|
Plagegeister aller Art und deren Bekämpfung: Ebenfalls System Fix eingefangen, Windoof 7 64Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.11.2011, 22:04 | #1 |
| Ebenfalls System Fix eingefangen, Windoof 7 64 Wie bekomm ich das Teil wieder runter? Zusätzlich seh ich in den Programmen nix mehr, kann aber danach suchen und sie sind noch da. Ebenfalls bekomm ich den Task Manager nicht zum laufen Ist das alles von dem Mistding? Hier das OTL Log: OTL logfile created on: 11/23/2011 9:46:13 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Speedsta\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 55.76% Memory free 8.00 Gb Paging File | 6.16 Gb Available in Paging File | 77.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.11 Gb Total Space | 377.15 Gb Free Space | 83.60% Space Free | Partition Type: NTFS Drive D: | 422.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 7.39 Gb Total Space | 7.28 Gb Free Space | 98.49% Space Free | Partition Type: FAT32 Computer Name: SPEEDSTA-ASUS | User Name: Speedsta | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/11/23 21:39:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Speedsta\Downloads\OTL.exe PRC - [2011/11/23 20:30:04 | 000,379,904 | -H-- | M] (R Soft) -- C:\ProgramData\XJMrCJFIlZfXWo.exe PRC - [2011/11/23 20:19:14 | 000,492,544 | -H-- | M] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011/11/03 12:06:56 | 001,891,048 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011/06/29 12:16:39 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/04/27 13:31:52 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010/12/13 08:39:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/03/28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2009/12/01 00:07:30 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/08/12 23:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009/07/24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009/07/24 02:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe PRC - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/07/07 20:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/06/24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/04/20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008/08/14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008/08/14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe PRC - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ========== Modules (No Company Name) ========== MOD - [2011/11/03 12:06:56 | 000,774,040 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\PrivacyClean.dll MOD - [2011/10/15 13:06:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll MOD - [2011/10/15 13:06:23 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll MOD - [2011/10/15 13:06:02 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll MOD - [2011/10/15 13:05:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011/10/15 13:05:43 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011/10/15 13:05:36 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2009/07/24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/02 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/06/29 12:16:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/27 13:31:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/03/28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009/12/30 14:33:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/11/06 09:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009/07/24 02:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -- (FastBootAgent) SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011/06/29 12:16:39 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/06/29 12:16:39 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/06/22 06:09:04 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64) DRV:64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2010/04/28 07:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/12/01 00:07:35 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/09/04 05:39:10 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009/07/20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/07/09 04:11:42 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/07/01 05:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/07/01 05:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/07/01 05:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/06/26 21:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/06/18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/05/26 14:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009/05/20 09:11:06 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/05/13 02:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/04/07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2011/11/23 20:59:43 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 49 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 17:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/16 19:17:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 17:39:47 | 000,000,000 | ---D | M] [2010/08/29 18:45:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Extensions [2010/08/29 18:45:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/11/11 09:37:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions [2011/11/11 09:37:32 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009/12/07 12:43:53 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011/11/23 20:45:45 | 000,002,342 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icq-search.xml [2011/11/22 14:42:39 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-1.xml [2011/10/12 21:32:41 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-10.xml [2011/10/15 16:57:34 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-11.xml [2011/10/18 07:33:07 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-12.xml [2011/11/11 09:37:45 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-13.xml [2011/11/11 13:53:34 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-14.xml [2010/12/17 08:51:47 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-2.xml [2010/12/23 22:32:14 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-3.xml [2011/04/16 13:38:46 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-4.xml [2011/05/12 06:51:41 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-5.xml [2011/05/13 20:33:23 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-6.xml [2011/05/14 18:12:28 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-7.xml [2011/07/13 19:36:33 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-8.xml [2011/08/14 18:04:12 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-9.xml [2011/10/31 15:43:36 | 000,000,168 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin.gif [2011/10/31 15:43:36 | 000,000,618 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin.src [2010/09/16 07:21:37 | 000,001,056 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin.xml [2011/03/21 08:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/03/21 08:08:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/11/23 20:31:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/10/18 07:32:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/18 07:32:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/18 07:32:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/10/18 07:32:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/18 07:32:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/18 07:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKCU..\Run: [GwDAKVOVed.exe] C:\ProgramData\GwDAKVOVed.exe (R Soft) O4 - HKCU..\Run: [ICQ] "C:\PROGRA~2\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O4 - Startup: C:\Users\Speedsta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{173E7B6C-625A-49D5-8F35-58388324EEB0}: DhcpNameServer = 192.168.1.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCCBE7E9-7642-4FA0-AC44-B5F9DBA549FA}: DhcpNameServer = 10.0.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/01/07 13:20:50 | 000,000,032 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0396bc9b-de03-11de-9471-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0396bc9b-de03-11de-9471-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Gigaset_CD.exe -- [2011/01/27 13:11:27 | 009,039,872 | R--- | M] (Gigaset Communications GmbH) O33 - MountPoints2\{993647da-a3fb-11e0-9bd9-002243d37f6f}\Shell - "" = AutoRun O33 - MountPoints2\{993647da-a3fb-11e0-9bd9-002243d37f6f}\Shell\AutoRun\command - "" = J:\MI.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EBBBE957-67D1-79E9-3EE9-87D055E8DE2A} - Browser Customizations ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.23 20:56:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.11.23 20:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.11.23 20:30:47 | 000,000,000 | -H-D | C] -- C:\Users\Speedsta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix [2011.11.23 20:30:04 | 000,379,904 | -H-- | C] (R Soft) -- C:\ProgramData\XJMrCJFIlZfXWo.exe [2011.11.23 20:22:47 | 000,492,544 | -H-- | C] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe [2011.11.11 14:12:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.11.11 09:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2008.08.12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll ========== Files - Modified Within 30 Days ========== [2011.11.23 21:38:33 | 000,000,000 | ---- | M] () -- C:\Users\Speedsta\defogger_reenable [2011.11.23 21:37:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.23 21:37:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.23 21:30:21 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.23 21:30:21 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.23 21:30:21 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.23 21:30:21 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.23 21:30:21 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.23 21:15:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.23 21:15:34 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys [2011.11.23 20:56:31 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.11.23 20:35:49 | 000,000,432 | -H-- | M] () -- C:\ProgramData\XJMrCJFIlZfXWo [2011.11.23 20:35:44 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWo [2011.11.23 20:35:43 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWor [2011.11.23 20:30:48 | 000,000,651 | -H-- | M] () -- C:\Users\Speedsta\Desktop\System Fix.lnk [2011.11.23 20:30:04 | 000,379,904 | -H-- | M] (R Soft) -- C:\ProgramData\XJMrCJFIlZfXWo.exe [2011.11.23 20:19:22 | 000,056,661 | -H-- | M] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe [2011.11.23 20:19:14 | 000,492,544 | -H-- | M] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe [2011.11.21 22:38:40 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2011.11.21 22:38:40 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2011.11.19 09:50:13 | 000,715,220 | -H-- | M] () -- C:\Users\Speedsta\Desktop\Swissvax-CarCare-KundenFlyer.pdf [2011.11.16 13:34:28 | 000,000,126 | -H-- | M] () -- C:\Users\Speedsta\Desktop\.~lock.Korrigierte Emails.ods# [2011.11.11 13:45:53 | 000,009,065 | -H-- | M] () -- C:\Users\Speedsta\Desktop\Gemeinden angeschrieben.ods [2011.11.11 13:32:09 | 000,771,830 | -H-- | M] () -- C:\Users\Speedsta\Desktop\Korrigierte Emails.ods [2011.11.11 09:51:50 | 000,007,615 | -H-- | M] () -- C:\Users\Speedsta\AppData\Local\Resmon.ResmonCfg [2011.11.11 09:33:51 | 002,213,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys ========== Files Created - No Company Name ========== [2011/05/12 21:37:44 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/05/12 21:37:44 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.11.23 21:38:33 | 000,000,000 | ---- | C] () -- C:\Users\Speedsta\defogger_reenable [2011.11.23 20:56:31 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.11.23 20:30:48 | 000,000,651 | -H-- | C] () -- C:\Users\Speedsta\Desktop\System Fix.lnk [2011.11.23 20:30:48 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWo [2011.11.23 20:30:48 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWor [2011.11.23 20:30:43 | 000,000,432 | -H-- | C] () -- C:\ProgramData\XJMrCJFIlZfXWo [2011.11.23 20:19:18 | 000,056,661 | -H-- | C] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe [2011.11.19 09:50:13 | 000,715,220 | -H-- | C] () -- C:\Users\Speedsta\Desktop\Swissvax-CarCare-KundenFlyer.pdf [2011.11.16 13:34:28 | 000,000,126 | -H-- | C] () -- C:\Users\Speedsta\Desktop\.~lock.Korrigierte Emails.ods# [2011.11.11 13:45:52 | 000,009,065 | -H-- | C] () -- C:\Users\Speedsta\Desktop\Gemeinden angeschrieben.ods [2011.11.11 09:51:50 | 000,007,615 | -H-- | C] () -- C:\Users\Speedsta\AppData\Local\Resmon.ResmonCfg [2010/12/23 22:14:43 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Rydll32.dll [2010/12/23 22:12:29 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.23 22:15:47 | 000,000,027 | ---- | C] () -- C:\Windows\BarCode.ini [2010.04.11 12:32:47 | 000,267,890 | ---- | C] () -- C:\Windows\hpwins22.dat.temp [2010.04.11 12:31:11 | 000,083,526 | ---- | C] () -- C:\Windows\hpqins13.dat [2010.03.04 17:40:38 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp [2010.03.02 17:36:11 | 000,267,291 | ---- | C] () -- C:\Windows\hpwins22.dat [2010.03.02 17:36:11 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat [2009/12/30 14:35:45 | 000,777,728 | ---- | C] () -- C:\Windows\SysWow64\SSLSVC.DLL [2009/12/30 14:35:45 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lang_cfml.dll [2009/12/30 14:35:45 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\cfmsg.dll [2009/12/21 15:56:01 | 000,009,391 | ---- | C] () -- C:\Windows\SysWow64\dymourl.ini [2009/12/21 15:45:14 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\DYMOCFG.DLL [2009/12/01 00:07:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.12.30 14:35:58 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe [2009.12.30 14:35:45 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2009.12.30 14:35:45 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2009.12.30 14:35:45 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\xml_datagrove.dll [2009.12.21 15:48:28 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini [2009.12.14 09:58:26 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi [2009.12.08 10:09:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.12.06 19:34:21 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009.12.06 19:26:39 | 000,067,584 | ---- | C] () -- C:\Windows\unlite2.exe [2009.12.01 00:31:47 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.12.01 00:07:33 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2009.07.29 06:21:06 | 000,024,576 | -H-- | C] () -- C:\ProgramData\SetWallpaper.exe [2009.07.29 06:21:06 | 000,000,223 | -H-- | C] () -- C:\ProgramData\setwallpaper.cmd [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.04.08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008/12/02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg [2006/02/18 09:16:04 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SlpApi42.dll ========== LOP Check ========== [2011.06.01 07:21:47 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\.Kanton ZH [2011.07.28 09:02:27 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Firelab [2011.08.15 10:30:22 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Gomez [2009.12.08 10:02:54 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\gtk-2.0 [2011.11.23 21:17:47 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\ICQ [2010.09.07 13:50:00 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de) [2009.12.07 11:48:29 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Leadertech [2009.12.06 19:49:32 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\OpenOffice.org [2009.12.18 14:34:51 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Scan2PDF [2009.12.07 15:44:39 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Smart Label Printer [2010.08.29 18:45:49 | 000,000,000 | -H-D | M] -- C:\Users\Speedsta\AppData\Roaming\Thunderbird [2010.02.27 10:04:40 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.04.01 11:53:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.10.08 09:05:52 | 000,000,000 | -H-D | M] -- C:\android-sdk [2009.12.01 16:20:11 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2009.12.01 00:09:03 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS [2011.07.26 15:15:12 | 000,000,000 | -HSD | M] -- C:\Boot [2011.11.23 21:15:32 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.12.01 00:09:15 | 000,000,000 | -H-D | M] -- C:\eSupport [2011.09.15 08:17:53 | 000,000,000 | -H-D | M] -- C:\Netgear [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.06.21 13:36:38 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.23 21:22:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.11.23 21:15:33 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.12.06 17:34:11 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.11.23 21:47:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.12.06 17:35:38 | 000,000,000 | R--D | M] -- C:\Users [2011.11.11 14:12:58 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
24.11.2011, 07:48 | #2 | |||||
/// Helfer-Team | Ebenfalls System Fix eingefangen, Windoof 7 64 Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Zitat:
Code:
ATTFilter :OTL IE - HKCU\..\URLSearchHook: - No CLSID value found [2011/10/12 21:32:41 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-10.xml [2011/10/15 16:57:34 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-11.xml [2011/10/18 07:33:07 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-12.xml [2011/11/11 09:37:45 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-13.xml [2011/11/11 13:53:34 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-14.xml [2010/12/17 08:51:47 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-2.xml [2010/12/23 22:32:14 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-3.xml [2011/04/16 13:38:46 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-4.xml [2011/05/12 06:51:41 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-5.xml [2011/05/13 20:33:23 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-6.xml [2011/05/14 18:12:28 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-7.xml [2011/07/13 19:36:33 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-8.xml [2011/08/14 18:04:12 | 000,000,950 | -H-- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-9.xml O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKCU..\Run: [GwDAKVOVed.exe] C:\ProgramData\GwDAKVOVed.exe (R Soft) O4 - HKCU..\Run: [ICQ] "C:\PROGRA~2\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/01/07 13:20:50 | 000,000,032 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0396bc9b-de03-11de-9471-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0396bc9b-de03-11de-9471-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Gigaset_CD.exe -- [2011/01/27 13:11:27 | 009,039,872 | R--- | M] (Gigaset Communications GmbH) O33 - MountPoints2\{993647da-a3fb-11e0-9bd9-002243d37f6f}\Shell - "" = AutoRun O33 - MountPoints2\{993647da-a3fb-11e0-9bd9-002243d37f6f}\Shell\AutoRun\command - "" = J:\MI.exe [2011.11.23 20:30:47 | 000,000,000 | -H-D | C] -- C:\Users\Speedsta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix [2011.11.23 20:30:04 | 000,379,904 | -H-- | C] (R Soft) -- C:\ProgramData\XJMrCJFIlZfXWo.exe [2011.11.23 20:22:47 | 000,492,544 | -H-- | C] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe [2011.11.23 20:35:49 | 000,000,432 | -H-- | M] () -- C:\ProgramData\XJMrCJFIlZfXWo [2011.11.23 20:35:44 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWo [2011.11.23 20:35:43 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWor [2011.11.23 20:30:48 | 000,000,651 | -H-- | M] () -- C:\Users\Speedsta\Desktop\System Fix.lnk [2011.11.23 20:30:04 | 000,379,904 | -H-- | M] (R Soft) -- C:\ProgramData\XJMrCJFIlZfXWo.exe [2011.11.23 20:19:22 | 000,056,661 | -H-- | M] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe [2011.11.23 20:19:14 | 000,492,544 | -H-- | M] (R Soft) -- C:\ProgramData\GwDAKVOVed.exe [2011.11.23 20:30:48 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWo [2011.11.23 20:30:48 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWor [2011.11.23 20:30:43 | 000,000,432 | -H-- | C] () -- C:\ProgramData\XJMrCJFIlZfXWo [2011.11.23 20:19:18 | 000,056,661 | -H-- | C] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe :Commands [purity] [REBOOT]
Versuche jetzt folgendes - ich habe zwei Vorschläge: : 2. Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!: - Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen. Zitat:
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis) ► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? 3. Zitat:
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
5. erneut einen Systemscan mit OTL
6. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ Geändert von kira (24.11.2011 um 08:01 Uhr) |
24.11.2011, 08:55 | #3 |
| Ebenfalls System Fix eingefangen, Windoof 7 64 Hey Kira
__________________Vielen Dank für den sehr ausführlichen Beschrieb. Hab gestern noch viel rumgedoktert und ihn schlussendlich mit ComboFix erledigt. Geh jetzt noch die Registry druch um zu schauen ob wirklich alles weg ist. Problem war dass ich ja nichts mehr ausführen konnte als Admin. Sah auch sämtliche wichtigen Dateien nicht mehr. |
25.11.2011, 08:49 | #4 |
/// Helfer-Team | Ebenfalls System Fix eingefangen, Windoof 7 64 und...jetzt alles in Ordnung? alles sichtbar..kannst alle Befehle ausführen usw?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
25.11.2011, 09:19 | #5 |
| Ebenfalls System Fix eingefangen, Windoof 7 64 Ja jetzt läufts wieder Nur wenn ich aufs Windows Symbol klicke um die Programme aufzurufen isses da noch leer, über die Suche oder alle Programme is aber alles da. Darum kümmer ich mich dann wenn ich Zeit hab |
25.11.2011, 10:15 | #6 | ||
/// Helfer-Team | Ebenfalls System Fix eingefangen, Windoof 7 64 1. Zitat:
Zitat:
► auch wenn die Symptome verschwunden sind, um festzustellen ob unbekannte bzw `nicht entdeckte` Dateien noch vorhanden sind, ich empfehle Dir diese Anleitung genau abzuarbeiten
__________________ --> Ebenfalls System Fix eingefangen, Windoof 7 64 |
25.11.2011, 13:30 | #7 |
| Ebenfalls System Fix eingefangen, Windoof 7 64 Scritt 4: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8236 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 25.11.2011 11:51:04 mbam-log-2011-11-25 (11-51-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 378874 Laufzeit: 59 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL Logfile: Code:
ATTFilter OTL logfile created on: 11/25/2011 1:14:07 PM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Speedsta\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 54.96% Memory free 8.00 Gb Paging File | 5.63 Gb Available in Paging File | 70.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.11 Gb Total Space | 383.48 Gb Free Space | 85.01% Space Free | Partition Type: NTFS Drive E: | 7.39 Gb Total Space | 7.28 Gb Free Space | 98.49% Space Free | Partition Type: FAT32 Computer Name: SPEEDSTA-ASUS | User Name: Speedsta | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/11/23 21:39:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Speedsta\Desktop\OTL.exe PRC - [2011/11/23 20:31:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/06/29 12:16:39 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/04/27 13:31:52 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/01/05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe PRC - [2010/12/13 08:39:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/03/28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2009/12/01 00:07:30 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/08/19 10:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009/08/19 10:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009/08/12 23:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009/07/24 02:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe PRC - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/07/07 20:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/04/20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008/08/14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008/08/14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe PRC - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007/11/07 10:56:40 | 001,660,256 | ---- | M] (Seiko Instruments USA Inc.) -- C:\Program Files (x86)\Seiko Instruments USA Inc\Smart Label Printer 6.6\slpwin.exe PRC - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2003/08/25 18:24:42 | 002,254,848 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\Macromedia\HomeSite+\Homesite+.exe ========== Modules (No Company Name) ========== MOD - [2011/11/23 20:31:10 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011/11/11 14:12:42 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011/10/15 13:06:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll MOD - [2011/10/15 13:06:23 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll MOD - [2011/10/15 13:06:02 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll MOD - [2011/10/15 13:05:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011/10/15 13:05:43 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011/10/15 13:05:36 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/01/05 09:18:56 | 000,733,184 | ---- | M] () -- C:\Program Files (x86)\ICQ7.2\MDb.dll MOD - [2009/10/03 01:48:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU MOD - [2009/10/03 01:45:02 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU MOD - [2009/08/19 10:28:46 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\NSLDAP32V50.dll MOD - [2009/08/18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe MOD - [2009/04/16 13:03:22 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\libxslt.dll MOD - [2009/02/27 16:41:54 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.DEU MOD - [2009/02/27 16:40:12 | 001,712,128 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU MOD - [2007/06/15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll MOD - [2007/06/02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll MOD - [2001/07/20 14:23:28 | 000,114,688 | ---- | M] () -- C:\Windows\SysWOW64\lang_cfml.dll MOD - [2001/07/20 14:23:28 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\xml_datagrove.dll MOD - [2000/06/14 16:45:00 | 000,147,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MACROM~1\bin\wddx_com.dll MOD - [2000/06/14 16:22:24 | 000,036,864 | ---- | M] () -- C:\Windows\SysWOW64\xmlparse.dll MOD - [2000/06/14 16:22:20 | 000,069,632 | ---- | M] () -- C:\Windows\SysWOW64\xmltok.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/02 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/06/29 12:16:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/27 13:31:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/03/28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009/12/30 14:33:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/11/06 09:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009/07/24 02:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -- (FastBootAgent) SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/06/29 12:16:39 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/06/29 12:16:39 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/06/22 06:09:04 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64) DRV:64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2010/04/28 07:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/12/01 00:07:35 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/09/04 05:39:10 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009/07/20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/07/09 04:11:42 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/07/01 05:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/07/01 05:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/07/01 05:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/06/26 21:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/06/18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/05/26 14:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009/05/20 09:11:06 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/05/13 02:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/04/07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 49 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 17:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/16 19:17:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 17:39:47 | 000,000,000 | ---D | M] [2010/08/29 18:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Extensions [2010/08/29 18:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/11/11 09:37:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions [2011/11/11 09:37:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009/12/07 12:43:53 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Speedsta\AppData\Roaming\mozilla\Firefox\Profiles\laevukul.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011/11/23 20:45:45 | 000,002,342 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icq-search.xml [2011/11/22 14:42:39 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-1.xml [2011/10/12 21:32:41 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-10.xml [2011/10/15 16:57:34 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-11.xml [2011/10/18 07:33:07 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-12.xml [2011/11/11 09:37:45 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-13.xml [2011/11/11 13:53:34 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-14.xml [2011/11/24 08:50:05 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-15.xml [2010/12/17 08:51:47 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-2.xml [2010/12/23 22:32:14 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-3.xml [2011/04/16 13:38:46 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-4.xml [2011/05/12 06:51:41 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-5.xml [2011/05/13 20:33:23 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-6.xml [2011/05/14 18:12:28 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-7.xml [2011/07/13 19:36:33 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-8.xml [2011/08/14 18:04:12 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-9.xml [2010/09/16 07:21:37 | 000,001,056 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin.xml [2011/03/21 08:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/03/21 08:08:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/11/23 20:31:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/10/18 07:32:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/18 07:32:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/18 07:32:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/10/18 07:32:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/18 07:32:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/18 07:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011/11/23 23:54:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [ICQ] "C:\PROGRA~2\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Speedsta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{173E7B6C-625A-49D5-8F35-58388324EEB0}: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCCBE7E9-7642-4FA0-AC44-B5F9DBA549FA}: DhcpNameServer = 10.0.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/11/25 10:43:08 | 000,000,000 | ---D | C] -- C:\Users\Speedsta\AppData\Roaming\Malwarebytes [2011/11/25 10:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/11/25 10:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/11/25 10:42:45 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/11/25 10:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/11/24 07:42:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/11/23 23:47:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/11/23 23:47:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/11/23 23:47:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/11/23 23:47:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/11/23 23:45:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/11/23 21:39:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Speedsta\Desktop\OTL.exe [2011/11/23 20:56:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011/11/23 20:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011/11/11 14:12:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011/11/11 09:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2008/08/12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll ========== Files - Modified Within 30 Days ========== [2011/11/25 11:31:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/11/25 10:42:49 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/24 07:48:55 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/11/24 07:48:55 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/11/24 07:45:30 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/11/24 07:45:30 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/11/24 07:45:30 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/11/24 07:45:30 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/11/24 07:45:30 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/11/24 07:41:01 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys [2011/11/23 23:54:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/11/23 21:39:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Speedsta\Desktop\OTL.exe [2011/11/23 21:38:33 | 000,000,000 | ---- | M] () -- C:\Users\Speedsta\defogger_reenable [2011/11/23 20:59:42 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2011/11/23 20:56:31 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011/11/23 20:35:49 | 000,000,432 | ---- | M] () -- C:\ProgramData\XJMrCJFIlZfXWo [2011/11/23 20:35:44 | 000,000,312 | ---- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWo [2011/11/23 20:35:43 | 000,000,232 | ---- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWor [2011/11/23 20:19:22 | 000,056,661 | ---- | M] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe [2011/11/21 22:38:40 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2011/11/21 22:38:40 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2011/11/19 09:50:13 | 000,715,220 | ---- | M] () -- C:\Users\Speedsta\Desktop\Swissvax-CarCare-KundenFlyer.pdf [2011/11/16 13:34:28 | 000,000,126 | ---- | M] () -- C:\Users\Speedsta\Desktop\.~lock.Korrigierte Emails.ods# [2011/11/11 14:12:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011/11/11 13:45:53 | 000,009,065 | ---- | M] () -- C:\Users\Speedsta\Desktop\Gemeinden angeschrieben.ods [2011/11/11 13:32:09 | 000,771,830 | ---- | M] () -- C:\Users\Speedsta\Desktop\Korrigierte Emails.ods [2011/11/11 09:51:50 | 000,007,615 | ---- | M] () -- C:\Users\Speedsta\AppData\Local\Resmon.ResmonCfg [2011/11/11 09:33:51 | 002,213,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys ========== Files Created - No Company Name ========== [2011/11/25 10:42:49 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/23 23:47:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/11/23 23:47:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/11/23 23:47:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/11/23 23:47:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/11/23 23:47:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/11/23 23:46:04 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2011/11/23 21:38:33 | 000,000,000 | ---- | C] () -- C:\Users\Speedsta\defogger_reenable [2011/11/23 20:56:31 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011/11/23 20:30:48 | 000,000,312 | ---- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWo [2011/11/23 20:30:48 | 000,000,232 | ---- | C] () -- C:\ProgramData\~XJMrCJFIlZfXWor [2011/11/23 20:30:43 | 000,000,432 | ---- | C] () -- C:\ProgramData\XJMrCJFIlZfXWo [2011/11/23 20:19:18 | 000,056,661 | ---- | C] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe [2011/11/19 09:50:13 | 000,715,220 | ---- | C] () -- C:\Users\Speedsta\Desktop\Swissvax-CarCare-KundenFlyer.pdf [2011/11/16 13:34:28 | 000,000,126 | ---- | C] () -- C:\Users\Speedsta\Desktop\.~lock.Korrigierte Emails.ods# [2011/11/11 13:45:52 | 000,009,065 | ---- | C] () -- C:\Users\Speedsta\Desktop\Gemeinden angeschrieben.ods [2011/11/11 09:51:50 | 000,007,615 | ---- | C] () -- C:\Users\Speedsta\AppData\Local\Resmon.ResmonCfg [2011/05/12 21:37:44 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/05/12 21:37:44 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2010/12/23 22:15:47 | 000,000,027 | ---- | C] () -- C:\Windows\BarCode.ini [2010/12/23 22:14:43 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Rydll32.dll [2010/12/23 22:12:29 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/04/11 12:32:47 | 000,267,890 | ---- | C] () -- C:\Windows\hpwins22.dat.temp [2010/04/11 12:31:11 | 000,083,526 | ---- | C] () -- C:\Windows\hpqins13.dat [2010/03/04 17:40:38 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp [2010/03/02 17:36:11 | 000,267,291 | ---- | C] () -- C:\Windows\hpwins22.dat [2010/03/02 17:36:11 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat [2009/12/30 14:35:58 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe [2009/12/30 14:35:45 | 000,777,728 | ---- | C] () -- C:\Windows\SysWow64\SSLSVC.DLL [2009/12/30 14:35:45 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lang_cfml.dll [2009/12/30 14:35:45 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2009/12/30 14:35:45 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\cfmsg.dll [2009/12/30 14:35:45 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2009/12/30 14:35:45 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\xml_datagrove.dll [2009/12/21 15:56:01 | 000,009,391 | ---- | C] () -- C:\Windows\SysWow64\dymourl.ini [2009/12/21 15:48:28 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini [2009/12/21 15:45:14 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\DYMOCFG.DLL [2009/12/14 09:58:26 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi [2009/12/08 10:09:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/12/06 19:34:21 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009/12/06 19:26:39 | 000,067,584 | ---- | C] () -- C:\Windows\unlite2.exe [2009/12/01 00:31:47 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009/12/01 00:07:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2009/12/01 00:07:33 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2009/07/29 06:21:06 | 000,000,223 | ---- | C] () -- C:\ProgramData\setwallpaper.cmd [2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/04/08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008/12/02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2008/05/22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg [2006/02/18 09:16:04 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SlpApi42.dll ========== LOP Check ========== [2011/06/01 07:21:47 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\.Kanton ZH [2011/07/28 09:02:27 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Firelab [2011/08/15 10:30:22 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Gomez [2009/12/08 10:02:54 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\gtk-2.0 [2011/11/23 21:17:47 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\ICQ [2010/09/07 13:50:00 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de) [2009/12/07 11:48:29 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Leadertech [2009/12/06 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\OpenOffice.org [2009/12/18 14:34:51 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Scan2PDF [2009/12/07 15:44:39 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Smart Label Printer [2010/08/29 18:45:49 | 000,000,000 | ---D | M] -- C:\Users\Speedsta\AppData\Roaming\Thunderbird [2010/02/27 10:04:40 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11/25/2011 1:14:07 PM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Speedsta\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 54.96% Memory free 8.00 Gb Paging File | 5.63 Gb Available in Paging File | 70.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.11 Gb Total Space | 383.48 Gb Free Space | 85.01% Space Free | Partition Type: NTFS Drive E: | 7.39 Gb Total Space | 7.28 Gb Free Space | 98.49% Space Free | Partition Type: FAT32 Computer Name: SPEEDSTA-ASUS | User Name: Speedsta | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid "{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety "{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit) "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{64A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26 (64-bit) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{D42F84B6-3709-4A50-8502-6719D16AE6C8}" = SRS Premium Sound Control Panel "{D850BEF5-67AF-4071-9538-FA9AC725D62C}" = Officejet Pro 8500 A909 Series "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "NVIDIA Drivers" = NVIDIA Drivers "Shop for HP Supplies" = Shop for HP Supplies "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{{4E8FFAB1-88FA-4A8C-B611-08C2C9DD69F3}_is1" = NinjaLite 4.0.1 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini "{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager "{345AE244-BCF5-439E-B301-15E339BEC536}" = Smart Label Printer 6.6 "{3699BC50-DA7B-4DA7-BB43-2981C9178FAD}" = UFO Aftermath "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{47AF4245-CD81-4353-BFC0-0A21A6EF483A}" = UFO Afterlight "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{639555DF-952A-4161-97F6-AB9807E421D7}" = UFO Aftershock "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+ "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware "{936B421E-70D6-43B1-AC08-A079EE4DAE68}" = PSP ISO Compressor "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{A16656CE-4B17-4484-A13F-22B9500E5223}" = Fast Boot "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch "{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help "{B8934332-6BD6-4736-9898-DBFE80AC0468}" = Falk Navi-Manager "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4A0BDDA-04B9-44BD-A28E-7E2F7C9E1092}" = GameShadow "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D37B24D2-D4F8-40ED-A8D4-0D03F56D6838}" = Falk Navi-Manager "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DFE506AB-DDEA-4C94-BDE0-C26F4B21C71A}" = Falk Navi-Manager "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Android SDK Tools" = Android SDK Tools "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Banana Buchhaltung 4.0" = Banana Buchhaltung 4.0 "Best of Amiga Classix" = Best of Amiga Classix 1.0 "DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox "DYMO Label Software" = DYMO Label Software "ICQToolbar" = ICQ Toolbar "InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de) "Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1) "Naviextras Toolbox" = Naviextras Toolbox "OpenAL" = OpenAL "Pocket UFO_is1" = Pocket UFO V1.26 "Private Tax 2009" = Private Tax 2009 "Private Tax 2010" = Private Tax 2010 "Scan2PDF_is1" = Scan2PDF 1.6 "TopStyle Lite (Version 2)" = TopStyle Lite (Version 2) "TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0) "VLC media player" = VLC media player 1.0.3 "WBFS Manager 3.0" = WBFS Manager 3.0 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10/15/2011 7:30:59 PM | Computer Name = Speedsta-Asus | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 10/18/2011 2:31:24 AM | Computer Name = Speedsta-Asus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: NinjaLi.exe, Version: 4.9.7.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: mpcore.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e95b76e Ausnahmecode: 0xc0000005 Fehleroffset: 0x090142f0 ID des fehlerhaften Prozesses: 0xd24 Startzeit der fehlerhaften Anwendung: 0x01cc8ca7e9af989c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NinjaLite\NinjaLite\NinjaLi.exe Pfad des fehlerhaften Moduls: mpcore.dll Berichtskennung: cc3f51eb-f952-11e0-bbb6-002243d37f6f Error - 10/18/2011 10:09:18 AM | Computer Name = Speedsta-Asus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: NinjaLi.exe, Version: 4.9.7.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: mpcore.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e95b76e Ausnahmecode: 0xc0000005 Fehleroffset: 0x08c942f0 ID des fehlerhaften Prozesses: 0xb74 Startzeit der fehlerhaften Anwendung: 0x01cc8d7463bd99b1 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NinjaLite\NinjaLite\NinjaLi.exe Pfad des fehlerhaften Moduls: mpcore.dll Berichtskennung: c462ea98-f992-11e0-bbb6-002243d37f6f Error - 10/18/2011 1:47:06 PM | Computer Name = Speedsta-Asus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c8f9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000028359 ID des fehlerhaften Prozesses: 0x5b8 Startzeit der fehlerhaften Anwendung: 0x01cc8b40e410be91 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 31903895-f9b1-11e0-bbb6-002243d37f6f Error - 10/19/2011 3:25:19 AM | Computer Name = Speedsta-Asus | Source = GomezFFAgent | ID = 4096 Description = Error - 10/24/2011 2:47:59 PM | Computer Name = Speedsta-Asus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c8f9 Ausnahmecode: 0xc0000420 Fehleroffset: 0x00000000000c40f2 ID des fehlerhaften Prozesses: 0x18e8 Startzeit der fehlerhaften Anwendung: 0x01cc8de24c7c1ef7 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: b16c5c3b-fe70-11e0-bbb6-002243d37f6f Error - 10/29/2011 6:48:57 AM | Computer Name = Speedsta-Asus | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 10/29/2011 8:30:39 AM | Computer Name = Speedsta-Asus | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 11/2/2011 3:51:27 AM | Computer Name = Speedsta-Asus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144 Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9ab Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000013d28 ID des fehlerhaften Prozesses: 0x1458 Startzeit der fehlerhaften Anwendung: 0x01cc9731c99bb824 Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHLWAPI.dll Berichtskennung: 77cff16e-0527-11e1-bbc5-002243d37f6f Error - 11/2/2011 6:21:35 AM | Computer Name = Speedsta-Asus | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. [ System Events ] Error - 8/13/2010 3:46:35 AM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10016 Description = Error - 8/25/2010 12:18:11 PM | Computer Name = Speedsta-Asus | Source = Service Control Manager | ID = 7030 Description = Der Dienst "ICQ Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 8/25/2010 12:18:12 PM | Computer Name = Speedsta-Asus | Source = Service Control Manager | ID = 7030 Description = Der Dienst "ICQ Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 9/3/2010 5:12:36 PM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10016 Description = Error - 9/18/2010 1:40:55 PM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10016 Description = Error - 10/11/2010 4:34:03 PM | Computer Name = Speedsta-Asus | Source = Service Control Manager | ID = 7030 Description = Der Dienst "Lavasoft Ad-Aware Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 10/11/2010 4:37:18 PM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10010 Description = Error - 10/11/2010 4:39:43 PM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10016 Description = Error - 10/15/2010 10:55:08 AM | Computer Name = Speedsta-Asus | Source = DCOM | ID = 10016 Description = Error - 10/16/2010 10:44:31 AM | Computer Name = Speedsta-Asus | Source = bowser | ID = 8003 Description = < End of report > 6. Code:
ATTFilter Ad-Aware Lavasoft Limited 22.11.2011 34.1MB 9.6.0 Adobe Color Common Settings Adobe Systems Incorporated 25.07.2010 9.20MB 1.0.1 Adobe Download Manager NOS Microsystems Ltd. 06.12.2009 1.6.2.49 Adobe ExtendScript Toolkit 2 Adobe Systems Incorporated 25.07.2010 16.4MB 2.0.2 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 20.06.2011 6.00MB 10.3.181.26 Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 10.11.2011 6.00MB 11.1.102.55 Adobe Photoshop CS3 Adobe Systems Incorporated 29.12.2009 1'085MB 10.0 Adobe Reader 9.4.5 - Deutsch Adobe Systems Incorporated 26.07.2011 164.9MB 9.4.5 Alcor Micro USB Card Reader Alcor Micro Corp. 29.11.2009 2.87MB 1.2.17.25001 Android SDK Tools Google Inc. 07.10.2011 1.13 ASUS AI Recovery ASUS 29.11.2009 2.89MB 1.0.5 ASUS CopyProtect ASUS 29.11.2009 3.62MB 1.0.0015 ASUS Data Security Manager ASUS 29.11.2009 15.1MB 1.00.0013 ASUS FancyStart ASUSTeK Computer Inc. 29.11.2009 10.5MB 1.0.6 ASUS LifeFrame3 ASUS 29.11.2009 27.7MB 3.0.20 ASUS Live Update ASUS 29.11.2009 2.5.8 ASUS MultiFrame ASUS 30.11.2009 1.0.0019 ASUS Power4Gear Hybrid ASUS 29.11.2009 10.8MB 1.1.20 ASUS SmartLogon ASUS 29.11.2009 10.9MB 1.0.0007 ASUS Splendid Video Enhancement Technology ASUS 29.11.2009 24.4MB 1.02.0028 ASUS Virtual Camera asus 29.11.2009 3.12MB 1.0.18 Asus_Camera_ScreenSaver ASUS 30.11.2009 2.0.0008 Atheros Client Installation Program Atheros 29.11.2009 7.0 Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 29.11.2009 1.0.0.10 ATK Generic Function Service ATK 29.11.2009 1.00.0008 ATK Hotkey ASUS 29.11.2009 5.75MB 1.0.0052 ATK Media ASUS 29.11.2009 0.18MB 2.0.0005 ATKOSD2 ASUS 29.11.2009 8.08MB 7.0.0005 Avira AntiVir Personal - Free Antivirus Avira GmbH 12.10.2011 76.9MB 10.2.0.704 Banana Buchhaltung 4.0 Banana.ch SA 06.12.2009 Banana Buchhaltung 4.0 Best of Amiga Classix 1.0 Magnussoft 19.12.2009 1.0 CardRecovery 5.30 WinRecovery Software 06.11.2010 CCleaner Piriform 24.11.2011 3.12 ControlDeck ASUS 29.11.2009 1.77MB 1.0.1 DreamBoxEdit -- The one and only settings editor for your Dreambox 31.12.2010 DYMO Label Software 20.12.2009 ETDWare PS/2-x64 7.0.5.7_WHQL 29.11.2009 Express Gate DeviceVM, Inc. 29.11.2009 382MB 1.2.13.16 Falk Navi-Manager Falk Navigation GmbH 13.12.2009 2.2.2 Fast Boot ASUS 29.11.2009 1.55MB 1.0.0 GameShadow GameShadow Ltd 26.12.2009 12.2MB 2.04.0000 HP Customer Participation Program 13.0 HP 01.03.2010 13.0 HP Document Manager 2.0 HP 01.03.2010 2.0 HP Imaging Device Functions 13.0 HP 01.03.2010 13.0 HP Photosmart Essential 3.5 HP 10.04.2010 3.5 HP Smart Web Printing 4.51 HP 01.03.2010 4.51 HP Solution Center 13.0 HP 01.03.2010 13.0 HP Update Hewlett-Packard 01.03.2010 3.73MB 4.000.011.006 ICQ Toolbar ICQ 24.08.2010 3.0.0 ICQ7.2 ICQ 24.08.2010 7.2 Ipswitch WS_FTP 12 Ipswitch 05.12.2009 12.0 Java(TM) 6 Update 24 Sun Microsystems, Inc. 05.12.2009 97.7MB 6.0.240 Java(TM) 6 Update 26 (64-bit) Oracle 20.06.2011 91.6MB 6.0.260 Java(TM) SE Development Kit 6 Update 26 (64-bit) Oracle 20.06.2011 132.8MB 1.6.0.260 Macromedia HomeSite+ 29.12.2009 Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 24.11.2011 13.8MB 1.51.2.1300 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 27.06.2010 1.72MB 3.1.0000 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 12.10.2010 0.21MB 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 29.06.2010 0.20MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 23.04.2011 0.77MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 23.04.2011 0.58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10.10.2010 0.77MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.06.2011 0.77MB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.12.2009 0.58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0.59MB 9.0.30729.6161 Mozilla Firefox 7.0.1 (x86 de) Mozilla 17.10.2011 33.3MB 7.0.1 Mozilla Thunderbird (7.0.1) Mozilla 14.10.2011 7.0.1 (de) MPM Hewlett-Packard 01.03.2010 0.14MB 1.00.0000 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.12.2009 1.28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 15.12.2009 1.33MB 4.20.9876.0 Naviextras Toolbox NNG Llc. 16.09.2011 3.1.0.25401 Naviextras Toolbox Prerequesities NNG Llc. 16.09.2011 2.17MB 1.0.0 NinjaLite 4.0.1 Global IP Telecommunications Ltd. 11.10.2011 38.6MB 4 NVIDIA Drivers NVIDIA Corporation 29.11.2009 1.4 OCR Software by I.R.I.S. 13.0 HP 01.03.2010 13.0 Officejet Pro 8500 A909 Series HP 01.03.2010 13.0 OpenAL 26.12.2009 OpenOffice.org 3.1 OpenOffice.org 05.12.2009 370MB 3.1.9420 Pocket UFO V1.26 SMK Software 21.05.2010 Private Tax 2009 Abraxas Informatik AG 21.05.2010 1.1.7.545 Private Tax 2010 Abraxas Informatik AG 30.05.2011 1.1.3.584 PSP ISO Compressor danny_kay1710 29.05.2010 2.55MB 1.3.0 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 29.11.2009 6.0.1.5904 Scan2PDF 1.6 Koma-Code 17.12.2009 Shop for HP Supplies HP 01.03.2010 13.0 Smart Label Printer 6.6 Ihr Firmenname 06.12.2009 12.7MB 6.6.0365 SRS Premium Sound Control Panel SRS Labs, Inc. 29.11.2009 1.59MB 1.07.0100 TopStyle Lite (Version 2) 05.12.2009 TopStyle Lite (Version 3.0) Bradbury Software, LLC 29.12.2009 3.1.0 UFO Afterlight 26.12.2009 1.5 UFO Aftermath 26.12.2009 1.4 UFO Aftershock 26.12.2009 1.0 VLC media player 1.0.3 VideoLAN Team 05.12.2009 1.0.3 WBFS Manager 3.0 AlexDP 04.07.2010 3.0 WIDCOMM Bluetooth Software Broadcom Corporation 29.11.2009 144.3MB 6.2.0.9600 Windows Live Anmelde-Assistent Microsoft Corporation 27.06.2010 1.94MB 5.000.818.5 Windows Live Essentials Microsoft Corporation 27.06.2010 14.0.8117.0416 Windows Live Sync Microsoft Corporation 27.06.2010 2.79MB 14.0.8117.416 Windows Live-Uploadtool Microsoft Corporation 27.06.2010 0.22MB 14.0.8014.1029 Windows Mobile-Gerätecenter Microsoft Corporation 06.12.2009 27.4MB 6.1.6965.0 WinFlash ASUS 29.11.2009 1.29MB 2.26.0 WinRAR 09.12.2009 Wireless Console 3 ASUS 29.11.2009 2.43MB 3.0.10 |
25.11.2011, 19:40 | #8 | |||
/// Helfer-Team | Ebenfalls System Fix eingefangen, Windoof 7 64 Punkt 1 (Unhide) ausgeführt?: Zitat:
Deine Javaversion ist nicht aktuell! → Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 2. Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten! falls noch existierendeinstalliere: Zitat:
Java(TM) 6 Update 26 3. Zitat:
Code:
ATTFilter :OTL IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "http://start.icq.com/" FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q=" [2011/11/22 14:42:39 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-1.xml [2011/10/12 21:32:41 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-10.xml [2011/10/15 16:57:34 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-11.xml [2011/10/18 07:33:07 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-12.xml [2011/11/11 09:37:45 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-13.xml [2011/11/11 13:53:34 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-14.xml [2011/11/24 08:50:05 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-15.xml [2010/12/17 08:51:47 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-2.xml [2010/12/23 22:32:14 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-3.xml [2011/04/16 13:38:46 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-4.xml [2011/05/12 06:51:41 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-5.xml [2011/05/13 20:33:23 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-6.xml [2011/05/14 18:12:28 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-7.xml [2011/07/13 19:36:33 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-8.xml [2011/08/14 18:04:12 | 000,000,950 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin-9.xml [2010/09/16 07:21:37 | 000,001,056 | ---- | M] () -- C:\Users\Speedsta\AppData\Roaming\Mozilla\Firefox\Profiles\laevukul.default\searchplugins\icqplugin.xml [2011/10/18 07:32:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/18 07:32:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKCU..\Run: [ICQ] "C:\PROGRA~2\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present [2011/11/23 20:56:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011/11/23 20:35:49 | 000,000,432 | ---- | M] () -- C:\ProgramData\XJMrCJFIlZfXWo [2011/11/23 20:35:44 | 000,000,312 | ---- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWo [2011/11/23 20:35:43 | 000,000,232 | ---- | M] () -- C:\ProgramData\~XJMrCJFIlZfXWor [2011/11/23 20:19:22 | 000,056,661 | ---- | M] () -- C:\Users\Speedsta\Desktop\0.9019126404538498.exe [2011/11/23 20:56:31 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk :Commands [purity] [REBOOT]
6.
7. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 8. erneut einen Scan mit OTL:
► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (25.11.2011 um 19:53 Uhr) |
Themen zu Ebenfalls System Fix eingefangen, Windoof 7 64 |
ad-aware, antivir, autorun, avira, bho, bonjour, c:\windows\system32\rundll32.exe, defender, desktop, explorer, firefox, format, google, home, logfile, mozilla thunderbird, nvidia, plug-in, programme, realtek, registry, required, rundll, scan, security, software, system, webcheck, windows, winlogon.exe |