|
Log-Analyse und Auswertung: Windows Security Center - gesperrt - Angeblich unlizensierte SoftwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.02.2012, 15:26 | #1 |
| Windows Security Center - gesperrt - Angeblich unlizensierte Software Hallo zusammen, habe hier auf dem Board schon des öfteren von diesem Problem gelesen. Nun hat es mich beim surfen leider auch erwischt. Obwohl ich eine externe internet security software nutze. Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.02.2012 14:57:51 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\**\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 82,60% Memory free 7,99 Gb Paging File | 7,35 Gb Available in Paging File | 91,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,05 Gb Total Space | 14,49 Gb Free Space | 5,06% Space Free | Partition Type: NTFS Drive D: | 12,04 Gb Total Space | 1,88 Gb Free Space | 15,61% Space Free | Partition Type: NTFS Computer Name: **-PC | User Name: ** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{050A0D31-6B33-4137-ADE5-C0896E5FA98D}_is1" = TuneGet 1.3.5 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst "{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{34b2530c-6349-4292-9dc3-60bda4aed93d}" = Python 3.2.1 (64-bit) "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1" = RipTiger 2.7.9 "{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64 "{B667020E-A9D9-4E75-BDDE-A03E0FB96062}" = Oracle VM VirtualBox 3.2.4 "{C289183E-1DD8-42FA-8DFE-94F61ED1CFA3}_is1" = LuxRender 0.8 x64 OpenCL "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Blender" = Blender "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1F3A9498-0F8F-43B1-97A9-5B809A99AA0A}" = ArcSoft Panorama Maker 4 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV "{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}" = EasyFit "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22 "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{2EE6D53B-957E-48d1-801B-0B7DE81BACED}_is1" = RipTiger Extras 3.0.6 "{2F1F98D4-30F0-44FA-963C-DF8127B98B4D}" = Panda Internet Security 2010 "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{3118E461-1976-4F6A-97B4-B655F3AAB263}" = Wertpapieranalyse 2009 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2 "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{4BC14A37-586A-4AB3-A458-874AAE29337C}" = Adobe Setup "{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}" = Quicken 2010 - Servicepack 5 "{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010 "{50DFE454-6234-4BEB-BADF-0571CB9D2F13}" = AudialsOne "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book "{568161BB-4D77-4534-AB92-55040CD92798}" = Panda Internet Security 2010 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service "{5A33744D-33F5-451A-9CB0-2FE49EE3809C}" = ChemOffice Ultra 2004 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A2031E0-69DA-4751-BCC3-DB429D5A8C9E}" = MAGIX Speed burnR (MSI) "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}" = Lexware online banking "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{763231D7-2E4E-44D6-8FC2-6A0C7EDCE3B6}" = DDBAC "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{7DA9F24A-CEC3-426E-BFFA-ADB94D922463}" = Quicken Import Export Server 2010 "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EEDDF6F-7FA2-4C7F-B4AC-88211EF46B04}" = MAGIX Screenshare "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1" = Free Video Cutter 1.1 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse "{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints "{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F8FDE1A-FA91-43F2-887B-CF080156D57E}" = Adobe Setup "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10 "{AC17FA6B-5B8D-46B6-A2F2-5A1B8DC5DB1B}" = GS-Sport Training Gym "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B075736D-BB6B-4653-A8BC-77C641CADD3B}" = AudialsOne USB "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B338F364-B396-48DF-8E38-29840232CF3D}" = MAGIX Video deluxe 17 Plus "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com "{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{D5B8BDC3-3D44-429C-9AA5-8BA289F45741}_is1" = DAVID-Laserscanner 2.6.3 "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}" = ArcSoft Photo Book Screen Saver "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page "{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1 "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{EC68232E-C74E-4F1A-B296-DFD2E1944E10}" = Adobe Setup "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{F03EC055-F34E-4F6B-A684-8A370E11A304}" = ArcSoft Print Creations "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "1StepDVDCopy" = 1Step DVD Copy 1.3.1 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe_0b36ff97a89684768f1da4defc9f237" = Adobe Encore CS4 Codecs "Adobe_5eba9bbdf1514a06b1a4c79a2920188" = Adobe Media Encoder CS4 Exporter "Adobe_6e02d32c7e5a9d9fc86bc91618cafda" = Adobe Premiere Pro CS4 Third Party Content "Adobe_7774cb1e022c49962995a9014500066" = Adobe Media Encoder CS4 Importer "Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection "Advanced SystemCare 4_is1" = Advanced SystemCare 4 "Akamai" = Akamai NetSession Interface Service "AnVir Task Manager Free" = AnVir Task Manager Free "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode) "AudibleDownloadManager" = Audible Download Manager "AudibleManager" = AudibleManager "Avidemux 2.5" = Avidemux 2.5 "Browser Defender_is1" = Browser Defender 4.0 "CadFaster|QuickStep_is1" = CadFaster|QuickStep 2009 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0 "Dia" = Dia (nur entfernen) "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Edraw Max_is1" = Edraw Max 4 "Edraw Mind Map_is1" = Edraw Mind Map V4 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVE" = EVE Online (remove only) "EVEMon" = EVEMon "FastStone Image Viewer" = FastStone Image Viewer 4.1 Beta "ffdshow_is1" = ffdshow [rev 1972] [2008-05-24] "FileZilla Client" = FileZilla Client 3.3.1 "FLVCodec" = PlayFLV "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0 "Glary Utilities_is1" = Glary Utilities 2.18.0.786 "Google Chrome" = Google Chrome "InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken Deluxe 2010 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.0.0 "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "MAGIX 3D Maker D" = MAGIX 3D Maker (embeded) "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX Speed burnR D" = MAGIX Speed burnR "MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 "MAGIX_MSI_Videodeluxe17_plus" = MAGIX Video deluxe 17 Plus "McAfee Security Scan" = McAfee Security Scan "MediaMonkey_is1" = MediaMonkey 3.2 "Miranda IM" = Miranda IM 0.8.12 "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1) "Picasa 3" = Picasa 3 "Protect Disc License Helper" = Protect Disc License Helper 1.0.118 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "RealPlayer 12.0" = RealPlayer "Rmtablet" = Pen Pad Driver with Macro Key Manager "Smart Defrag 2_is1" = Smart Defrag 2 "SoundTaxi_is1" = SoundTaxi 3.9.5 "Spyware Doctor" = PC Tools Internet Security 9.0 "Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™ "Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™ "STMediaSuite" = SoundTaxi Media Suite 3.9.5 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "VLC media player" = VLC media player 1.0.3 "VMware_Player" = VMware Player "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.0.2 "XMedia Recode" = XMedia Recode 3.0.6.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "6a3b9aee8dca014d" = EveTrader "Akamai" = Akamai NetSession Interface "Dropbox" = Dropbox "FoxTab Music Converter" = FoxTab Music Converter "Sansa Updater" = Sansa Updater "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21.01.2012 18:38:25 | Computer Name = **-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Name des fehlerhaften Moduls: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017f3b ID des fehlerhaften Prozesses: 0xdc Startzeit der fehlerhaften Anwendung: 0x01ccd88d591777c9 Pfad der fehlerhaften Anwendung: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Berichtskennung: a13e53fa-4480-11e1-8d06-9b96465e624c Error - 23.01.2012 02:58:18 | Computer Name = **-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Name des fehlerhaften Moduls: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017f3b ID des fehlerhaften Prozesses: 0x114 Startzeit der fehlerhaften Anwendung: 0x01ccd99c59932d88 Pfad der fehlerhaften Anwendung: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Berichtskennung: a074c893-458f-11e1-bd2a-efa86421134c Error - 23.01.2012 08:45:27 | Computer Name = **-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Name des fehlerhaften Moduls: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017f3b ID des fehlerhaften Prozesses: 0x3ec Startzeit der fehlerhaften Anwendung: 0x01ccd9ccd8208b3f Pfad der fehlerhaften Anwendung: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Berichtskennung: 1fb4adf1-45c0-11e1-ae08-967fbe96dd4c Error - 24.01.2012 12:37:15 | Computer Name = **-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 16.0.912.75, Zeitstempel: 0x4f054b76 Name des fehlerhaften Moduls: chrome.dll, Version: 16.0.912.75, Zeitstempel: 0x4f054b25 Ausnahmecode: 0x80000003 Fehleroffset: 0x001414f9 ID des fehlerhaften Prozesses: 0x17e4 Startzeit der fehlerhaften Anwendung: 0x01ccda5999968e38 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\chrome.dll Berichtskennung: ac25d70a-46a9-11e1-ae08-e19f56e07ada Error - 25.01.2012 13:42:55 | Computer Name = **-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Name des fehlerhaften Moduls: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017f3b ID des fehlerhaften Prozesses: 0x130 Startzeit der fehlerhaften Anwendung: 0x01ccdb88bbb547e4 Pfad der fehlerhaften Anwendung: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Berichtskennung: 029f8db6-477c-11e1-9097-ace481c48b4a Error - 28.01.2012 09:30:01 | Computer Name = **-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Name des fehlerhaften Moduls: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017f3b ID des fehlerhaften Prozesses: 0x130 Startzeit der fehlerhaften Anwendung: 0x01ccddc0e64b81e5 Pfad der fehlerhaften Anwendung: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Berichtskennung: 2d58a1f2-49b4-11e1-b1fc-ea9e5ffb864c Error - 29.01.2012 07:41:50 | Computer Name = **-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 12.0.6557.5001, Zeitstempel: 0x4db1d555 Name des fehlerhaften Moduls: SMOutlookToolbar.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ce0bedb Ausnahmecode: 0xc0000005 Fehleroffset: 0x060e8b4a ID des fehlerhaften Prozesses: 0x1704 Startzeit der fehlerhaften Anwendung: 0x01ccde7aedb7dc4b Pfad der fehlerhaften Anwendung: C:\PROGRA~2\MICROS~1\Office12\OUTLOOK.EXE Pfad des fehlerhaften Moduls: SMOutlookToolbar.dll Berichtskennung: 3ad0219e-4a6e-11e1-b1fc-d17a3e899471 Error - 29.01.2012 09:31:40 | Computer Name = **-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Name des fehlerhaften Moduls: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017f3b ID des fehlerhaften Prozesses: 0x3e4 Startzeit der fehlerhaften Anwendung: 0x01ccde8a4a75ea04 Pfad der fehlerhaften Anwendung: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Berichtskennung: 931a52c8-4a7d-11e1-8f8f-a905eac69b71 Error - 02.02.2012 10:13:53 | Computer Name = **-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab86 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000cea27 ID des fehlerhaften Prozesses: 0x758 Startzeit der fehlerhaften Anwendung: 0x01ccde8a6690cefd Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 22345301-4da8-11e1-8f8f-c558843e94b0 Error - 02.02.2012 12:53:07 | Computer Name = **-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Name des fehlerhaften Moduls: STacSV64.exe, Version: 1.0.6225.0, Zeitstempel: 0x4a664835 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017f3b ID des fehlerhaften Prozesses: 0x3e4 Startzeit der fehlerhaften Anwendung: 0x01cce1cb188a8670 Pfad der fehlerhaften Anwendung: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe Berichtskennung: 614b9e47-4dbe-11e1-ad4c-d67ccabb6471 [ Media Center Events ] Error - 04.02.2010 12:50:39 | Computer Name = **-PC | Source = MCUpdate | ID = 0 Description = 17:50:39 - Fehler beim Herstellen der Internetverbindung. 17:50:39 - Serververbindung konnte nicht hergestellt werden.. Error - 04.02.2010 12:50:47 | Computer Name = **-PC | Source = MCUpdate | ID = 0 Description = 17:50:44 - Fehler beim Herstellen der Internetverbindung. 17:50:44 - Serververbindung konnte nicht hergestellt werden.. Error - 04.02.2010 13:50:52 | Computer Name = **-PC | Source = MCUpdate | ID = 0 Description = 18:50:52 - Fehler beim Herstellen der Internetverbindung. 18:50:52 - Serververbindung konnte nicht hergestellt werden.. Error - 04.02.2010 13:51:02 | Computer Name = **-PC | Source = MCUpdate | ID = 0 Description = 18:50:57 - Fehler beim Herstellen der Internetverbindung. 18:50:57 - Serververbindung konnte nicht hergestellt werden.. Error - 04.02.2010 14:51:21 | Computer Name = **-PC | Source = MCUpdate | ID = 0 Description = 19:51:21 - Fehler beim Herstellen der Internetverbindung. 19:51:21 - Serververbindung konnte nicht hergestellt werden.. Error - 04.02.2010 14:51:34 | Computer Name = **-PC | Source = MCUpdate | ID = 0 Description = 19:51:26 - Fehler beim Herstellen der Internetverbindung. 19:51:26 - Serververbindung konnte nicht hergestellt werden.. Error - 05.02.2010 11:13:12 | Computer Name = **-PC | Source = MCUpdate | ID = 0 Description = 16:13:11 - Fehler beim Herstellen der Internetverbindung. 16:13:11 - Serververbindung konnte nicht hergestellt werden.. Error - 05.02.2010 11:13:35 | Computer Name = **-PC | Source = MCUpdate | ID = 0 Description = 16:13:17 - Fehler beim Herstellen der Internetverbindung. 16:13:17 - Serververbindung konnte nicht hergestellt werden.. Error - 14.03.2010 07:20:26 | Computer Name = **-PC | Source = MCUpdate | ID = 0 Description = 12:20:25 - Fehler beim Herstellen der Internetverbindung. 12:20:26 - Serververbindung konnte nicht hergestellt werden.. Error - 19.03.2010 01:48:50 | Computer Name = **-PC | Source = MCUpdate | ID = 0 Description = 06:48:49 - Fehler beim Herstellen der Internetverbindung. 06:48:49 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 11.07.2010 05:31:09 | Computer Name = **-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55 seconds with 0 seconds of active time. This session ended with a crash. Error - 19.10.2011 12:58:31 | Computer Name = **-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 03.02.2012 09:52:09 | Computer Name = **-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.02.2012 09:52:09 | Computer Name = **-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.02.2012 09:52:09 | Computer Name = **-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.02.2012 09:52:09 | Computer Name = **-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.02.2012 09:52:09 | Computer Name = **-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.02.2012 09:52:09 | Computer Name = **-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.02.2012 09:52:09 | Computer Name = **-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.02.2012 09:52:11 | Computer Name = **-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.02.2012 09:52:11 | Computer Name = **-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.02.2012 09:52:21 | Computer Name = **-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > OTL.TXT:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.02.2012 15:26:55 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\**\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,10 Gb Available Physical Memory | 77,66% Memory free 7,99 Gb Paging File | 7,16 Gb Available in Paging File | 89,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,05 Gb Total Space | 14,47 Gb Free Space | 5,06% Space Free | Partition Type: NTFS Drive D: | 12,04 Gb Total Space | 1,88 Gb Free Space | 15,61% Space Free | Partition Type: NTFS Computer Name: **-PC | User Name: ** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\**\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_e286960.dll () SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (AdvancedSystemCareService) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe (IObit) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CDVDService) -- C:\Program Files (x86)\1Step DVD Copy\CDVDService.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (GSService) -- C:\Windows\SysWOW64\GSService.exe () SRV - (STSService) -- C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe () SRV - (SMServer) -- C:\Windows\SysWOW64\snmvtsvc.exe (SMServer) SRV - (GHAutoDetection1) -- C:\Users\Public\Sports\GHAutoDetection.exe (SPA Computers (P) Ltd) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (MySQL1) -- C:\Users\Public\Sports\MySQL\bin\mysqld-nt.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (pctplsg) -- C:\Windows\SysNative\drivers\pctplsg64.sys (PC Tools) DRV:64bit: - (pctplfw) -- C:\Windows\SysNative\drivers\pctplfw64.sys (PC Tools) DRV:64bit: - (PCTSD) -- C:\Windows\SysNative\drivers\PCTSD64.sys (PC Tools) DRV:64bit: - (pctgntdi) -- C:\Windows\SysNative\drivers\pctgntdi64.sys (PC Tools) DRV:64bit: - (TFSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools) DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools) DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools) DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools) DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools) DRV:64bit: - (pctNdisLW64) -- C:\Windows\SysNative\drivers\pctNdisLW64.sys (PC Tools) DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools) DRV:64bit: - (PCTFW-PacketFilter) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys (PC Tools) DRV:64bit: - (PCTBD) -- C:\Windows\SysNative\drivers\PCTBD64.sys (PC Tools) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys () DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (rsvcdwdr) -- C:\Windows\SysNative\drivers\rsvcdwdr.sys (RapidSolution Software AG) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (SndTAudio) -- C:\Windows\SysNative\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd) DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 E1 AE DE 7B 8D CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421; IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Users/**/AppData/Local/RapidSolution/Mediaraptor/WebRip/profile/rrproxy_ie_4b52e134.pac ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=" FF - prefs.js..browser.bdtoolbar.orig_keyword_url: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.13 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.perrypedia.proc.org" FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:3.0.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300 FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.7 FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/**/AppData/Local/RapidSolution/Mediaraptor/WebRip/profile/rrproxy_ffox_4b52e134.pac" FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\**\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2011.03.22 01:02:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2012.02.03 13:41:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.13 18:06:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.10 18:29:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.11 16:11:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.11 16:11:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\astoolbar@pctools.com: C:\Program Files (x86)\PC Tools Security\SpamMonitor\PCTools Email Toolbars\Thunderbird\ [2012.02.03 13:42:03 | 000,000,000 | ---D | M] [2010.03.26 18:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions [2010.01.04 21:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.03.26 18:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\{ee53ece0-255c-4cc6-8a7e-81a8b6e5ba2c} [2011.12.26 13:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\jm57j5xg.default\extensions [2010.12.30 17:16:14 | 000,000,919 | ---- | M] () -- C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\jm57j5xg.default\searchplugins\conduit.xml [2010.07.20 05:46:12 | 000,005,088 | ---- | M] () -- C:\Users\**\AppData\Roaming\Mozilla\Firefox\Profiles\jm57j5xg.default\searchplugins\perrypedia-de.xml [2012.01.13 18:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.03 13:41:57 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES (X86)\PC TOOLS SECURITY\BDT\FIREFOX () (No name found) -- C:\USERS\**\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM57J5XG.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.01.13 18:06:32 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2003.04.23 18:10:48 | 006,595,792 | ---- | M] (CambridgeSoft Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\npcdp32.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.26 12:42:15 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ArcURLRecord.dll (ArcSoft, Inc.) O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\**\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [AnVir Task Manager Free] C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe (AnVir Software) O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found O4 - HKCU..\Run: [SansaDispatch] C:\Users\**\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [vasja] C:\Users\**\AppData\Local\Temp\0.017815615577183475.exe (Orb Networks) O4 - HKCU..\RunOnce: [PC Tools Security] C:\Users\**\DOWNLO~1\ISSETU~1.EXE (PC Tools) O4 - Startup: C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\**\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll () O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A4C1E5D-8A74-4A96-B983-E45F17B36DEB}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{68ffd6f1-f96a-11de-b3b3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{68ffd6f1-f96a-11de-b3b3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.03 14:56:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe [2012.02.03 13:56:31 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\PCTools [2012.02.03 13:41:57 | 000,070,760 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys [2012.02.03 13:41:30 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2012.02.03 13:41:30 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys [2012.02.03 13:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2012.02.03 13:41:29 | 000,706,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys [2012.02.03 13:41:29 | 000,065,664 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys [2012.02.03 13:41:29 | 000,041,968 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys [2012.02.03 13:41:23 | 000,077,976 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdisLW64.sys [2012.02.03 13:39:03 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\TestApp [2012.01.29 15:07:25 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\CCP [2012.01.28 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\Adobe [2012.01.28 15:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPSBabel [2012.01.28 15:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPSBabel [2012.01.28 14:36:08 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\Google [2012.01.28 14:30:45 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\Deployment [2012.01.28 14:30:18 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\AnVir [2012.01.28 14:30:17 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\Apps [2012.01.14 13:44:17 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\SWTOR [2012.01.14 13:44:16 | 000,000,000 | ---D | C] -- C:\Users\**\Documents\HeroBlade Logs [2012.01.14 10:47:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.03 14:55:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe [2012.02.03 14:51:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.03 14:50:55 | 3219,521,536 | -HS- | M] () -- C:\hiberfil.sys [2012.02.03 14:46:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.03 14:45:49 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.02.03 13:44:57 | 001,802,553 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.02.03 13:41:30 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk [2012.02.03 13:39:04 | 000,001,517 | ---- | M] () -- C:\Users\**\Desktop\issetup(1).exe.lnk [2012.02.03 13:00:14 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.02 18:03:34 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.02 18:03:34 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.29 12:39:15 | 000,301,808 | ---- | M] () -- C:\Users\**\Desktop\LH_WEBCKI.DE.STANDALONE.TiI2rvjjgAUf6EHJWXWct2.pdf [2012.01.28 15:05:09 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\GPSBabel.lnk [2012.01.26 20:20:20 | 001,619,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.26 20:20:20 | 000,700,114 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.26 20:20:20 | 000,654,786 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.26 20:20:20 | 000,148,878 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.26 20:20:20 | 000,121,658 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.16 16:28:50 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2012.01.16 16:28:48 | 002,246,608 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2012.01.16 16:28:48 | 001,681,360 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2012.01.16 16:28:28 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll [2012.01.15 20:37:27 | 000,008,578 | ---- | M] () -- C:\Users\**\.recently-used.xbel [2012.01.14 10:47:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.01.13 18:03:17 | 000,001,490 | ---- | M] () -- C:\Users\**\Desktop\Star Wars - The Old Republic.lnk [2012.01.11 16:19:34 | 000,092,896 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2012.01.11 16:19:18 | 000,181,512 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys [2012.01.11 16:19:08 | 000,230,952 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2012.01.11 16:17:50 | 000,014,776 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys [2012.01.11 16:14:48 | 000,145,432 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys [2012.01.11 16:14:42 | 000,339,608 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys [2012.01.11 14:56:12 | 000,706,776 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys [2012.01.11 14:56:10 | 000,065,664 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys [2012.01.11 14:56:10 | 000,041,968 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.03 13:41:30 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk [2012.02.03 13:39:04 | 000,001,517 | ---- | C] () -- C:\Users\**\Desktop\issetup(1).exe.lnk [2012.01.29 12:39:14 | 000,301,808 | ---- | C] () -- C:\Users\**\Desktop\LH_WEBCKI.DE.STANDALONE.TiI2rvjjgAUf6EHJWXWct2.pdf [2012.01.28 15:05:09 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\GPSBabel.lnk [2012.01.15 20:37:27 | 000,008,578 | ---- | C] () -- C:\Users\**\.recently-used.xbel [2012.01.14 10:50:29 | 000,001,490 | ---- | C] () -- C:\Users\**\Desktop\Star Wars - The Old Republic.lnk [2011.08.23 06:14:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.08.23 06:14:01 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.06.27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.04 21:04:18 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0256.old [2011.02.04 21:04:18 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.06.16 22:55:02 | 001,583,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.26 15:58:57 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2010.05.15 11:52:47 | 000,000,006 | ---- | C] () -- C:\Users\**\AppData\Roaming\userdict-csj [2010.03.26 18:14:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.02.27 14:09:32 | 000,000,083 | ---- | C] () -- C:\Windows\SysWow64\gpupdate.bin [2010.02.03 17:02:21 | 000,364,192 | ---- | C] () -- C:\Windows\SysWow64\atwtusb.exe [2010.02.03 17:02:21 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\InstallService.exe [2010.02.03 17:02:20 | 001,969,824 | ---- | C] () -- C:\Windows\SysWow64\WTMKM.exe [2010.02.03 17:02:19 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\ATWTINK.DLL [2010.02.03 17:02:19 | 000,102,048 | ---- | C] () -- C:\Windows\RmTablet.exe [2010.02.03 17:02:17 | 000,013,951 | R--- | C] () -- C:\Windows\SysWow64\Photoshop Elements.ini [2010.02.03 17:02:17 | 000,010,361 | R--- | C] () -- C:\Windows\SysWow64\PhotoImpact XL SE.ini [2010.02.03 17:02:17 | 000,007,633 | R--- | C] () -- C:\Windows\SysWow64\Vista.ini [2010.02.03 17:02:17 | 000,007,341 | R--- | C] () -- C:\Windows\SysWow64\XP_2000.ini [2010.02.03 17:02:17 | 000,000,607 | R--- | C] () -- C:\Windows\SysWow64\MKProfile.ini [2010.02.03 17:02:16 | 000,006,422 | ---- | C] () -- C:\Windows\aiptbl.ini [2010.02.02 19:50:36 | 000,012,800 | ---- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.02 18:50:11 | 000,004,937 | ---- | C] () -- C:\ProgramData\zjlbudtf.avj [2010.01.17 10:57:06 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\GSService.exe [2010.01.17 09:08:15 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.01.04 20:56:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.09.11 14:02:46 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.02.02 20:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2009.02.02 20:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2009.02.02 20:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2007.11.06 21:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll [2005.10.14 11:56:50 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll [2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2005.10.14 11:56:50 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll [2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\MMSwitch.dll [2005.10.14 11:56:48 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\MMAVILNG.exe ========== LOP Check ========== [2010.12.21 22:41:47 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Audacity [2010.02.02 19:55:50 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\avidemux [2011.07.04 19:22:38 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Azureus [2011.12.26 12:40:14 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Babylon [2011.01.27 13:59:38 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Blackberry Desktop [2010.01.15 20:49:27 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Blender Foundation [2010.01.21 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\DataDesign [2012.02.02 17:55:42 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Dropbox [2010.07.29 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Eve Market Scanner [2010.12.23 19:50:49 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\EVEMon [2010.07.29 19:35:05 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\EveTrader [2010.10.26 06:48:40 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FeRox [2011.04.07 22:28:33 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FileZilla [2010.04.28 14:05:20 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FOG Downloader [2010.04.15 10:04:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FreeCAD [2010.05.15 12:16:30 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\GlarySoft [2012.01.15 20:37:27 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\gtk-2.0 [2011.07.04 19:15:03 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\IObit [2010.01.21 17:18:55 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Lexware [2011.10.23 15:24:13 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\MAGIX [2010.01.26 14:27:34 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Miranda [2012.02.03 13:56:31 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PCTools [2011.02.04 21:09:53 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PCToolsFirewallPlus [2010.03.01 18:13:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\phonostar GmbH [2010.01.04 21:50:57 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\ProtectDisc [2010.01.15 19:54:20 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\RapidSolution [2011.01.27 13:44:43 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Research In Motion [2010.01.17 14:17:47 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\ROCCAT [2010.03.01 17:43:59 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\SanDisk [2012.02.03 13:50:18 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Spam Monitor [2010.03.26 18:14:37 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Spicebird [2012.02.03 13:39:03 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TestApp [2010.01.04 21:58:57 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Thunderbird [2010.11.28 21:20:02 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\W [2010.12.23 23:03:48 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\wargaming.net [2011.12.26 12:44:39 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\XMedia Recode [2012.02.03 14:45:49 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012.02.03 13:45:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 16 bytes -> C:\Windows\SysWow64\mswinsck32.ocx:rsrc @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > Bitte helft mir. Danke Gruß Geändert von Jufri28 (03.02.2012 um 15:43 Uhr) Grund: LOP Prüfung vergessen |
03.02.2012, 15:47 | #2 |
/// Malware-holic | Windows Security Center - gesperrt - Angeblich unlizensierte Software hi
__________________ersetze *** im script durch deinen nutzernamen, damit es funktioniert dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O4 - HKCU..\Run: [vasja] C:\Users\**\AppData\Local\Temp\0.017815615577183475.exe (Orb Networks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 :Files C:\Users\**\AppData\Local\Temp\0.017815615577183475.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Drücke bitte die + E Taste.
__________________ |
03.02.2012, 16:10 | #3 |
| Windows Security Center - gesperrt - Angeblich unlizensierte Software All processes killed
__________________========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully. C:\Users\**\AppData\Local\Temp\0.017815615577183475.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: AppData User: Default User: Default User User: ** ->Flash cache emptied: 479 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: ** ->Temp folder emptied: 16582704 bytes ->Temporary Internet Files folder emptied: 1872237 bytes ->Java cache emptied: 1641482 bytes ->FireFox cache emptied: 49563085 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3196568 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 70,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 02032012_155415 Files\Folders moved on Reboot... C:\Users\**\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
03.02.2012, 16:11 | #4 |
| Windows Security Center - gesperrt - Angeblich unlizensierte Software Vielen Dank für die Hilfe. Warum konnte der Virenscanner das nicht erkennen ?? |
03.02.2012, 17:03 | #5 |
/// Malware-holic | Windows Security Center - gesperrt - Angeblich unlizensierte Software weil ein antimalware scanner nicht alles erkennt, es gehört auch eine sichere konfiguration des pcs dazu und ein umsichtiger umgang des nutzers mit dem internet, dazu gehören zb keine illegalen streamings ansehen etc. 1. weist du noch was du zum infektions zeitpunkt gemacht hast? zb streaming seiten besucht downloads etc? falls ja, infos und links als private nachicht an mich 2. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Windows Security Center - gesperrt - Angeblich unlizensierte Software |
64-bit, adobe after effects, akamai, alternate, anvir, audacity, babylon, becker, bho, bonjour, browser, cs4/contributeieplugin.dll, curse, downloader, email, entfernen, error, firefox, flash player, google chrome, home, hängen, install.exe, iobit, langs, lexware, logfile, microsoft office word, mozilla thunderbird, mp3, ntdll.dll, office 2007, picasa, pixel, plug-in, problem, realtek, registry, scan, search the web, security, security scan, security update, senden, software, svchost.exe, systemcare, teamspeak, third party, version=1.0, virtualbox, webcheck, windows |