Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   mystart incredibar - hartnäckig! (https://www.trojaner-board.de/121311-mystart-incredibar-hartnaeckig.html)

robert.84 05.08.2012 14:30
mystart incredibar - hartnäckig!
 
Ich habe mir leider bei softnic diesen Plagegeist eingefangen.

Was ich bisher gemacht habe:
Java neu installiert.
Malwarebytes aktualisiert und scannen lassen: nix gefunden
Nod32 Tiefenprüfung: keine Ergebnisse
Registry manuell durchsucht und alles verdächtige gelöscht
ADWCleaner ausgeführt und fixen lassen.
Firefox Addons deinstalliert und versucht die about:config zu ändern.
Sämtliches Incredibar Software deinstalliert mitsamt angehörigen Programmen

Und trotzdem erscheint bei jedem neuen Tab diese Mystart Suchseite.

hier ein OTL Log

OTL Logfile:
Code:
OTL logfile created on: 05.08.2012 14:49:27 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Bert\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,36 Gb Available Physical Memory | 79,63% Memory free
15,97 Gb Paging File | 14,10 Gb Available in Paging File | 88,31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 110,53 Gb Total Space | 47,92 Gb Free Space | 43,35% Space Free | Partition Type: NTFS
Drive D: | 820,88 Gb Total Space | 294,60 Gb Free Space | 35,89% Space Free | Partition Type: NTFS
 
Computer Name: BERT-PC | User Name: Bert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Program Files (x86)\Razer\Abyssus\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\Abyssus\razerhid.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\Razer\Abyssus\razerofa.exe (Razer Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Razer\Abyssus\razertra.exe ()
MOD - C:\Program Files (x86)\Razer\Abyssus\razerhid.exe ()
MOD - C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe ()
MOD - C:\Program Files (x86)\GIGABYTE\smart6\dbios\DBIOS.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Nitro PDF Software)
SRV - (ekrn) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Personal 2012.SP4c\RpcAgentSrv.exe (SiSoftware)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (tdrpman273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (ksaud) -- C:\Windows\SysNative\drivers\ksaud.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\vHidDev.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Abyssus) -- C:\Windows\SysNative\drivers\Abyssus.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Personal 2012.SP4c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3009609428-3447994014-1517002347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3009609428-3447994014-1517002347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3009609428-3447994014-1517002347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3009609428-3447994014-1517002347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 1A 26 4A E8 56 CD 01  [binary data]
IE - HKU\S-1-5-21-3009609428-3447994014-1517002347-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3009609428-3447994014-1517002347-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3009609428-3447994014-1517002347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3009609428-3447994014-1517002347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Bert\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bert\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bert\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 09:05:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.06 15:39:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.12.19 02:51:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 09:05:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.06 15:39:48 | 000,000,000 | ---D | M]
 
[2012.06.20 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bert\AppData\Roaming\mozilla\Extensions
[2012.06.20 17:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bert\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.08.04 15:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bert\AppData\Roaming\mozilla\Firefox\Profiles\rtq1dtzw.default\extensions
[2012.07.17 16:11:56 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Bert\AppData\Roaming\mozilla\Firefox\Profiles\rtq1dtzw.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012.03.30 10:32:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bert\AppData\Roaming\mozilla\Firefox\Profiles\rtq1dtzw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.04 14:57:46 | 000,002,378 | ---- | M] () -- C:\Users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\rtq1dtzw.default\searchplugins\search.xml
[2012.05.03 02:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.12.19 12:40:02 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\BERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTQ1DTZW.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012.07.18 09:05:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.11.21 03:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.21 03:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 03:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 03:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 03:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bert\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bert\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bert\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: NapsterLink (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll
CHR - plugin:  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Bert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Bert\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Google Mail = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.01.01 21:20:37 | 000,000,895 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 
O1 - Hosts: 127.0.0.1      activation.nero.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Abyssus] C:\Program Files (x86)\Razer\Abyssus\razerhid.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3009609428-3447994014-1517002347-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKLM..\RunOnce: [SDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\Run.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{736E8AE6-7382-4DA1-9970-CB714A9E9126}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.05 14:46:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bert\Desktop\OTL.exe
[2012.08.05 13:25:30 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\Malwarebytes
[2012.08.05 13:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.05 13:25:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.05 13:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.05 13:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.05 12:42:04 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Bert\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.04 18:50:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.04 14:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012.08.04 14:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealBulldog Toolbar Toolbar
[2012.08.04 14:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite
[2012.08.04 14:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System.Data.SQLite
[2012.08.04 14:55:49 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\Software4u
[2012.08.04 14:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software4u
[2012.08.03 18:53:19 | 000,000,000 | ---D | C] -- C:\Users\Bert\Desktop\0005
[2012.07.27 12:20:42 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Local\ESET
[2012.07.20 18:22:49 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012.07.20 18:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.07.20 18:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.07.20 16:45:48 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\B3EA18E4-CFD6-44FD-BCB7-2C2EDD1B202A
[2012.07.20 16:45:47 | 001,263,200 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm273.sys
[2012.07.20 16:45:40 | 000,970,336 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2012.07.20 16:45:38 | 000,277,088 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2012.07.20 16:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2012.07.20 16:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2012.07.20 16:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2012.07.20 16:44:03 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\Acronis
[2012.07.20 16:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012.07.17 16:16:45 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\WindSolutions
[2012.07.17 16:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012.07.11 15:10:36 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 15:10:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 15:10:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 15:10:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 15:10:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 15:10:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 15:10:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 15:10:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 15:10:33 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 15:10:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 15:10:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 15:10:33 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 15:10:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 15:09:03 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 15:09:02 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.11 15:08:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 15:08:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 15:07:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.10 09:49:29 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.07 00:43:40 | 000,000,000 | ---D | C] -- C:\archive_db
[2012.07.07 00:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012.07.07 00:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Festplatten Manager™ 12 Professional
[2012.07.07 00:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software
[2012.07.06 15:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.06 15:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.06 15:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.06 15:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.07.06 15:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.05 14:47:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bert\Desktop\OTL.exe
[2012.08.05 14:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 14:29:32 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 14:29:32 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 14:29:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 14:26:28 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.05 14:26:28 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.05 14:26:28 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.05 14:26:28 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.05 14:26:28 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.05 14:22:44 | 000,000,105 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.08.05 14:22:42 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.08.05 14:22:29 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.05 14:22:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 14:22:04 | 2134,450,175 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.05 14:20:16 | 000,632,049 | ---- | M] () -- C:\Users\Bert\Desktop\adwCleaner1703.exe
[2012.08.05 14:00:04 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3009609428-3447994014-1517002347-1000UA.job
[2012.08.05 13:25:22 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.05 12:42:10 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Bert\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.04 18:50:31 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.08.04 14:57:34 | 000,000,448 | ---- | M] () -- C:\user.js
[2012.08.04 12:00:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3009609428-3447994014-1517002347-1000Core.job
[2012.08.02 19:40:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.02 19:40:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.31 23:21:55 | 000,002,410 | ---- | M] () -- C:\Users\Bert\Desktop\Google Chrome.lnk
[2012.07.27 20:08:36 | 187,895,792 | ---- | M] () -- C:\Users\Bert\Desktop\Billy Talent - Viking Death March - Official HD Music Video.mp4
[2012.07.20 18:19:13 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.07.20 16:45:47 | 001,263,200 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm273.sys
[2012.07.20 16:45:40 | 000,970,336 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2012.07.20 16:45:38 | 000,277,088 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2012.07.11 16:38:36 | 000,370,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.06 15:42:57 | 000,001,448 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.05 14:20:10 | 000,632,049 | ---- | C] () -- C:\Users\Bert\Desktop\adwCleaner1703.exe
[2012.08.05 13:25:22 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.04 14:57:33 | 000,000,448 | ---- | C] () -- C:\user.js
[2012.08.04 14:57:01 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.07.27 20:05:49 | 187,895,792 | ---- | C] () -- C:\Users\Bert\Desktop\Billy Talent - Viking Death March - Official HD Music Video.mp4
[2012.07.20 18:19:13 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.07.20 18:18:40 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.20 18:18:39 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 14:39:05 | 037,089,404 | ---- | C] () -- C:\Users\Bert\Desktop\PC Magazin 06-2012 Deutsch.pdf
[2012.07.06 15:42:57 | 000,001,448 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.02 00:11:52 | 011,632,640 | ---- | C] () -- C:\Users\Bert\AppData\Roaming\Sandra.mdb
[2012.05.18 10:54:40 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.31 15:43:32 | 000,007,598 | ---- | C] () -- C:\Users\Bert\AppData\Local\Resmon.ResmonCfg
[2011.12.31 11:33:10 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.31 11:33:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2150N.DAT
[2011.12.31 11:33:04 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.12.31 11:33:04 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011.12.31 11:33:04 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.12.31 11:33:03 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2150N.INI
[2011.12.31 11:32:09 | 000,000,105 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.12.19 17:40:52 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.12.19 17:40:52 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.12.17 21:38:08 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.12.17 21:31:16 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.12.17 20:48:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.02.24 13:40:02 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB1090.ini
[2009.02.24 13:40:02 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB0910.ini
[2009.02.24 13:40:02 | 000,001,346 | ---- | C] () -- C:\ProgramData\cfSB1100.ini
[2009.02.24 13:40:02 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfSB0300.ini
[2009.02.24 13:40:02 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfSB0471.ini
[2009.02.24 13:40:02 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfSB0490.ini
[2009.02.24 13:40:02 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfSB0560.ini
[2009.02.24 13:40:02 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0271.ini
[2009.02.24 13:40:02 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0270.ini
[2009.02.24 13:40:02 | 000,000,590 | ---- | C] () -- C:\ProgramData\cfSB0950.ini

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 05.08.2012 14:49:27 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Bert\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,36 Gb Available Physical Memory | 79,63% Memory free
15,97 Gb Paging File | 14,10 Gb Available in Paging File | 88,31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 110,53 Gb Total Space | 47,92 Gb Free Space | 43,35% Space Free | Partition Type: NTFS
Drive D: | 820,88 Gb Total Space | 294,60 Gb Free Space | 35,89% Space Free | Partition Type: NTFS
 
Computer Name: BERT-PC | User Name: Bert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3009609428-3447994014-1517002347-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{912B20B6-2627-48DC-891F-44BF725B9CA8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra personal 2012.sp4c\rpcagentsrv.exe |
"{CEDB0162-4D1F-4570-BBE2-330079B1F857}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra personal 2012.sp4c\wnt500x64\rpcsandrasrv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026AAFE4-B82E-4CAF-9B41-719DCDD4EFA2}" = dir=out | app=d:\anno 2070\autopatcher.exe |
"{0CE0E04C-7A82-437F-9DE0-7B475E8EE7ED}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{1DFE7E4D-6CC4-4E20-A102-AA686E46951D}" = dir=out | app=d:\anno 2070\initengine.exe |
"{20D18555-C275-440D-A945-688BAD496180}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2DDCB28D-6E92-45C9-B68A-1F21B3F8050C}" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe |
"{2FB324BB-9F45-452F-91B8-5E112F746D03}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{30B8A868-CA44-4B02-9842-FC5C3086954E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{31CD8301-2760-401D-8E84-6D0B0D2665C4}" = dir=in | app=d:\itunes\itunes.exe |
"{36B7CFDC-261A-4093-808B-DD8F75FCDB95}" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe |
"{4036CCE0-F0BE-49A6-8395-A6D6126F7CAB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{409439AF-3B4B-434A-917B-C1E0703C56DD}" = dir=out | app=d:\anno 2070\awesomiumprocess.exe |
"{47A95F12-3794-4B1B-892F-066257016F4F}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{6E1D3536-D720-4FD4-9A72-935D87F5FE06}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{70026A20-25F4-40C8-83B5-3600F787D8AB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{7C47E392-4755-4C37-83EB-63D881E31185}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7D1F6A1F-CC86-4A85-AF8E-92312347169A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7EBCC72A-A52C-476D-9EE2-5437E56EDD2A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{8552F978-2866-4A38-9388-0CF278C8CC1B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{855B8B04-9F0E-409C-9683-02600E350D86}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{883C6CDD-2FA6-491C-9698-96D2EE5059C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{89A7EE5C-74CB-4061-AE30-BAF28CB7C097}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{939031D7-B539-45C3-A5B6-124A12C962ED}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{93C9D9D1-188F-45FF-AA43-4471D4FB3BA3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{974B80D1-4440-4362-A630-22DA7D574202}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{B5CBCBC7-B6F6-48B3-A06B-A15DA3547204}" = protocol=17 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe |
"{BEF4586D-B08B-4F53-AD0A-8098E02B8493}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D12855FC-26BF-4928-82A9-8FAAAD0F6937}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D35533E9-F309-401A-9125-187D0E518B66}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E71886D6-6D01-4C25-BDF4-96B1B111EF57}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{EA8EF785-B4A6-4946-852B-8A0037F3DE34}" = dir=out | app=d:\anno 2070\anno5.exe |
"{F4EF3F38-83D5-4441-B900-5D4CBDF22B26}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{F6863E23-85C6-4FB7-9D70-8AA949A16400}" = protocol=6 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe |
"TCP Query User{100A92B6-CF44-442A-8DE1-7B4428DD6959}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{248AB3D4-D86B-49AD-A320-9510F29A73CA}D:\daten-backup\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\daten-backup\jdownloader_portableapps\commonfiles\java\bin\javaw.exe |
"TCP Query User{28347B59-0357-42E3-A63C-B4164FBAFBD1}C:\users\bert\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\bert\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{2DC470AD-D871-436B-BD33-F50DD8CCC08A}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{71AF6E1C-97AF-4172-911A-1FA44E65DCF0}C:\program files (x86)\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files (x86)\napster\napster.exe |
"TCP Query User{726D7C6B-EBF7-4D25-AD88-3C7461604F75}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{73AD4232-08EA-4EB2-B3D8-A13DDBFDFB64}C:\users\bert\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\bert\desktop\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{91199CA0-E641-45FE-B143-0E689CDDB726}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{AE2D0CFE-97F7-4858-938E-9A16103F2513}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |
"TCP Query User{EB67ED74-7FEF-4517-B2C6-A28A7F120EFC}D:\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=d:\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{FAE51E26-42A0-4775-A229-4D4D28E14FA2}D:\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\jdownloader_portableapps\commonfiles\java\bin\javaw.exe |
"UDP Query User{2C072700-9BF8-4DC0-9BBF-82609A247EAF}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{34580387-31D6-4F3F-87E8-75524919AC8B}C:\users\bert\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\bert\desktop\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{51AE45D9-F579-4562-9317-33E5B6CAF5D4}D:\daten-backup\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\daten-backup\jdownloader_portableapps\commonfiles\java\bin\javaw.exe |
"UDP Query User{523BD784-5114-480F-B745-A526A8207CF3}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |
"UDP Query User{723F5FEC-D609-489F-8498-E3C9EFEC1119}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{8A498723-F443-4F39-A65F-55A7D866D5D3}D:\jdownloader_portableapps\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\jdownloader_portableapps\commonfiles\java\bin\javaw.exe |
"UDP Query User{A016D2D8-683C-4606-8264-8B38C99BB5F9}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{BB867DD3-929D-4AF2-BEFA-C0AFCAD1F030}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{DC09B6C0-2522-42B6-AD9E-03B083080D20}C:\users\bert\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\bert\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{EB06F0AF-6D3D-4565-ACC6-ACCF5A596E06}C:\program files (x86)\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files (x86)\napster\napster.exe |
"UDP Query User{EDF216D0-A2F9-486F-8936-411F515CF08D}D:\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=d:\diablo-iii-8370-dede-installer-downloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.1.4235 x64
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{61A177CE-86A3-433F-BFE2-41AB9123A268}" = ESET NOD32 Antivirus
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6D3AAA06-F2E1-4AB5-AB64-38B7E64DDAEF}" = Nitro Pro 7
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Personal 2012.SP4c
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1E104AF0-EA49-11DE-AC07-005056C00008}" = Paragon Festplatten Manager™ 12 Professional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7FAA26D8-3727-41CD-A9DE-9480E4EA9130}" = Audials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F7725B5-8645-4869-B687-8C1FF38B5B62}" = Brother HL-2150N
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Kwik Themes 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CBD6B23A-B54F-476A-9527-C262F469CACF}" = Razer Abyssus
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Kwik Themes 3
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 10.5.8
"Audacity_is1" = Audacity 2.0
"AudioCS" = Creative Audio-Systemsteuerung
"BewerbungsGenie 7_is1" = DATA BECKER BewerbungsGenie 7
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealBulldog Toolbar Toolbar" = DealBulldog Toolbar Toolbar
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Foxit Reader_is1" = Foxit Reader 5.1
"HaaliMkx" = Haali Media Splitter
"Linkage_is1" = Linkage 2.5 Personal Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Opera 11.61.1250" = Opera 11.61
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"TomTom HOME" = TomTom HOME 2.8.4.2596
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3009609428-3447994014-1517002347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ed221299c930defb" = n5Devil
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2012 10:59:42 | Computer Name = Bert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6116
 
Error - 04.08.2012 10:59:42 | Computer Name = Bert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6116
 
Error - 04.08.2012 10:59:43 | Computer Name = Bert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.08.2012 10:59:43 | Computer Name = Bert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7114
 
Error - 04.08.2012 10:59:43 | Computer Name = Bert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7114
 
Error - 04.08.2012 10:59:44 | Computer Name = Bert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.08.2012 10:59:44 | Computer Name = Bert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8112
 
Error - 04.08.2012 10:59:44 | Computer Name = Bert-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8112
 
Error - 05.08.2012 06:38:27 | Computer Name = Bert-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.08.2012 08:23:57 | Computer Name = Bert-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 03.06.2012 12:03:38 | Computer Name = Bert-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 03.06.2012 12:03:41 | Computer Name = Bert-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.06.2012 12:03:42 | Computer Name = Bert-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.06.2012 12:03:42 | Computer Name = Bert-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.06.2012 12:05:21 | Computer Name = Bert-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 03.06.2012 12:05:21 | Computer Name = Bert-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 03.06.2012 12:05:22 | Computer Name = Bert-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 03.06.2012 12:05:22 | Computer Name = Bert-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 03.06.2012 12:05:23 | Computer Name = Bert-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 12.06.2012 14:28:33 | Computer Name = Bert-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?06.?2012 um 11:27:03 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---


die neueste adwcleaner version gibt folgendes aus, behebt das problem aber leider nicht ?!

Zitat:
# AdwCleaner v1.800 - Logfile created 08/05/2012 at 21:04:26
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Bert - BERT-PC
# Running from : C:\Users\Bert\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\rtq1dtzw.default\prefs.js

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQFxaO7MU&loc=FF_NT");

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.61.1250.0

File : C:\Users\Bert\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [20969 octets] - [05/08/2012 14:20:26]
AdwCleaner[S1].txt - [20239 octets] - [05/08/2012 14:20:42]
AdwCleaner[R2].txt - [1809 octets] - [05/08/2012 20:59:27]
AdwCleaner[S2].txt - [1782 octets] - [05/08/2012 20:59:43]
AdwCleaner[R3].txt - [1545 octets] - [05/08/2012 21:02:40]
AdwCleaner[S3].txt - [1377 octets] - [05/08/2012 21:04:26]

########## EOF - C:\AdwCleaner[S3].txt - [1505 octets] ##########

cosinus 06.08.2012 09:56
Code:
O1 - Hosts: 
O1 - Hosts: 127.0.0.1      activation.nero.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com
Wir unterstützen in keinster Weise die Nutzung von gecrackter Software!
Die o.g. Einträge dienen hauptsächlich dazu, die Nutzung gecrackter Software von Nero und Adobe zu ermöglichen! :pfui:

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19