106.93 GB) (Free:12.37 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (Kontakt) (Fixed) (Total:97.66 GB) (Free:26.29 GB) NTFS (Disk=0 Partition=3)
Drive g: (Kindle) (Removable) (Total:3.26 GB) (Free:2.94 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: F1F61A28)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=93 GB) - (Type=05)

========================================================
Disk: 1 (Size: 3 GB) (Disk ID: 00000003)
Partition 1: (Not Active) - (Size=3 GB) - (Type=0B)


LastRegBack: 2013-07-03 13:28

==================== End Of Log ============================

cosinus · 17.07.2013, 01:02

Hallo und

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Tobias\...\Policies\system: [DisableTaskMgr] 1
HKU\Tobias\...\Winlogon: [Shell] explorer.exe,C:\Users\Tobias\AppData\Roaming\skype.dat [59392 2011-11-17] () <==== ATTENTION
C:\Users\Tobias\AppData\Roaming\skype.dat
C:\Users\Tobias\AppData\Roaming\skype.ini

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

TobiB · 17.07.2013, 19:18

Danke für die schnelle Hilfe soweit. Ich habe den Fix durchgeführt.
Hier ist das Logfile:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-07-2013 03
Ran by SYSTEM at 2013-07-17 20:13:38 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKU\Tobias\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => Value deleted successfully.
HKU\Tobias\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Tobias\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Tobias\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====

cosinus · 18.07.2013, 02:00

Läuft der Rechner nach dem Fix auch wieder normal? Wenn ja:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

TobiB · 18.07.2013, 08:43

Hat geklappt.

FRST.txt:

[CODE]
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 03
Ran by Tobias (administrator) on 18-07-2013 09:32:43
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(3M Touch Systems, Inc.) C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe
(3M Touch Systems, Inc.) C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
MountPoints2: G - G:\AutoRun.exe
MountPoints2: {00a339dd-cbcc-11df-b869-00269e9d20bb} - G:\AutoRun.exe
MountPoints2: {00a339e0-cbcc-11df-b869-00269e9d20bb} - G:\AutoRun.exe
MountPoints2: {00a339f6-cbcc-11df-b869-00269e9d20bb} - G:\AutoRun.exe
MountPoints2: {29cc745d-9339-11df-ad55-00269e9d20bb} - G:\AutoRun.exe
MountPoints2: {29cc746b-9339-11df-ad55-00269e9d20bb} - G:\AutoRun.exe
HKLM-x32\...\Run: [UCam_Menu] - "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1912832 2012-10-04] (Dominik Reichl)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {ff88a983-649d-4207-9336-9b999280b436} -  No File
HKLM-x32 SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
SearchScopes: HKCU - {643B9224-F29B-4E9A-A9FA-F3C35CEA6F43} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SFT_de3 Toolbar - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - SFT_de3 Toolbar - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default Manager - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\Extensions\DefaultManager@Microsoft
FF Extension: SFT_de3 Community Toolbar - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\Extensions\{ff88a983-649d-4207-9336-9b999280b436}
FF Extension: zotero - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\Extensions\zotero@chnm.gmu.edu.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 MSSQL$COCHLEAR; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 TwDrvService; C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe [183296 2010-09-08] (3M Touch Systems, Inc.)
R2 TwRegSvc; C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe [44544 2009-11-12] (3M Touch Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 TwBus; C:\Windows\System32\DRIVERS\TwBus.sys [18856 2010-03-01] (3M)
S3 TwTouch; C:\Windows\System32\DRIVERS\TwTouch.sys [112640 2011-05-05] (3M)
S3 fireface; system32\drivers\fireface_64.sys [x]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 21:44 - 2013-07-16 21:44 - 00000000 ____D C:\FRST
2013-07-04 18:43 - 2013-07-04 18:43 - 00000000 ____D C:\.Trash-1000
2013-07-04 16:39 - 2013-07-04 16:39 - 01048576 ___SH C:\Windows\system32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.2.regtrans-ms.back
2013-07-04 16:39 - 2013-07-04 16:39 - 01048576 ___SH C:\Windows\system32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.1.regtrans-ms.back
2013-07-04 16:39 - 2013-07-04 16:39 - 01048576 ___SH C:\Windows\system32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.0.regtrans-ms.back
2013-07-04 16:39 - 2013-07-04 16:39 - 00065536 ___SH C:\Windows\system32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.blf.back
2013-07-03 21:13 - 2013-07-04 14:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 00:19 - 2013-06-30 00:19 - 21561344 _____ C:\Users\Tobias\Desktop\BigBeat.wav
2013-06-27 17:59 - 2013-06-27 17:59 - 00000000 ____D C:\Users\Tobias\AppData\Local\{CCCD344E-EABD-41EF-94B7-C42B34223EB8}
2013-06-26 20:30 - 2013-06-26 20:30 - 00000000 ____D C:\Users\Tobias\AppData\Local\{E5CC9112-DBD4-4331-A3CF-95058D3209EB}
2013-06-25 19:56 - 2013-06-25 19:56 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-25 19:52 - 2013-06-25 19:52 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\AVS4YOU
2013-06-25 19:52 - 2013-06-25 19:52 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-25 19:51 - 2012-12-17 15:12 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-06-25 19:51 - 2012-12-17 15:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2013-06-25 19:50 - 2013-06-25 19:54 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-25 19:36 - 2013-06-25 19:56 - 00000000 ____D C:\Users\Tobias\Documents\SelfMV
2013-06-23 22:15 - 2013-06-28 03:04 - 00000000 ____D C:\Users\Tobias\Desktop\DSH
2013-06-22 01:53 - 2013-06-22 01:53 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-22 01:53 - 2013-06-22 01:53 - 00001996 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-22 01:53 - 2013-06-22 01:53 - 00000000 ____D C:\Users\Tobias\Documents\samsung
2013-06-22 01:53 - 2013-06-22 01:53 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Samsung
2013-06-22 01:53 - 2013-06-22 01:53 - 00000000 ____D C:\Users\Tobias\AppData\Local\Samsung
2013-06-22 01:53 - 2013-06-22 01:53 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-22 01:51 - 2013-06-22 01:51 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-22 01:48 - 2013-05-22 20:43 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2013-06-22 01:48 - 2013-05-22 20:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2013-06-22 01:47 - 2013-06-22 01:51 - 00000000 ____D C:\ProgramData\Samsung
2013-06-22 01:47 - 2013-06-22 01:51 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-22 01:37 - 2013-06-22 01:37 - 00000000 ____D C:\Users\Tobias\AppData\Local\Downloaded Installations
2013-06-22 01:23 - 2013-06-22 10:43 - 00000000 ____D C:\Program Files (x86)\No23 Recorder
2013-06-22 01:23 - 2013-06-22 01:23 - 00001061 _____ C:\Users\Public\Desktop\No23 Recorder.lnk
2013-06-22 01:23 - 2013-06-22 01:23 - 00000000 ____D C:\ProgramData\Caphyon

==================== One Month Modified Files and Folders =======

2013-07-18 09:31 - 2010-04-28 04:46 - 01753858 _____ C:\Windows\WindowsUpdate.log
2013-07-18 09:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-18 09:31 - 2009-07-14 06:51 - 00101331 _____ C:\Windows\setupact.log
2013-07-16 21:49 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 21:49 - 2009-07-14 06:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 21:47 - 2009-07-14 19:58 - 00761260 _____ C:\Windows\system32\perfh007.dat
2013-07-16 21:47 - 2009-07-14 19:58 - 00173350 _____ C:\Windows\system32\perfc007.dat
2013-07-16 21:47 - 2009-07-14 07:13 - 01808512 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-16 21:44 - 2013-07-16 21:44 - 00000000 ____D C:\FRST
2013-07-16 21:42 - 2013-03-04 22:17 - 00128488 _____ C:\Users\Polina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-16 21:41 - 2013-03-04 22:17 - 00000000 ___RD C:\Users\Polina\Virtual Machines
2013-07-04 19:17 - 2010-04-28 04:58 - 00000000 ___RD C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-04 18:43 - 2013-07-04 18:43 - 00000000 ____D C:\.Trash-1000
2013-07-04 17:01 - 2009-07-14 04:34 - 18874368 _____ C:\Windows\system32\config\SYSTEM.back
2013-07-04 17:01 - 2009-07-14 04:34 - 112197632 _____ C:\Windows\system32\config\SOFTWARE.back
2013-07-04 17:01 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.back
2013-07-04 17:01 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.back
2013-07-04 17:01 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.back
2013-07-04 16:40 - 2012-07-30 12:21 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Skype
2013-07-04 16:40 - 2010-04-28 20:05 - 00000000 ___RD C:\Users\Tobias\Documents\My Dropbox
2013-07-04 16:40 - 2010-04-28 20:03 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Dropbox
2013-07-04 16:39 - 2013-07-04 16:39 - 01048576 ___SH C:\Windows\system32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.2.regtrans-ms.back
2013-07-04 16:39 - 2013-07-04 16:39 - 01048576 ___SH C:\Windows\system32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.1.regtrans-ms.back
2013-07-04 16:39 - 2013-07-04 16:39 - 01048576 ___SH C:\Windows\system32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.0.regtrans-ms.back
2013-07-04 16:39 - 2013-07-04 16:39 - 00065536 ___SH C:\Windows\system32\config\components{72dadbf0-16df-11e2-9568-00269e9d20bb}.TxR.blf.back
2013-07-04 16:39 - 2009-07-14 04:34 - 51118080 _____ C:\Windows\system32\config\components.back
2013-07-04 16:05 - 2012-07-16 00:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 14:13 - 2013-07-03 21:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 14:13 - 2012-04-27 06:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 11:54 - 2012-10-15 17:50 - 00065536 ___SH C:\Windows\system32\config\components{72dadbf1-16df-11e2-9568-00269e9d20bb}.TM.blf.back
2013-07-03 19:06 - 2010-10-26 12:28 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0CA5BF6D-E052-4ADB-A7C2-6ED8E8532722}
2013-06-30 00:19 - 2013-06-30 00:19 - 21561344 _____ C:\Users\Tobias\Desktop\BigBeat.wav
2013-06-28 03:04 - 2013-06-23 22:15 - 00000000 ____D C:\Users\Tobias\Desktop\DSH
2013-06-27 20:05 - 2013-06-12 21:27 - 00000000 ____D C:\Users\Tobias\Desktop\Diamentenindustry
2013-06-27 17:59 - 2013-06-27 17:59 - 00000000 ____D C:\Users\Tobias\AppData\Local\{CCCD344E-EABD-41EF-94B7-C42B34223EB8}
2013-06-27 09:57 - 2010-05-01 16:37 - 00000284 _____ C:\Windows\matlab.ini
2013-06-27 09:13 - 2010-05-01 16:37 - 00000000 ____D C:\Users\Tobias\Documents\MATLAB
2013-06-26 20:30 - 2013-06-26 20:30 - 00000000 ____D C:\Users\Tobias\AppData\Local\{E5CC9112-DBD4-4331-A3CF-95058D3209EB}
2013-06-26 19:09 - 2010-04-29 11:34 - 00059294 _____ C:\Windows\PFRO.log
2013-06-26 19:09 - 2009-07-14 06:45 - 00460504 _____ C:\Windows\system32\FNTCACHE.DAT
2013-06-25 19:56 - 2013-06-25 19:56 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-25 19:56 - 2013-06-25 19:36 - 00000000 ____D C:\Users\Tobias\Documents\SelfMV
2013-06-25 19:54 - 2013-06-25 19:50 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-25 19:52 - 2013-06-25 19:52 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\AVS4YOU
2013-06-25 19:52 - 2013-06-25 19:52 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-25 19:52 - 2010-04-28 05:03 - 00128488 _____ C:\Users\Tobias\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 22:19 - 2013-02-08 15:47 - 00000000 ____D C:\Users\Tobias\Desktop\Polina
2013-06-22 10:43 - 2013-06-22 01:23 - 00000000 ____D C:\Program Files (x86)\No23 Recorder
2013-06-22 01:53 - 2013-06-22 01:53 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-22 01:53 - 2013-06-22 01:53 - 00001996 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-22 01:53 - 2013-06-22 01:53 - 00000000 ____D C:\Users\Tobias\Documents\samsung
2013-06-22 01:53 - 2013-06-22 01:53 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Samsung
2013-06-22 01:53 - 2013-06-22 01:53 - 00000000 ____D C:\Users\Tobias\AppData\Local\Samsung
2013-06-22 01:53 - 2013-06-22 01:53 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-22 01:51 - 2013-06-22 01:51 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-22 01:51 - 2013-06-22 01:47 - 00000000 ____D C:\ProgramData\Samsung
2013-06-22 01:51 - 2013-06-22 01:47 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-22 01:48 - 2010-04-28 13:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-22 01:37 - 2013-06-22 01:37 - 00000000 ____D C:\Users\Tobias\AppData\Local\Downloaded Installations
2013-06-22 01:23 - 2013-06-22 01:23 - 00001061 _____ C:\Users\Public\Desktop\No23 Recorder.lnk
2013-06-22 01:23 - 2013-06-22 01:23 - 00000000 ____D C:\ProgramData\Caphyon

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 14:28

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-07-2013 03
Ran by Tobias at 2013-07-18 09:34:00
Running from F:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.10 (x64 edition) (Version: 9.10.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Application Verifier (x64) (Version: 4.1.1078)
ASIO4ALL (x32 Version: 2.10 Beta 1)
Aspell 0.6 Dictionary (Language: de) (x32)
Aspell Data (x32)
Audacity 1.2.6 (x32)
CodeSite 4.1 Tools (x32 Version: 4.0)
Conduit Engine  (x32 Version: )
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64) (Version: 10.5.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Debugging Tools for Windows (x64) (Version: 6.12.2.633)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Deutsch für Russischsprachige 3.1 (x32)
DivX-Setup (x32 Version: 2.4.1.4)
Dropbox (HKCU Version: 2.0.22)
EAGLE 6.4.0 (x32 Version: 6.4.0)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google SketchUp 7 (x32 Version: 2.1.6863)
GPL Ghostscript (Version: 9.06)
GPL MPEG-1/2 DirectShow Decoder Filter (x32 Version: 0.1.2)
GSview 5.0 (Version: 5.0)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB971091) (x32 Version: 1)
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB973674) (x32 Version: 1)
HP MediaSmart Webcam (x32 Version: 4.0.2626)
HP Product Detection (x32 Version: 10.7.9.0)
HP Product Detection (x32 Version: 11.15.0004)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 18 (x32 Version: 6.0.180)
Java(TM) 6 Update 35 (x32 Version: 6.0.350)
Java(TM) 7 Update 2 (64-bit) (Version: 7.0.20)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (Version: 1.7.0.20)
JavaFX 2.0.2 (64-bit) (Version: 2.0.2)
JavaFX 2.0.2 SDK (64-bit) (Version: 2.0.2)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KeePass Password Safe 2.20.1 (x32)
Live 4.0.3 (x32)
MATLAB Student R2007a (x32 Version: 7.4)
M-Audio Legacy Keyboard Driver 5.0.0 (x64) (Version: 5.0.0)
maxdome Download Manager 4.1.300.78 (x32 Version: 4.1.30078)
Mendeley Desktop 1.8 (x32 Version: 1.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Device Emulator (64 Bit) Version 3.0 - DEU (Version: 9.0.21022)
Microsoft Document Explorer 2008 (x32 Version: 9.0.21022)
Microsoft Document Explorer 2008 (x32)
Microsoft Document Explorer 2008 Language Pack - DEU (x32 Version: 9.0.21022)
Microsoft Document Explorer 2008 Language Pack - DEU (x32)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SkyDrive (HKCU Version: 16.4.6010.0727)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (COCHLEAR) (x32 Version: 9.4.5000.00)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 Design Tools DEU (x32 Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 DEU (x32 Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 for Devices DEU (x32 Version: 3.5.5386.0)
Microsoft SQL Server Database Publishing Wizard 1.2 (x32 Version: 1.2.0.0)
Microsoft SQL Server Management Objects Collection  (Version: 9.00.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (x32 Version: 8.0.50727.42)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (x32)
Microsoft Visual Studio 2008 Professional Edition - DEU (x32 Version: 9.0.21022)
Microsoft Visual Studio 2008 Professional Edition - DEU (x32)
Microsoft Visual Studio 2008 Remote Debugger - DEU
Microsoft Visual Studio 2008 Remote Debugger - DEU (Version: 9.0.21022)
Microsoft Visual Studio Web Authoring Component (x32 Version: 12.0.4518.1066)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011)
MiKTeX 2.9 (x32 Version: 2.9)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MP3 Generator 1.1 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
MT 7.13 Build 3 for Windows (x32)
MyFreeCodec (HKCU)
Native Instruments Abbey Road 60s Drums (Version: 1.2.0.003)
Native Instruments Abbey Road 60s Drums (x32)
Native Instruments Absynth 5 (x32)
Native Instruments Battery 3 (Version: 3.2.2.633)
Native Instruments Battery 3 (x32)
Native Instruments Battery Library Importer for Maschine (Version: 1.0.0.003)
Native Instruments Battery Library Importer for Maschine (x32)
Native Instruments Berlin Concert Grand (Version: 1.3.0.004)
Native Instruments Berlin Concert Grand (x32)
Native Instruments FM8 (Version: 1.2.0.1016)
Native Instruments FM8 (x32)
Native Instruments Guitar Rig 5 (Version: 5.0.0.2354)
Native Instruments Guitar Rig 5 (x32)
Native Instruments Komplete 8 (Version: 8.0.0.001)
Native Instruments Komplete 8 (x32)
Native Instruments Kontakt 5 (Version: 5.0.0.5133)
Native Instruments Kontakt 5 (x32)
Native Instruments Kontakt Factory Library (Version: 1.0.0.004)
Native Instruments Kontakt Factory Library (x32)
Native Instruments Massive (Version: 1.3.0.2050)
Native Instruments Massive (x32)
Native Instruments New York Concert Grand (Version: 1.3.0.004)
Native Instruments New York Concert Grand (x32)
Native Instruments Rammfire (Version: 1.1.0.003)
Native Instruments Rammfire (x32)
Native Instruments Reaktor 5 (Version: 5.6.1.11150)
Native Instruments Reaktor 5 (x32)
Native Instruments Reaktor Prism (Version: 1.2.0.005)
Native Instruments Reaktor Prism (x32)
Native Instruments Reaktor Spark R2 (Version: 1.1.0.004)
Native Instruments Reaktor Spark R2 (x32)
Native Instruments Reflektor (Version: 1.2.0.003)
Native Instruments Reflektor (x32)
Native Instruments Scarbee MM-Bass (Version: 1.2.0.006)
Native Instruments Scarbee MM-Bass (x32)
Native Instruments Scarbee Vintage Keys (Version: 1.1.0.002)
Native Instruments Scarbee Vintage Keys (x32)
Native Instruments Service Center (Version: 2.2.6.676)
Native Instruments Service Center (x32)
Native Instruments Studio Drummer (Version: 1.0.0.005)
Native Instruments Studio Drummer (x32)
Native Instruments The Finger R2 (Version: 1.1.0.004)
Native Instruments The Finger R2 (x32)
Native Instruments Traktors 12 (Version: 1.1.0.002)
Native Instruments Traktors 12 (x32)
Native Instruments Transient Master (Version: 1.0.0.004)
Native Instruments Transient Master (x32)
Native Instruments Upright Piano (Version: 1.3.0.004)
Native Instruments Upright Piano (x32)
Native Instruments Vienna Concert Grand (Version: 1.3.0.003)
Native Instruments Vienna Concert Grand (x32)
Native Instruments Vintage Organs (Version: 1.1.0.007)
Native Instruments Vintage Organs (x32)
Native Instruments West Africa (Version: 1.1.0.004)
Native Instruments West Africa (x32)
No23 Recorder (x32 Version: 2.1.0.3)
ON-Drucker-Software
Samsung Kies (x32 Version: 2.5.3.13052_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)
SFT_de3 Toolbar (x32 Version: 6.3.8.0)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.3 (x32 Version: 6.3.107)
SumatraPDF (x32 Version: 2.2.1)
Synaptics Pointing Device Driver (Version: 15.0.17.4)
TeXnicCenter System Update 1.0 (x32 Version: 1.0)
TeXnicCenter Version 1.0 Stable RC1 (x32 Version: Version 1.0 Stable RC1)
Tools für Microsoft SQL Server 2005 Express Edition (x32 Version: 9.4.5000.00)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.5000.00)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 System (KB2539530) (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB972221) (x32 Version: 1)
VC Runtimes MSI (x32 Version: 9.0.21022)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
Visual Studio .NET Prerequisites - English (Version: 9.0.21022)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.21022)
Visual Studio Tools for the Office system 3.0 Runtime (x32)
Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU (x32 Version: 9.0.21022)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)

==================== Restore Points  =========================

15-06-2013 00:00:07 Windows Update
18-06-2013 19:27:22 Windows Update
21-06-2013 19:56:45 Windows Update
21-06-2013 23:23:25 No23 Recorder wird installiert
21-06-2013 23:46:28 Installed Samsung Kies
24-06-2013 22:04:38 Windows Update
28-06-2013 04:59:51 Windows Update
01-07-2013 20:06:15 Windows Update
03-07-2013 17:07:24 Microsoft Antimalware Checkpoint
16-07-2013 19:43:06 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {156F29D0-B310-4DD1-89A1-62BDB99706A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {1D57683C-C885-490A-BFDF-1A42DA94B7F3} - System32\Tasks\{0D51683E-F29C-43E5-95DF-1FA33B74CE94} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {3821829E-4F01-407C-94DF-2D56D2A9FAE0} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {4E544669-8702-4870-81A6-D119E19AC424} - System32\Tasks\{AD3E996E-AFD1-4B44-9FC3-83F3E0BF9927} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {51E75A13-69EA-490B-9A34-CE54C8F7822F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {6247C288-50DD-4F45-9B0F-E88B9480C096} - System32\Tasks\{3DC8C303-0DD4-47ED-A7E9-6D2AC392AB87} => C:\Program Files (x86)\ICQ7.1\ICQ.exe No File
Task: {704D61AF-FFA9-4A8B-8F99-2C406F8219FC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {71780C7B-1CC0-4D0F-877C-EC4EEFF91A41} - System32\Tasks\{FCFC0FDC-5938-44A8-BF00-580B059C5E49} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {73B151DF-B5B0-42A6-BDA9-7CEC8979F165} - System32\Tasks\{EEE4D6D5-C4D2-4238-B2D8-024876E444A3} => C:\F5U103ea driver\Windows\F5U103 Driver Installer.exe No File
Task: {7B9D3D22-51FD-440E-A606-A82E27F14319} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {82B87CB9-FB41-4BD3-8BF2-AC01AE88C358} - System32\Tasks\{7C4DDAAA-9157-4B8E-80CB-D339D89ABC2F} => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe No File
Task: {9AE3C567-ECFC-4799-9814-DA0203136294} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: {A88D662E-D26E-4D00-9FEC-DE200BBA93D1} - System32\Tasks\User_Feed_Synchronization-{0CA5BF6D-E052-4ADB-A7C2-6ED8E8532722} => C:\Windows\system32\msfeedssync.exe [2013-03-15] (Microsoft Corporation)
Task: {ACB3AA81-827D-4C62-A387-786954AC4E54} - System32\Tasks\{2B18F5D9-AB96-4F6A-B627-720238125F8B} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {BBA7DCE5-9DDD-48B0-8671-8C55F799DF58} - System32\Tasks\{02F64619-AE2E-4876-9C46-583D362F9F94} => C:\Program Files (x86)\ICQ7.1\ICQ.exe No File
Task: {C23AA155-824F-41B7-B7E8-FD99F1967E1F} - System32\Tasks\{9E4C3FB2-B8CD-4F61-90EB-270A4FF28057} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {CF3D2420-A667-40A2-A44D-B60D2D1EA872} - System32\Tasks\{5092381F-FB5D-4BE1-AC24-207663249B1D} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {DA081B48-CA8E-43FC-96E3-54B1C6A14025} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {E29C1CED-2E62-4DAA-B60B-B6E0E1E463F2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {EEDA3671-4282-4FCA-9668-B28E18A17481} - System32\Tasks\{30F1C96E-40EA-4788-AD17-E2C7C6E52F6D} => C:\Windows\System32\fireface.exe [2011-05-03] (RME)
Task: {F56C4B64-477C-4D42-9FC3-BD25DFF12478} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2013 07:07:24 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {a53d51ee-9edd-4399-93dd-ed1646f5773f}

Error: (07/01/2013 00:10:06 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/30/2013 11:56:24 PM) (Source: Application Hang) (User: )
Description: Programm Live 4.0.3.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 245c

Startzeit: 01ce75dc73df4531

Endzeit: 8

Anwendungspfad: C:\Program Files (x86)\Ableton\Live 4.0.3\Program\Live 4.0.3.exe

Berichts-ID: e55e2a8b-e1cf-11e2-95da-00269e9d20bb

Error: (06/30/2013 07:00:01 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (06/23/2013 08:36:08 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (06/22/2013 10:37:23 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/22/2013 01:56:26 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8

Error: (06/22/2013 01:56:25 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8

Error: (06/16/2013 08:30:59 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (06/14/2013 11:31:23 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)


System errors:
=============
Error: (07/18/2013 09:31:52 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 105.0.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.2.0223.00

	Quellpfad: 4.2.0223.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (07/18/2013 09:31:52 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.153.1171.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.2.0223.00

	Quellpfad: 4.2.0223.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (07/18/2013 09:31:52 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.153.1171.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.2.0223.00

	Quellpfad: 4.2.0223.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (07/18/2013 09:31:52 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.153.1171.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.2.0223.00

	Quellpfad: 4.2.0223.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (07/18/2013 09:31:31 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/18/2013 09:31:31 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/17/2013 08:04:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147467243

Error: (07/17/2013 08:04:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Enumeratordienst für tragbare Geräte" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1115

Error: (07/17/2013 08:04:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Zugriff auf Eingabegeräte" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1115

Error: (07/17/2013 08:04:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1115


Microsoft Office Sessions:
=========================
Error: (07/03/2013 07:07:24 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {a53d51ee-9edd-4399-93dd-ed1646f5773f}

Error: (07/01/2013 00:10:06 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/30/2013 11:56:24 PM) (Source: Application Hang)(User: )
Description: Live 4.0.3.exe1.0.0.1245c01ce75dc73df45318C:\Program Files (x86)\Ableton\Live 4.0.3\Program\Live 4.0.3.exee55e2a8b-e1cf-11e2-95da-00269e9d20bb

Error: (06/30/2013 07:00:01 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (06/23/2013 08:36:08 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (06/22/2013 10:37:23 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/22/2013 01:56:26 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8 
C:\Program Files (x86)\Samsung\Kies\Kies.exe

Error: (06/22/2013 01:56:25 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8 
C:\Program Files (x86)\Samsung\Kies\Kies.exe

Error: (06/16/2013 08:30:59 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (06/14/2013 11:31:23 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 4092.2 MB
Available physical RAM: 2377.44 MB
Total Pagefile: 8182.58 MB
Available Pagefile: 6433.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:106.93 GB) (Free:12.2 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (MICROSD) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT (Disk=1 Partition=1)
Drive f: (Kindle) (Removable) (Total:3.26 GB) (Free:2.94 GB) FAT32 (Disk=2 Partition=1)
Drive k: (Kontakt) (Fixed) (Total:97.66 GB) (Free:26.29 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: F1F61A28)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=93 GB) - (Type=05)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

========================================================
Disk: 2 (Size: 3 GB) (Disk ID: 00000003)
Partition 1: (Not Active) - (Size=3 GB) - (Type=0B)

==================== End Of Log ============================

cosinus · 18.07.2013, 20:08

Zitat:

Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

TobiB · 18.07.2013, 22:28

Ich benutze den Rechner nur zu privaten Zwecken. Für Windows 7 Professional gab es keinen speziellen Grund. mbar.exe hat nichts gefunden.

Logfiles Gmer.txt

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-18 22:40:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725032A9A364 rev.PC3OC70E 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Tobias\AppData\Local\Temp\uwdiipod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\maxdome\DCBin\DCService.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     00000000763d1465 2 bytes [3D, 76]
.text   C:\Program Files (x86)\maxdome\DCBin\DCService.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000763d14bb 2 bytes [3D, 76]
.text   ...                                                                                                                                  * 2
.text   c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2128] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   00000000763d1465 2 bytes [3D, 76]
.text   c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2128] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  00000000763d14bb 2 bytes [3D, 76]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           00000000763d1465 2 bytes [3D, 76]
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000763d14bb 2 bytes [3D, 76]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3724] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint           000000007749000c 1 byte [C3]
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3724] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin      000000007751f85a 5 bytes JMP 00000001774cd571
?       C:\Windows\system32\mssprxy.dll [3964] entry point in ".rdata" section                                                               0000000074ab71e6
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000763d1465 2 bytes [3D, 76]
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000763d14bb 2 bytes [3D, 76]
.text   ...                                                                                                                                  * 2
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000763d1465 2 bytes [3D, 76]
.text   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000763d14bb 2 bytes [3D, 76]
.text   ...                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1836]                                              00000000774d3e45
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1860]                                              00000000774d2e25
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1912]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1916]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1920]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1932]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1936]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1952]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1992]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1996]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:2004]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:2020]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:2036]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:2044]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1080]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1088]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:544]                                               00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1100]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1304]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1436]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1564]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1832]                                              00000000774d3e45
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:2592]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:3092]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:3116]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:3124]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:3184]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:3200]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:3232]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:3236]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:4888]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:4892]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1896]                                              00000000774d3e45
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1904]                                              00000000774d2e25
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1924]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1928]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1940]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1956]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1960]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1968]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2008]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2012]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2016]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1156]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1160]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1308]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1364]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1424]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1636]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:324]                                               00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1756]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1872]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1784]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2080]                                              00000000774d3e45
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2428]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2548]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1404]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1388]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:3256]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2556]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2696]                                              00000000735d29e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:3024]                                              00000000735d29e1
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2944:2568]                                                               0000000076f97587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2944:2852]                                                               0000000074a60cb3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2944:3480]                                                               00000000774d2e25
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2944:2220]                                                               00000000774d3e45
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2944:2792]                                                               00000000774d3e45
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2944:4640]                                                               00000000774d3e45

---- Registry - GMER 2.1 ----

Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9A794B0-50CB-998D-FB1B-369BD2DE927B}                      
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9A794B0-50CB-998D-FB1B-369BD2DE927B}@iahmmpndnkddaailhl   0x6B 0x61 0x64 0x6E ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9A794B0-50CB-998D-FB1B-369BD2DE927B}@hanmgomjbcdchnod     0x6B 0x61 0x64 0x6E ...

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----

mbar:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Tobias :: TOBIAS-PC [administrator]

18.07.2013 22:50:46
mbar-log-2013-07-18 (22-50-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 317960
Time elapsed: 18 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 18.07.2013, 22:37

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

TobiB · 18.07.2013, 23:13

Hab GMER nochmal mit zufälligem Dateinamen durchlaufen lassen:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-18 23:49:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725032A9A364 rev.PC3OC70E 298,09GB
Running: pimnfs1e.exe; Driver: C:\Users\Tobias\AppData\Local\Temp\uwdiipod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                   fffff800031ac000 45 bytes [00, 10, 70, 0A, A0, F8, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                   fffff800031ac02f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\maxdome\DCBin\DCService.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     00000000763d1465 2 bytes [3D, 76]
.text     C:\Program Files (x86)\maxdome\DCBin\DCService.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000763d14bb 2 bytes [3D, 76]
.text     ...                                                                                                                                  * 2
.text     c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2128] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   00000000763d1465 2 bytes [3D, 76]
.text     c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2128] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  00000000763d14bb 2 bytes [3D, 76]
.text     ...                                                                                                                                  * 2
.text     C:\Program Files (x86)\Samsung\Kies\Kies.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           00000000763d1465 2 bytes [3D, 76]
.text     C:\Program Files (x86)\Samsung\Kies\Kies.exe[3632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000763d14bb 2 bytes [3D, 76]
.text     ...                                                                                                                                  * 2
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3724] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint           000000007749000c 1 byte [C3]
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3724] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin      000000007751f85a 5 bytes JMP 00000001774cd571
.text     C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000763d1465 2 bytes [3D, 76]
.text     C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000763d14bb 2 bytes [3D, 76]
.text     ...                                                                                                                                  * 2
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000763d1465 2 bytes [3D, 76]
.text     C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000763d14bb 2 bytes [3D, 76]
.text     ...                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1836]                                              00000000774d3e45
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1860]                                              00000000774d2e25
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1912]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1916]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1920]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1932]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1936]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1952]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1992]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1996]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:2004]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:2020]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:2036]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:2044]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1080]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1088]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:544]                                               00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1304]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1436]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1564]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:1832]                                              00000000774d3e45
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:2592]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:3092]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:4888]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [1808:4892]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1896]                                              00000000774d3e45
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1904]                                              00000000774d2e25
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1924]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1928]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1940]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1956]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1960]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1968]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2008]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2012]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2016]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1156]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1160]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1308]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1364]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1424]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1872]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1784]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2080]                                              00000000774d3e45
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2428]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:2548]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1404]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:1388]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:3256]                                              00000000735d29e1
Thread    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1852:3024]                                              00000000735d29e1

---- Registry - GMER 2.1 ----

Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9A794B0-50CB-998D-FB1B-369BD2DE927B}                      
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9A794B0-50CB-998D-FB1B-369BD2DE927B}@iahmmpndnkddaailhl   0x6B 0x61 0x64 0x6E ...
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9A794B0-50CB-998D-FB1B-369BD2DE927B}@hanmgomjbcdchnod     0x6B 0x61 0x64 0x6E ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                unknown MBR code

---- EOF - GMER 2.1 ----

cosinus · 18.07.2013, 23:15

Wieso nochmal GMER, das Log wollte ich nicht haben

TobiB · 19.07.2013, 00:08

Sorry, ich dachte das muss unbedingt mit zufälligem Namen asugeführt werden.
Hier die Logs:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Professional x64
Ran by Tobias on 19.07.2013 at  0:17:14,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4d076ab4-7562-427a-b5d2-bd96e19dee56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{826d7151-8d99-434b-8540-082b8c2ae556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{11549fe4-7c5a-4c17-9fc3-56fc5162a994}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3031778
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\Windows\syswow64\conduitengine.tmp"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Tobias\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Tobias\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Tobias\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\autocompletepro"
Successfully deleted: [Folder] "C:\Program Files (x86)\babylon"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{02F7BFF5-C83D-4AB9-B635-89FC632C7EB4}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{0602542A-2BF8-4B9D-A2B7-6F4900527BE4}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{0F909FA9-D479-4366-B7B3-153421F89610}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{115490CA-23B1-4345-89D6-02FD699F2F90}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{1259CD14-09D4-4C42-A8D5-C8A5433CF4D8}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{12FED79A-8731-49BC-A329-7567AFD04D0D}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{1873FA13-D84C-4D08-882C-919D50E09976}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{1D9A6F27-953F-4974-B037-58E1E3A7E50C}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{204D8BFB-795A-4C46-8A73-1A802625E736}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{21AC7C84-4C5D-457C-9689-929C12A70868}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{26633055-2E72-406E-BA83-BBC7E98EF206}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{28FA4266-895F-480A-9717-249A0F659C51}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{29F240D1-9CC7-4271-9540-DB6A72120803}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{30962682-7D35-4AB0-8D12-6D2640C54B2B}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{35661D91-56F6-4A88-A095-FDD203A8DFB8}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{39D742B7-448C-4A31-86FB-32A96808D8E6}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{3AAD316F-5EAF-4F7C-8EA8-FB544BD6D13B}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{3AECF09B-09AD-4BDD-BC97-A3E6FBF0D45F}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{3B41E7F3-20C3-4AD4-942B-08205F6799D3}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{3F57A44F-7FFD-4A28-9D62-CFE99CFA9DA9}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{400624ED-2228-4B4A-9D4C-ABF90D7344C1}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{405D2399-5FE0-434A-BA62-F14DF9809EC6}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{408E6910-91D1-46BC-A23C-29C96CD25915}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{41FD06B3-2240-41D2-897B-D28E40452847}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{42D90330-1028-4CB7-9C3F-513849CD488F}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{48E98062-1F39-4A82-BC19-075BD24F5C15}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{4B1C8D04-DD35-48AF-B9F9-FA1159F821EA}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{4BC3B035-D1AF-4462-92CF-123DFCAC29CE}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{549016B4-60B3-4593-B531-80B726ACCBE2}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{551B8800-A792-4FBD-8138-A592E8B124B9}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{55305282-5924-4E74-959D-157DBBDF74DD}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{56A85047-F001-4D9C-99C4-67CFCA2ADAA6}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{5976A7AB-6477-433E-B6E7-C91122374361}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{5AEB9A6C-0430-461B-B695-15765BAA3611}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{5C003D7B-939A-482A-84B3-6CDE1E18D8A5}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{5C0DEB19-A2F8-401F-BFE3-6E0D4DAE0869}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{647CF0E4-207E-455B-9B8D-5432D9991C85}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{64BE8C8A-EFDA-4EA8-91AC-71BD309059A2}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{676553BB-AC2B-4E3B-9014-088CA693D153}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{72F87A77-FB5D-44E3-9098-14EE1328B6FA}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{73DF5EBE-D949-40EE-BE42-7CDB0FC5E4B4}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{767DDB89-65D5-42C8-AC69-1CF8795B1B40}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{76A2D1D7-D515-4B77-BAF4-6173CD5E0349}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{76F47267-9605-4DDD-BBA3-F9475E437AF5}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{78EB6B6B-A74B-4928-875D-E197EAC6504A}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{79278476-C709-45E7-ADC9-A211EC4018CF}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{7E7FE326-DDBA-4CF5-81AD-47D233C483EE}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{7FA5415C-9EAC-4F2E-B3E8-60BD6052146B}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{80F79A36-EA3B-4E2F-A668-7DA061A13F88}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{81AB7F83-FC25-4E01-8E7B-E57A5D940B53}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{84D3AB9B-CAC1-4A36-9E1D-AB7BD3DEBAA5}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{86E7C9FC-C40C-4C34-B9B3-B05245EC0B27}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{88FD6D59-A880-41D6-9DDD-BC5E0F946700}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{8E6D0149-07EC-489E-97D4-442C43EB39D0}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{95D911B1-B140-42DC-A775-738C6B5C2B8C}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{980C0C15-1DA5-41C1-BC5D-7CCC516E20C9}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{981BC9BE-BB93-436E-A2B9-DFCCE60614AF}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{9AAAB27F-4BAD-4138-BF9E-362DE65DBD1E}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{9AAB4A4C-C797-4A02-BA79-07A997EE5371}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{9D328284-402C-4E7B-952A-6823FB9B2AD3}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{A2B80EA9-0010-4D22-8CB8-1FD104C15091}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{A32D919D-7F85-43B5-A3B1-1FE308B177B8}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{A3B7C73B-443A-43DF-B137-498253D623CB}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{AB4DEED0-C7F7-4A45-8A28-E4A874F7CA6D}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{AD937D84-3A49-47B1-8AB1-101E9E5A3CBF}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{AE104CB3-64EE-4AC0-B648-6B4D0BED8638}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{B27C7F72-B640-49EB-85EA-F93DD0FCDA13}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{B35DAC6F-DD95-4588-BDAB-07164F67E17F}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{B8EF8C6D-CD06-4207-8CDD-49B6624D8F73}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{BA2487ED-41A6-4D13-9415-1A800842F257}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{BA8B9322-51B6-470C-A6F8-AAD156A58E53}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{BBB6C2ED-B5AE-4054-A0C1-3A2693BE8F1B}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{BE56C35B-2839-4C7A-BB99-78D4A3F78C9E}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{CCCD344E-EABD-41EF-94B7-C42B34223EB8}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{CD0634FF-F9EE-4C32-88C1-43846915EDE7}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{CE44747D-5112-4EF7-B05B-718FA74939C5}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{CE4A9008-5B36-45E1-BF59-415E65CC1A5F}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{CEC13D43-707B-450B-94AE-8A28C53EBCD4}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{CEEC725D-8F2D-43DB-9FFB-2A63887822CF}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{D12697A4-D851-4A8A-8EA2-B8D777BF1D22}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{D7821216-304C-4ABE-B975-66F6B7612C79}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{D81306D5-7E41-41CD-9EFA-7FC1BFB8F124}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{DE1ADDE4-472E-49AE-9A32-B1AA9002320B}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{DFAA66C0-566C-408A-BF63-8106592553F2}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{E10B7221-62EB-431B-B636-EDDB765E6897}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{E5CC9112-DBD4-4331-A3CF-95058D3209EB}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{E9632DAB-02D2-4631-A18D-1CDD0F6EA73A}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{E9C69E97-E296-4294-946D-D4DA8B5C3FE0}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{ED66322F-8965-46F5-865D-10BAB99523B5}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{EF5F87BC-CA2D-4DFF-968D-EE18CCEA19D3}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{F646412B-CF64-4943-A488-328470BA2BBC}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{F7378C2F-E364-4D55-B47C-4EDCB3C819DC}
Successfully deleted: [Empty Folder] C:\Users\Tobias\appdata\local\{FCB2808D-F010-46B0-937A-5E82DB6BACD5}



~~~ FireFox

Emptied folder: C:\Users\Tobias\AppData\Roaming\mozilla\firefox\profiles\gh1ag6rt.default\minidumps [241 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.07.2013 at  0:23:38,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

# AdwCleaner v2.305 - Datei am 19/07/2013 um 00:27:20 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Tobias - TOBIAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tobias\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008-Dokumentation.lnk
Ordner Gelöscht : C:\Program Files (x86)\SFT_de3
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Polina\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Polina\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Polina\AppData\LocalLow\SFT_de3
Ordner Gelöscht : C:\Users\Tobias\AppData\LocalLow\SFT_de3
Ordner Gelöscht : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\extensions\{ff88a983-649d-4207-9336-9b999280b436}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SFT_de3
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BE5E5AC1-9926-4F3D-B850-8923E652A79E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d72520cb767454006c3f77a01e6254fa
Schlüssel Gelöscht : HKLM\Software\SFT_de3
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BE5E5AC1-9926-4F3D-B850-8923E652A79E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23743E3F-0BFD-43B2-A011-B30926B0AFCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{472A2D65-2021-4C4E-9993-895A5F45480D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF88A983-649D-4207-9336-9B999280B436}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SFT_de3 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FF88A983-649D-4207-9336-9B999280B436}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FF88A983-649D-4207-9336-9B999280B436}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FF88A983-649D-4207-9336-9B999280B436}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\gh1ag6rt.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Polina\AppData\Roaming\Mozilla\Firefox\Profiles\om8cmijr.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [5830 octets] - [19/07/2013 00:27:20]

########## EOF - C:\AdwCleaner[S1].txt - [5890 octets] ##########

Code:

ATTFilter

OTL Extras logfile created on: 19.07.2013 00:57:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tobias\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 59,99% Memory free
7,99 Gb Paging File | 6,45 Gb Available in Paging File | 80,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 106,93 Gb Total Space | 12,25 Gb Free Space | 11,46% Space Free | Partition Type: NTFS
Drive D: | 1,86 Gb Total Space | 1,86 Gb Free Space | 99,90% Space Free | Partition Type: FAT
Drive K: | 97,66 Gb Total Space | 26,29 Gb Free Space | 26,92% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-PC | User Name: Tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3408962903-4176615068-4096822321-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087C46C6-4573-4623-AF66-2B17B71CC6BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{22D29FF6-0235-45E8-9881-DBFFA9ABBB53}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2414118F-3727-42B3-ABE4-CDAC3C8EE8B2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2ED9B469-E981-4C67-9835-156718522129}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{30EC286A-9EB3-44C5-A154-AA83FC6A5BD0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{38C23B5B-6483-40FA-AE08-58E606D5113E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DF99CEC-2F74-4BFE-8DD6-5CC08D5C3B1D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4345F315-5B3C-424C-8D32-4AB6AE8CE01F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{44BE97DE-EEB0-4539-B85A-35BEB09541B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{44F05661-22E7-4BFA-B21C-321A7078F159}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A98AE56-72F5-405E-ABA9-A4823A2CA512}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4EC84A86-EB24-4C9A-ABBD-D06729CAFE2C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{55E8D9CB-8AA3-4E5A-9613-C86FF8F81057}" = lport=138 | protocol=17 | dir=in | app=system | 
"{682023DB-56DB-4A22-B20D-37AAAFF312F1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7C136CD1-3F50-48D0-902E-0AA27A736D64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7CF9EE7B-96EA-4613-A6E1-6A545E9B1758}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{90744415-2495-4268-8353-1655C945E1BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{92D4AEB3-9EE4-4DA1-92AE-EE8908B92643}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9B923F24-0EA3-4833-8D74-A44693DBC969}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9E3651EA-1EE0-47F3-9EDB-5068199DBEB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A05B11BD-84F4-4B57-9B28-0720BC704532}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B2435079-99CE-4805-A075-0674F2896D54}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B82D40CD-63E6-4091-91E1-02EF5903198F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BB633A66-D4AD-44FE-AECE-B15ECA66B7CA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C16A5786-D10A-4670-972C-C3C20D8158E6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C26F4E3F-CC4A-425B-9DA1-146F6B550CBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C63AD6F4-14B8-4A2B-B10A-70A68E52FF23}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C6DA879B-60F0-4FA6-9677-D4F40C60E048}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C9656396-5634-4204-B2FC-7CF9496B1ABC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CA5424E4-B60B-471A-BD96-6163840DE050}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CD695796-BB08-49B1-9A0A-75AF56471313}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D84A6D85-AB9D-4E96-9AD9-D7B31AE2CAD6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D9D32345-6481-4364-87FC-25EDC56E7D10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E147CD36-14CB-44FF-8D83-96951EE61520}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E9F27598-4643-46CC-A67C-7E577B2BB920}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F7893D5C-067F-4E7D-AE04-211582486720}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBF2F45-B053-4609-8621-79FCF4DA8481}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F0B37FB-ECFB-4F4E-93A2-4CE24060CB0E}" = protocol=6 | dir=in | app=c:\users\tobias\appdata\local\microsoft\skydrive\skydrive.exe | 
"{2750D22D-54CF-4A8F-BB42-70868DAEB548}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2AFFCCC6-39DF-4B0A-A0F7-E1C881F9CBAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2B41077B-9849-4C6D-8AFC-0A5266B4C380}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2D656EDD-EC6B-492F-9B6E-EC4060BE224F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{345CA2A9-EC8F-4610-AB8E-2BBB961D27E6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{35644946-A07B-474F-B2B2-C2C7826CC249}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{420B4B7E-9D60-4AC4-A71E-6348FD64BE5F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{428B60B6-6E6E-4963-B714-0A1FE8DB5455}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4E9FF935-F995-4983-9755-22A49A1C8A4F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5198F223-F32C-4A94-951F-10FB537A0EB7}" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | 
"{5876F567-7230-406C-96A4-17DB3E632179}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6131BF6E-7D3A-486C-A7D9-CC909BBA5854}" = protocol=6 | dir=in | app=c:\users\tobias\appdata\roaming\dropbox\bin\dropbox.exe | 
"{669273A4-15D0-4F15-A56B-737D39E07CB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6810530A-1F25-4532-AF64-FEDF15C7B486}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6D5DF154-CDC4-46CA-8F6A-05E823ED440D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6DB5A1C4-40F9-4D0D-8F6A-A3AA8D18DB88}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6EE19539-B1CE-44A8-BBAC-18718D861282}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{72B27237-993F-489D-8286-B32574DCD267}" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | 
"{77C975C9-5B9A-4EC8-A9CB-400417C1C9CE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{92813C11-A928-41AD-A132-AD34C25E5143}" = protocol=17 | dir=in | app=c:\users\tobias\appdata\roaming\dropbox\bin\dropbox.exe | 
"{ACE5FED9-EE70-4907-8565-F0BE5E3A5162}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AFED3DDB-ACE9-4D7B-8FD5-1E17B15FE30C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qp.exe | 
"{B4E01CA1-2AAC-41AE-B566-6A39B8AD7753}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BD8C0216-99CD-489B-A8D7-C4456D97D920}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BE64A10A-36E1-486B-8E2F-8D75CD9ED14C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CB6CDBE3-9EBD-4687-A8D8-CFB47600D474}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CD6E92A9-1941-4C06-9F7C-32DAB55A214D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{D16B65C1-8EC8-46EF-97EC-FD4700853DC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D1E06E8A-79E8-40BC-BB93-7CD041D8ED2D}" = protocol=6 | dir=out | app=system | 
"{D5058D7E-D8D4-46AF-B2C5-624D550FF90A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D8A312BA-4594-4906-BE4C-F4D504FF8E2B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DC6597DA-C2E7-419D-9668-E24DDC1CB63A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qpservice.exe | 
"{DD46C122-1992-4BE2-8EE7-0DA9D048FDB9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EB127787-2F5F-4E22-8A00-C71C9AC1D598}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FC2D18E2-3D9D-4F21-B2AC-EA23886A7C31}" = protocol=17 | dir=in | app=c:\users\tobias\appdata\local\microsoft\skydrive\skydrive.exe | 
"{FDD15E3C-804C-4EDE-A87D-B8F8DBC9B314}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{47F77C66-E2E3-405F-A1F8-63AEE4A2A69E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{68F8B515-3511-4759-AAAB-1374AA40B898}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | 
"TCP Query User{6D676AB1-47AD-41FA-9672-6408453494BF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{BA80DFC2-E249-4023-A55E-E7EDB0BAB682}C:\program files (x86)\concept design\onlinetv 6\onlinetv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\concept design\onlinetv 6\onlinetv.exe | 
"TCP Query User{DD3DD86B-E99A-4EB6-88AA-BDC8AAF8DB5F}C:\users\public\counter-strike1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\public\counter-strike1.6\hl.exe | 
"TCP Query User{F548E295-E639-46A0-9C63-C85DAD795FE4}C:\program files (x86)\hp\common\hpdevicedetection3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\common\hpdevicedetection3.exe | 
"UDP Query User{22B90151-65DC-45ED-8D25-DD4E2AB7089C}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | 
"UDP Query User{3C55BB04-139C-46FF-96C2-9399C6012213}C:\program files (x86)\concept design\onlinetv 6\onlinetv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\concept design\onlinetv 6\onlinetv.exe | 
"UDP Query User{7C570386-A6EE-4A67-8ABE-3ADCD4A072E5}C:\program files (x86)\hp\common\hpdevicedetection3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\common\hpdevicedetection3.exe | 
"UDP Query User{87F09D70-22F6-4C55-8E68-4962DC719FC7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{EC452939-23B4-46D9-8A37-A7804AA3A705}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{FFAC0187-2FC1-4E4E-B5B3-F886904CB6CF}C:\users\public\counter-strike1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\public\counter-strike1.6\hl.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{043EEF79-513F-4666-B340-B8556AB0EADC}" = Native Instruments Studio Drummer
"{079419C3-9DFC-4571-BAFC-CD79854C684E}" = Native Instruments West Africa
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{1244CC88-97DF-4694-A720-6F073845DEE2}" = Native Instruments Kontakt Factory Library
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{14C1DD2C-D54E-464A-9588-C109E3E39EEF}" = Native Instruments Vintage Organs
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2CA9F96F-AFFC-4D41-B781-47EBD2378DB8}" = M-Audio Legacy Keyboard Driver 5.0.0 (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor
"{36ccb7d4-42c7-473e-b293-72e41a8ec766}" = Native Instruments Berlin Concert Grand
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4b98677f-ef75-4f71-8ef3-5603e3b0cbf7}" = Native Instruments Scarbee Vintage Keys
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5B841301-3649-4891-BC10-7A66820397C9}" = Native Instruments Reaktor Prism
"{5D03CB59-6F91-4097-922C-9DCA057D2A76}" = Native Instruments The Finger R2
"{5D1224E0-6777-4536-9D72-B0E151ED8C99}" = Native Instruments Battery Library Importer for Maschine
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60BB45B2-E8E4-41C5-B69F-C6DC5D991DF5}" = Native Instruments Abbey Road 60s Drums
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit)
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU
"{81387FD1-8CDD-4C1B-A2CB-BF06772092FE}" = Native Instruments Komplete 8
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{835e9421-5f20-4491-9a75-baa7af1ea14d}" = Native Instruments Vienna Concert Grand
"{88E45461-E8D2-4BCA-BDEC-0405E6FB4817}" = Native Instruments Transient Master
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9be187da-7d1c-4e8b-8b66-6132ca7697d8}" = Native Instruments New York Concert Grand
"{a63e8179-0381-4b59-8876-0755be48eb6a}" = Native Instruments Scarbee MM-Bass
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2EA2CCC-7920-468F-AD46-F409F97644E0}" = Microsoft SQL Server Management Objects Collection 
"{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire
"{d8650fdb-9422-4a07-9f57-585c06d9d760}" = Native Instruments Upright Piano
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"GPL Ghostscript 9.06" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (COCHLEAR)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3BEDA87B-AEA1-4723-811F-3CA47756834F}_is1" = MP3 Generator 1.1
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}" = HP Product Detection
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Audacity_is1" = Audacity 1.2.6
"CodeSite 4.1 Tools" = CodeSite 4.1 Tools
"Deutsch für Russischsprachige_is1" = Deutsch für Russischsprachige 3.1
"DivX Setup.divx.com" = DivX-Setup
"EAGLE 6.4.0" = EAGLE 6.4.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1
"Live 4.0.3" = Live 4.0.3
"MatlabR2007a" = MATLAB Student R2007a
"Mendeley Desktop" = Mendeley Desktop 1.8
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Abbey Road 60s Drums" = Native Instruments Abbey Road 60s Drums
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Battery Library Importer for Maschine" = Native Instruments Battery Library Importer for Maschine
"Native Instruments Berlin Concert Grand" = Native Instruments Berlin Concert Grand
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Komplete 8" = Native Instruments Komplete 8
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Kontakt Factory Library" = Native Instruments Kontakt Factory Library
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments New York Concert Grand" = Native Instruments New York Concert Grand
"Native Instruments Rammfire" = Native Instruments Rammfire
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Prism" = Native Instruments Reaktor Prism
"Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2
"Native Instruments Reflektor" = Native Instruments Reflektor
"Native Instruments Scarbee MM-Bass" = Native Instruments Scarbee MM-Bass
"Native Instruments Scarbee Vintage Keys" = Native Instruments Scarbee Vintage Keys
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Studio Drummer" = Native Instruments Studio Drummer
"Native Instruments The Finger R2" = Native Instruments The Finger R2
"Native Instruments Traktors 12" = Native Instruments Traktors 12
"Native Instruments Transient Master" = Native Instruments Transient Master
"Native Instruments Upright Piano" = Native Instruments Upright Piano
"Native Instruments Vienna Concert Grand" = Native Instruments Vienna Concert Grand
"Native Instruments Vintage Organs" = Native Instruments Vintage Organs
"Native Instruments West Africa" = Native Instruments West Africa
"No23 Recorder" = No23 Recorder
"Office14.SingleImage" = Microsoft Office Professional 2010
"SumatraPDF" = SumatraPDF
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TxcSysUpd_is1" = TeXnicCenter System Update 1.0
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3408962903-4176615068-4096822321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 18.07.2013 18:39:43 | Computer Name = Tobias-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 18.07.2013 18:39:43 | Computer Name = Tobias-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.07.2013 18:39:57 | Computer Name = Tobias-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 18.07.2013 18:40:34 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 SQL Server (COCHLEAR) erreicht.
 
Error - 18.07.2013 18:40:34 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SQL Server (COCHLEAR)" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >

OTL:

Code:

ATTFilter

OTL logfile created on: 19.07.2013 00:57:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tobias\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 59,99% Memory free
7,99 Gb Paging File | 6,45 Gb Available in Paging File | 80,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 106,93 Gb Total Space | 12,25 Gb Free Space | 11,46% Space Free | Partition Type: NTFS
Drive D: | 1,86 Gb Total Space | 1,86 Gb Free Space | 99,90% Space Free | Partition Type: FAT
Drive K: | 97,66 Gb Total Space | 26,29 Gb Free Space | 26,92% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-PC | User Name: Tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobias\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe (3M Touch Systems, Inc.)
PRC - C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe (3M Touch Systems, Inc.)
PRC - C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (TwDrvService) -- C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwService.exe (3M Touch Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (TwRegSvc) -- C:\PROGRAM FILES (X86)\MICROTOUCH\MT 7\TwRegSvc.exe (3M Touch Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Prosieben) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (TwTouch) -- C:\Windows\SysNative\drivers\TwTouch.sys (3M)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (TwBus) -- C:\Windows\SysNative\drivers\TwBus.sys (3M)
DRV:64bit: - (MADFULEGACYKEYBOARD) -- C:\Windows\SysNative\drivers\MAudioLegacyKeyboard_DFU.sys (M-Audio)
DRV:64bit: - (MAUSBLEGACYKEYBOARD) -- C:\Windows\SysNative\drivers\MAudioLegacyKeyboard.sys (M-Audio)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 48 7F 05 7F E6 CA 01  [binary data]
IE - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\..\SearchScopes\{643B9224-F29B-4E9A-A9FA-F3C35CEA6F43}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
IE - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: zotero%40chnm.gmu.edu:4.0.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.03 21:13:46 | 000,000,000 | ---D | M]
 
[2011.03.17 22:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions
[2013.07.19 00:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\gh1ag6rt.default\extensions
[2012.05.21 13:30:39 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\gh1ag6rt.default\extensions\DefaultManager@Microsoft
[2013.05.04 10:41:55 | 004,691,600 | ---- | M] () (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\firefox\profiles\gh1ag6rt.default\extensions\zotero@chnm.gmu.edu.xpi
[2013.07.03 21:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.07.03 21:13:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.07.03 21:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.03 21:14:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.06.10 15:14:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3408962903-4176615068-4096822321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75D31A8D-1494-4ADD-B9A7-125971C1C0CB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F71522E6-8032-45FF-802B-63F5B572F34C}: DhcpNameServer = 134.106.40.3 134.106.49.2 134.106.1.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8AC2827-BC87-4158-8B64-47957CA50B96}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{00a339dd-cbcc-11df-b869-00269e9d20bb}\Shell - "" = AutoRun
O33 - MountPoints2\{00a339dd-cbcc-11df-b869-00269e9d20bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{00a339e0-cbcc-11df-b869-00269e9d20bb}\Shell - "" = AutoRun
O33 - MountPoints2\{00a339e0-cbcc-11df-b869-00269e9d20bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{00a339f6-cbcc-11df-b869-00269e9d20bb}\Shell - "" = AutoRun
O33 - MountPoints2\{00a339f6-cbcc-11df-b869-00269e9d20bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{29cc745d-9339-11df-ad55-00269e9d20bb}\Shell - "" = AutoRun
O33 - MountPoints2\{29cc745d-9339-11df-ad55-00269e9d20bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{29cc746b-9339-11df-ad55-00269e9d20bb}\Shell - "" = AutoRun
O33 - MountPoints2\{29cc746b-9339-11df-ad55-00269e9d20bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.19 00:43:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL(1).exe
[2013.07.19 00:17:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.19 00:14:12 | 000,559,341 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Tobias\Desktop\JRT.exe
[2013.07.18 23:52:44 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\mbar-1.06.0.1004
[2013.07.18 23:52:05 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\mbar
[2013.07.18 22:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.18 22:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.16 21:44:01 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.04 18:43:42 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2013.07.03 21:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.25 20:03:00 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Programs
[2013.06.25 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.06.25 19:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013.06.25 19:52:23 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\AVS4YOU
[2013.06.25 19:51:12 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013.06.25 19:51:12 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2013.06.25 19:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2013.06.25 19:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2013.06.25 19:36:21 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\SelfMV
[2013.06.23 22:15:56 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\DSH
[2013.06.22 01:53:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.06.22 01:53:25 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Samsung
[2013.06.22 01:53:25 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Samsung
[2013.06.22 01:53:22 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\samsung
[2013.06.22 01:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013.06.22 01:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2013.06.22 01:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.06.22 01:48:35 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2013.06.22 01:48:22 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013.06.22 01:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.06.22 01:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013.06.22 01:37:19 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Downloaded Installations
[2013.06.22 01:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2013.06.22 01:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder
[2013.06.22 01:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No23 Recorder
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.19 00:48:17 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.19 00:48:17 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.19 00:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL(1).exe
[2013.07.19 00:39:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.19 00:39:35 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.19 00:25:38 | 000,662,345 | ---- | M] () -- C:\Users\Tobias\Desktop\adwcleaner.exe
[2013.07.19 00:14:22 | 000,559,341 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Tobias\Desktop\JRT.exe
[2013.07.19 00:05:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.18 23:38:08 | 000,377,856 | ---- | M] () -- C:\Users\Tobias\Desktop\pimnfs1e.exe
[2013.07.18 22:11:28 | 013,399,154 | ---- | M] () -- C:\Users\Tobias\Desktop\mbar-1.06.0.1004.zip
[2013.07.16 21:47:58 | 000,761,260 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.16 21:47:58 | 000,711,504 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.16 21:47:58 | 000,173,350 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.16 21:47:58 | 000,143,632 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.16 21:47:57 | 001,808,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.30 00:19:20 | 021,561,344 | ---- | M] () -- C:\Users\Tobias\Desktop\BigBeat.wav
[2013.06.27 09:57:38 | 000,000,284 | ---- | M] () -- C:\Windows\matlab.ini
[2013.06.26 19:09:45 | 000,460,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.23 00:34:02 | 000,472,572 | ---- | M] () -- C:\Users\Tobias\Desktop\AB_diagramme-auswerten.pdf
[2013.06.22 01:53:21 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.06.22 01:53:21 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.06.22 01:23:43 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
 
========== Files Created - No Company Name ==========
 
[2013.07.19 00:25:20 | 000,662,345 | ---- | C] () -- C:\Users\Tobias\Desktop\adwcleaner.exe
[2013.07.18 23:38:07 | 000,377,856 | ---- | C] () -- C:\Users\Tobias\Desktop\pimnfs1e.exe
[2013.07.18 22:11:38 | 013,399,154 | ---- | C] () -- C:\Users\Tobias\Desktop\mbar-1.06.0.1004.zip
[2013.06.30 00:19:20 | 021,561,344 | ---- | C] () -- C:\Users\Tobias\Desktop\BigBeat.wav
[2013.06.23 00:34:02 | 000,472,572 | ---- | C] () -- C:\Users\Tobias\Desktop\AB_diagramme-auswerten.pdf
[2013.06.22 01:53:21 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.06.22 01:53:21 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.06.22 01:23:43 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
[2013.05.22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.05.22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.05.22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.05.22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.05.22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013.05.09 00:17:14 | 000,000,848 | ---- | C] () -- C:\Users\Tobias\.recently-used.xbel
[2013.01.20 22:57:08 | 000,011,163 | ---- | C] () -- C:\Users\Tobias\gsview64.ini
[2012.04.27 19:02:35 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.03.16 19:37:45 | 000,000,337 | ---- | C] () -- C:\Users\Tobias\AppData\Local\Perfmon.PerfmonCfg
[2011.10.18 21:13:35 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.10.18 21:13:35 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.10.18 19:06:58 | 000,000,034 | ---- | C] () -- C:\Users\Tobias\dlmgr_.pro
[2011.09.07 16:17:23 | 000,000,076 | ---- | C] () -- C:\Users\Tobias\.gtk-bookmarks
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.13 14:15:24 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Ableton
[2013.03.03 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\CadSoft
[2011.03.04 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Cochlear
[2011.06.13 15:09:36 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\concept design
[2013.07.04 16:40:24 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Dropbox
[2010.04.29 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\g200kg
[2013.03.04 18:14:54 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\gtk-2.0
[2013.01.20 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\JOSM
[2012.11.04 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\KeePass
[2011.04.21 14:51:49 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\MED-EL
[2010.05.03 01:30:54 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\OpenOffice.org
[2013.06.22 01:53:25 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Samsung
[2010.04.28 23:10:32 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Subversion
[2013.02.27 17:03:40 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\SumatraPDF
[2010.04.28 17:10:19 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\TuneUp Software
[2012.07.31 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Windows Live Writer
[2010.06.11 02:38:30 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\xm1
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.03.29 12:22:47 | 000,000,000 | ---D | M](C:\Users\Tobias\Desktop\?????? ?????????? 2013) -- C:\Users\Tobias\Desktop\Полина Слепцоваҕа 2013
[2013.03.29 12:22:47 | 000,000,000 | ---D | C](C:\Users\Tobias\Desktop\?????? ?????????? 2013) -- C:\Users\Tobias\Desktop\Полина Слепцоваҕа 2013
[2013.03.29 12:22:36 | 000,101,788 | ---- | C] ()(C:\Users\Tobias\Desktop\?????? ?????????? 2013.rar) -- C:\Users\Tobias\Desktop\Полина Слепцоваҕа 2013.rar
[2013.03.29 12:22:08 | 000,101,788 | ---- | M] ()(C:\Users\Tobias\Desktop\?????? ?????????? 2013.rar) -- C:\Users\Tobias\Desktop\Полина Слепцоваҕа 2013.rar

< End of report >

TobiB · 19.07.2013, 00:19

Sorry, das war aus versehen. Die Antwort war mist

cosinus · 19.07.2013, 01:00

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

TobiB · 24.07.2013, 08:08

Hallo, Hier die log files:

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2b62d05cce879e4ab55b313e335b4db7
# engine=14509
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-24 01:40:39
# local_time=2013-07-24 03:40:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 13888300 25279649 0 0
# scanned=345378
# found=12
# cleaned=0
# scan_time=14709
sh=C8753FAC1EA9D6AB2B8A5EDCBA9AA40D6FD567FD ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-1493.FG trojan" ac=I fn="C:\.Trash-1000\files\jar_cache5592377057806768219.tmp"
sh=F246DB5086B9925D4661E1A45215FC04E57DEC83 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\42951b16-2ab2c2fc"
sh=E6698B36FC4034B2B79C9B75D37DF003756406EB ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DU trojan" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6e0d8316-37642781"
sh=E3B00F19499934CCF86193D8E8F66171AF4F9469 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\de6cc17-4361b8d2"
sh=146B84FBD104685E81F1E8DACAAF37BFB4BE0EDC ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DU trojan" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\42c761da-254a8193"
sh=9F3DEDAB76B2DAB717ECA54B1957476B24E478B5 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\135c3f03-4af0e25f"
sh=7F3DFB975888B5B8F2F1700096C22947A2CC7E1C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2010-4452.A trojan" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\58ec35a7-68c24e8b"
sh=DE18A6B776F22850A40D7C1B46CB55DBBC3333CD ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DU trojan" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2e77cfe9-6b9f0dff"
sh=9EA9347CB9ED0B7241E377C4DFAC39A7D9F28CF2 ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DP trojan" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2cb13c2a-53db3e8f"
sh=146B84FBD104685E81F1E8DACAAF37BFB4BE0EDC ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DU trojan" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\599b366b-69f2b83a"
sh=36608A6880BFACC0FFD46FFEBE0905438939D7EC ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-1493.AF trojan" ac=I fn="C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5e44ea3a-33aa8b22"
sh=9920B227D262C8C582981B1BEE5C5B74B13E0341 ft=1 fh=208c1d4fb1793664 vn="probably a variant of Win32/IRCBot.NDSECCR trojan" ac=I fn="C:\Users\Tobias\Downloads\MP3_Generator_1.1.exe"

MBAM:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Tobias :: TOBIAS-PC [Administrator]

23.07.2013 21:37:55
mbam-log-2013-07-23 (21-37-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 576524
Laufzeit: 1 Stunde(n), 45 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\MP3 Generator\MP3 Generator.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 24.07.2013, 14:40

Nur Reste, diese bitte mit TFC löschen:

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

18.07.2013, 23:15	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win7 GVU/BKA Trojaner / webcam bild / abgesicherter Modus läuft nicht / Wieso nochmal GMER, das Log wollte ich nicht haben __________________ Logfiles bitte immer in CODE-Tags posten

Win7 GVU/BKA Trojaner / webcam bild / abgesicherter Modus läuft nicht /

Log-Analyse und Auswertung: Win7 GVU/BKA Trojaner / webcam bild / abgesicherter Modus läuft nicht /