| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SystemCheck - falsches Tools - Virus oder Malware??Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.03.2012, 12:02
| #16 |
| /// Malwareteam    |  SystemCheck - falsches Tools - Virus oder Malware?? Schritt 1: Adobe Flash Player update Dein Flash-Player ist veraltet. Da gerade diese Software gerne von Schädlingen als Sprungbrett ins System genutzt wird, muss sie immer aktuell gehalten werden. Um den Flash Player zu aktualisieren, gehe bitte wie folgt vor:
Schritt 2: Adobe Reader update Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.
Schritt 3: Mozilla Firefox update Dein Firefox-Browser ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
Schritt 4: VLC-Player update Dein VLC-Player ist veraltet. Um ihn zu aktualisieren, gehe bitte wie folgt vor:
Schritt 5: Mozilla Thunderbird update Dein Thunderbird-Mailclient ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
Schritt 6: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
07.03.2012, 06:29
| #17 |
 | SystemCheck - falsches Tools - Virus oder Malware?? Hallo,
__________________hier das Eset-Log: C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application C:\temp\backup.zip Win32/Adware.ADON application C:\Users\ggehrau\Downloads\SoftonicDownloader38341.exe a variant of Win32/SoftonicDownloader.A application C:\Users\mathis\Desktop\MyBabylonTB.exe Win32/Toolbar.Babylon application C:\Users\mathis\Desktop\Top Secret\MyBabylonTB[1].exe Win32/Toolbar.Babylon application C:\Users\mathis\Documents\Downloads\SoftonicDownloader_fuer_battlefield-2.exe a variant of Win32/SoftonicDownloader.A application C:\Users\mathis\Downloads\ibario.exe a variant of Win32/SweetIM.B application D:\cd\pc_mag_201109\interface\contents\youtubepaket_18560\49480\files\Setup_FreeFlvConverter.exe a variant of Win32/Toolbar.Widgi application D:\download\tools\filesystem\Unlocker1.9.1-x64.exe Win32/Adware.ADON application D:\download\tools\multimedia\SoftonicDownloader_fuer_clonedvd.exe Win32/SoftonicDownloader.C application D:\download\tools\multimedia\audio\freeripmp3-setup.exe Win32/Adware.ADON application D:\download\tools\multimedia\video\Setup_FreeBurner.exe multiple threats D:\download\tools\multimedia\video\Setup_FreeFlvConverter698.exe multiple threats D:\tools\multimedia\video\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application E:\uwe_2010.zip a variant of Win32/SoftonicDownloader.A application E:\personen\uwe\sticks\uwe_vom_stick\download\tools\pdf\SoftonicDownloader38341.exe a variant of Win32/SoftonicDownloader.A application E:\tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NTCRACK.ZIP probably a variant of Win32/Hacktool.Agent.FVLPPJP trojan E:\tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NT-Crack\NTCRACK\NTCRACK.EXE probably a variant of Win32/Hacktool.Agent.FVLPPJP trojan E:\tranfer\alter_Rechner\backups\portos\Backup_alter_rechner\download\tools\multimedia\grafik\viewer\sbjv3230.zip probably a variant of Win32/Adware.Aureate application E:\tranfer\alter_Rechner\backups\portos\Backup_alter_rechner\transfair\marko.zip a variant of Win32/Adware.Ezula application E:\tranfer\alter_Rechner\eigeneDateien\Bilder\stickoma\AUTORUN.INF Win32/AutoRun.GD worm E:\tranfer\alter_Rechner\lost_and_found\lw_c_20091107\Dokumente und Einstellungen\uwe\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\4hlwm20q.default\Cache\29024463d01 Win32/RegistryBooster application E:\tranfer\bilder\stickoma\AUTORUN.INF Win32/AutoRun.GD worm F:\aa_dellbackup_uwg_do_not_delete\backup_dell.zip Win32/Adware.Toolbar.MyWebSearch application F:\aa_dellbackup_uwg_do_not_delete\backup_dell\backup_dell_20053010_3.zip Win32/Adware.Toolbar.MyWebSearch application F:\aa_dellbackup_uwg_do_not_delete\lw_c\WINDOWS\imageupdate\computerconfig.exe probably unknown NewHeur_PE virus VG, robibor |
|
07.03.2012, 09:00
| #18 | |
| /// Malwareteam | SystemCheck - falsches Tools - Virus oder Malware??Zitat:
Diese Dateien beinhalten Malware bzw. potentiell unerwünschte Software. Ich empfehle, die Dateien ungeöffnet zu löschen! Schritt 1: OTL-Fix
Code:
ATTFilter :files
C:\Users\mathis\Desktop\MyBabylonTB.exe
C:\Users\mathis\Desktop\Top Secret\MyBabylonTB[1].exe
D:\download\tools\multimedia\video\Setup_FreeBurner.exe
D:\download\tools\multimedia\video\Setup_FreeFlvConverter698.exe
E:\tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NTCRACK.ZIP
E:\tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NT-Crack\NTCRACK\NTCRACK.EXE
E:\tranfer\alter_Rechner\backups\portos\Backup_alter_rechner\download\tools\multimedia\grafik\viewer \sbjv3230.zip
E:\tranfer\alter_Rechner\backups\portos\Backup_alter_rechner\transfair\marko.zip
E:\tranfer\alter_Rechner\eigeneDateien\Bilder\stickoma\AUTORUN.INF
:COMMANDS
[emptytemp]
Schritt 2: Neues OTL-Log
__________________ |
|
07.03.2012, 10:13
| #19 |
| | SystemCheck - falsches Tools - Virus oder Malware?? Hallo, 03072012_095731.log: All processes killed ========== FILES ========== C:\Users\mathis\Desktop\MyBabylonTB.exe moved successfully. C:\Users\mathis\Desktop\Top Secret\MyBabylonTB[1].exe moved successfully. D:\download\tools\multimedia\video\Setup_FreeBurner.exe moved successfully. D:\download\tools\multimedia\video\Setup_FreeFlvConverter698.exe moved successfully. E:\tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NTCRACK.ZIP moved successfully. File move failed. E:\tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NT-Crack\NTCRACK\NTCRACK.EXE scheduled to be moved on reboot. File\Folder E:\tranfer\alter_Rechner\backups\portos\Backup_alter_rechner\download\tools\multimedia\grafik\viewer \sbjv3230.zip not found. E:\tranfer\alter_Rechner\backups\portos\Backup_alter_rechner\transfair\marko.zip moved successfully. E:\tranfer\alter_Rechner\eigeneDateien\Bilder\stickoma\AUTORUN.INF moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: frauke ->Temp folder emptied: 589 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 11369006 bytes ->Flash cache emptied: 1492 bytes User: ggehrau ->Temp folder emptied: 56551 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 11887570 bytes ->Flash cache emptied: 453 bytes User: mathis ->Temp folder emptied: 9360 bytes ->Temporary Internet Files folder emptied: 54546207 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 90290167 bytes ->Flash cache emptied: 784 bytes User: Public ->Temp folder emptied: 0 bytes User: ugehrau ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: uwe ->Temp folder emptied: 1661294 bytes ->Temporary Internet Files folder emptied: 1181541 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 144034680 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 1155 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 30564 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 3975707696 bytes Total Files Cleaned = 4.092,00 mb OTL by OldTimer - Version 3.2.35.1 log created on 03072012_095731 Files\Folders moved on Reboot... File\Folder E:\tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NT-Crack\NTCRACK\NTCRACK.EXE not found! C:\Users\uwe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... hier die olt.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.03.2012 10:04:12 - Run 7 OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\uwe\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 73,32% Memory free 15,98 Gb Paging File | 13,80 Gb Available in Paging File | 86,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200,00 Gb Total Space | 60,67 Gb Free Space | 30,34% Space Free | Partition Type: NTFS Drive D: | 500,00 Gb Total Space | 50,04 Gb Free Space | 10,01% Space Free | Partition Type: NTFS Drive E: | 400,00 Gb Total Space | 127,86 Gb Free Space | 31,97% Space Free | Partition Type: NTFS Drive F: | 162,80 Gb Total Space | 64,76 Gb Free Space | 39,78% Space Free | Partition Type: NTFS Computer Name: ATHOS | User Name: uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\uwe\Desktop\OTL.exe (OldTimer Tools) PRC - D:\browser\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Users\uwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - D:\tools\system\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - D:\tools\system\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\tools\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\tools\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\ShutDownApp\sdasvc.exe () PRC - C:\ProgramData\Microsoft\Network\umon.exe () PRC - D:\tools\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe (BinarySense Ltd.) PRC - C:\Windows\SysWOW64\cchservice.exe (Salfeld Computer) PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.) ========== Modules (No Company Name) ========== MOD - D:\browser\Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\ProgramData\Microsoft\Network\umon.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll () SRV - (MBAMService) -- D:\tools\system\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- D:\tools\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\tools\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (sda) -- C:\Windows\ShutDownApp\sdasvc.exe () SRV - (ksupmgr) -- C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (HDD & SSD access service) -- C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe (BinarySense Ltd.) SRV - (VMwareServerWebAccess) -- D:\tools\virtualisierung\vmware\VMware Server\tomcat\bin\Tomcat6.exe (Apache Software Foundation) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (vmware-converter-server) -- D:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.) SRV - (vmware-converter-agent) -- D:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (JakNDisMP) -- C:\Windows\SysNative\drivers\JakNDis.sys (Jaksta LLC) DRV:64bit: - (JakNDis) -- C:\Windows\SysNative\drivers\JakNDis.sys (Jaksta LLC) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (BlueletAudio) -- C:\Windows\SysNative\drivers\blueletaudio.sys (IVT Corporation.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.) DRV:64bit: - (BlueletSCOAudio) -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV:64bit: - (BT) -- C:\Windows\SysNative\drivers\BtNetDrv.sys (IVT Corporation.) DRV:64bit: - (VcommMgr) -- C:\Windows\SysNative\drivers\VcommMgr.sys (IVT Corporation.) DRV:64bit: - (VComm) -- C:\Windows\SysNative\drivers\VComm.sys (IVT Corporation.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (bmdrvr) -- C:\Windows\SysWOW64\drivers\bmdrvr.sys (VMware, Inc.) DRV - (vstor2-mntapi10) -- D:\tools\virtualisierung\vmware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys (VMware, Inc.) DRV - (BlueletAudio) -- C:\Windows\SysWOW64\drivers\blueletaudio.sys (IVT Corporation.) DRV - (Btcsrusb) -- C:\Windows\SysWOW64\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\SysWOW64\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\SysWOW64\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\SysWOW64\drivers\VComm.sys (IVT Corporation.) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) DRV - (FreshIO) -- D:\tools\system\FreshDiagnose\FreshIO.sys () DRV - (Aspi32) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 F5 57 DD EF 77 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "file:///E:/Liste-Server/listeserver1.html" FF - prefs.js..extensions.enabledItems: jsonview@brh.numbera.com:0.5 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13 FF - prefs.js..extensions.enabledItems: csscoverage@spaghetticoder.org:0.2.4 FF - prefs.js..extensions.enabledItems: dictlookup@arnhold.com:0.0.4 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.2 FF - prefs.js..extensions.enabledItems: historyTree@norman.solomon:1.2 FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.2.2.0 FF - prefs.js..extensions.enabledItems: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca}:2.0.5 FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:3.1.7 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.6.1 FF - prefs.js..extensions.enabledItems: {8A6C82A1-F6C9-481a-AAE7-C96444C9A754}:5.1.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1 FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.122581 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: xlt-scriptrecorder@xceptance.com:3.3.5 FF - prefs.js..extensions.enabledItems: {7eb3f691-25b4-4a85-9038-9e57e2bcd537}:0.4.4 FF - prefs.js..extensions.enabledItems: {636fd8b0-ce2b-4e00-b812-2afbe77ee899}:1.4.5 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.21 FF - prefs.js..extensions.enabledItems: {F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}:1.6.0 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1 FF - prefs.js..extensions.enabledItems: {D9CFDC5F-081E-420c-A108-A628AC2E556B}:2.0 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: capturefoxmovie@advancity.net:0.7.0 FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.8 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5 FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0 FF - prefs.js..extensions.enabledItems: {0bdb2530-7a5e-11df-93f2-0800200c9a66}:1.2.2.20101221 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94 FF - prefs.js..extensions.enabledItems: translator@zoli.bod:1.0.6 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: D:\tools\multimedia\video\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\uwe\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\uwe\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.15 14:34:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.21 21:51:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\browser\Firefox\components [2012.03.06 12:31:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\browser\Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: D:\tools\internet\mail\thunderbird\components [2012.03.06 12:43:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: D:\tools\internet\mail\thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.21 21:51:08 | 000,000,000 | ---D | M] [2010.01.16 22:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Extensions [2010.01.16 22:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.03.05 16:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\3b63qqyk.Schnell ohne alles\extensions [2011.12.03 16:29:19 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\3b63qqyk.Schnell ohne alles\extensions\battlefieldplay4free@ea.com [2011.10.16 18:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\aikyvwdm.Test\extensions [2011.07.03 07:34:21 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\aikyvwdm.Test\extensions\battlefieldheroespatcher@ea.com [2011.10.16 18:53:49 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\aikyvwdm.Test\extensions\battlefieldplay4free@ea.com [2012.03.01 22:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions [2011.05.07 20:15:48 | 000,000,000 | ---D | M] (Transit Widget Emulator) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{0bdb2530-7a5e-11df-93f2-0800200c9a66} [2010.12.15 09:56:05 | 000,000,000 | ---D | M] ("Enhanced History Manager [de]") -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{36EC55C0-D27E-11d8-9418-444553540001} [2011.02.16 20:36:36 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.05.15 21:23:54 | 000,000,000 | ---D | M] (XPather) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{636fd8b0-ce2b-4e00-b812-2afbe77ee899} [2010.08.13 20:59:31 | 000,000,000 | ---D | M] (XPath Checker) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537} [2011.11.30 15:48:17 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2012.01.10 22:08:50 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2011.08.27 22:02:29 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2010.02.22 08:34:07 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2011.12.27 22:18:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.22 07:30:38 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2011.01.08 22:13:44 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011.06.23 20:22:19 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2010.11.26 18:30:15 | 000,000,000 | ---D | M] (GridFox) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{D9CFDC5F-081E-420c-A108-A628AC2E556B} [2011.06.09 16:35:31 | 000,000,000 | ---D | M] (Capture Fox) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\capturefoxmovie@advancity.net [2010.03.25 13:14:42 | 000,000,000 | ---D | M] (Dictionary (EN/DE)) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\dictlookup@arnhold.com [2010.01.25 08:50:48 | 000,000,000 | ---D | M] (History Tree) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\historyTree@norman.solomon [2011.11.12 07:22:52 | 000,000,000 | ---D | M] (Pixel Perfect) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\pixelperfectplugin@openhouseconcepts.com [2010.02.11 19:52:57 | 000,000,000 | ---D | M] (VMware Remote Console Plug-in) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\VMwareVMRC@vmware.com [2011.01.16 20:27:14 | 000,000,000 | ---D | M] ("XLT Script Recorder") -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\xlt-scriptrecorder@xceptance.com [2011.05.07 20:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{0bdb2530-7a5e-11df-93f2-0800200c9a66}\modules\api\wac\extensions [2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\uwe\AppData\Roaming\Mozilla\Firefox\Profiles\dxmcai45.default\searchplugins\conduit.xml () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{563E4790-7E70-11DA-A72B-0800200C9A66}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{6DFC4F52-26F0-4E5F-89C7-31D6DE480DB9}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{8A6C82A1-F6C9-481A-AAE7-C96444C9A754}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{C666C018-6409-4479-AFA3-68E4129E7EFF}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{CF15270E-CF08-4DEF-B4EA-6A5AC23F3BCA}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{F5DDF39C-9293-4D5E-9AA8-E04E6DD5E9B4}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\CSSCOVERAGE@SPAGHETTICODER.ORG.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\JSONVIEW@BRH.NUMBERA.COM.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\SQLITEMANAGER@MRINALKANT.BLOGSPOT.COM.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\TRANSLATOR@ZOLI.BOD.XPI ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\uwe\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\uwe\AppData\Local\Google\Chrome\Application\16.0.912.75\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\uwe\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\browser\firefox35\plugins\np-mswmp.dll CHR - plugin: Windows Genuine Advantage (Enabled) = D:\browser\firefox35\plugins\npLegitCheckPlugin.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = D:\browser\firefox35\plugins\NPPDLicenseHelper.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = D:\browser\firefox35\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = D:\browser\firefox35\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = D:\browser\firefox35\plugins\nprpjplug.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\uwe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Babylon Translator = C:\Users\uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0\ O1 HOSTS File: ([2012.03.05 15:08:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] D:\tools\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\tools\system\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [sdaumon] C:\ProgramData\Microsoft\Network\umon.exe () O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - Startup: C:\Users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\uwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCpl = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - DD:\tools\virtualisierung\vmware\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - DD:\tools\virtualisierung\vmware\x64\vsocklib.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\tools\virtualisierung\vmware\VMware Server\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\tools\virtualisierung\vmware\VMware Server\vsocklib.dll (VMware, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3545A51-C0E5-4C69-A812-F938652B1D70}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.06 14:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.03.06 14:50:23 | 002,322,184 | ---- | C] (ESET) -- C:\Users\uwe\Desktop\esetsmartinstaller_enu.exe [2012.03.06 12:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.03.06 12:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup [2012.03.05 20:38:40 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.05 11:41:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.03.05 11:39:30 | 004,427,148 | R--- | C] (Swearware) -- C:\Users\uwe\Desktop\ComboFix.exe [2012.03.05 11:25:59 | 000,000,000 | ---D | C] -- C:\Users\uwe\Desktop\tdsskiller [2012.03.05 10:39:06 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\uwe\Desktop\TDSSKiller.exe [2012.03.05 10:38:56 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\uwe\Desktop\aswMBR.exe [2012.03.01 09:17:27 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Malwarebytes [2012.03.01 09:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.01 09:17:20 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.01 09:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.29 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\ACD Systems [2012.02.28 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Mp3tag [2012.02.25 23:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems [2012.02.25 23:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems [2012.02.25 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems [2012.02.25 00:09:46 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\MyPhoneExplorer [2012.02.25 00:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2012.02.20 08:27:05 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Local\Adobe [2012.02.20 08:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.02.20 08:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.02.20 08:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.02.19 20:44:03 | 000,000,000 | ---D | C] -- C:\Users\uwe\Desktop\gtd [2012.02.17 14:11:05 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind [2012.02.17 14:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind [2012.02.17 14:10:53 | 000,000,000 | ---D | C] -- C:\Users\uwe\Application Data [2012.02.16 13:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.02.16 13:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.02.16 13:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.02.16 12:27:46 | 000,000,000 | ---D | C] -- C:\glassfish3 [2012.02.16 12:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.02.16 12:22:22 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012.02.15 17:50:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.02.15 17:50:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.02.15 17:50:12 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.02.15 17:50:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.02.15 17:50:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.02.15 17:50:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.02.15 17:50:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.02.15 17:50:11 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.02.15 17:50:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.02.15 17:50:11 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.02.15 17:50:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.02.15 08:01:59 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.02.15 08:01:58 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.02.15 08:01:58 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012.02.15 08:01:54 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.02.14 12:27:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.02.14 12:27:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.02.14 12:27:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.02.14 12:27:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.02.14 12:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.02.12 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\uwe\.dvdcss [2012.02.12 10:28:10 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Local\MPlayer [2012.02.12 10:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDx 4.0 [2012.02.09 11:17:53 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\uwe\Desktop\OTL.exe [2012.02.08 08:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evoluent [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.07 10:06:50 | 000,018,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.07 10:06:50 | 000,018,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.07 10:00:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1015UA.job [2012.03.07 09:59:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.07 09:59:18 | 2140,454,911 | -HS- | M] () -- C:\hiberfil.sys [2012.03.07 08:36:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1001UA.job [2012.03.06 21:00:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1015Core.job [2012.03.06 20:36:06 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1001Core.job [2012.03.06 14:50:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\uwe\Desktop\esetsmartinstaller_enu.exe [2012.03.06 14:10:29 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.06 14:10:29 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.06 13:51:39 | 000,001,207 | ---- | M] () -- C:\Windows\SysWow64\excltmp~.dat [2012.03.06 12:41:33 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.03.06 12:31:47 | 000,000,700 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.03.06 12:26:10 | 000,000,675 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk [2012.03.06 12:14:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.03.06 10:49:31 | 000,005,265 | ---- | M] () -- C:\Users\uwe\.recently-used.xbel [2012.03.05 16:26:04 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\uwe\Desktop\OTL.exe [2012.03.05 15:08:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.03.05 14:43:11 | 004,427,148 | R--- | M] (Swearware) -- C:\Users\uwe\Desktop\ComboFix.exe [2012.03.05 11:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\uwe\Desktop\TDSSKiller.exe [2012.03.05 11:02:08 | 000,000,512 | ---- | M] () -- C:\Users\uwe\Desktop\MBR.dat [2012.03.05 10:38:58 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\uwe\Desktop\aswMBR.exe [2012.03.05 10:33:31 | 000,000,020 | ---- | M] () -- C:\Users\uwe\defogger_reenable [2012.03.05 10:31:16 | 000,050,477 | ---- | M] () -- C:\Users\uwe\Desktop\Defogger.exe [2012.03.05 10:27:33 | 001,808,256 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.05 10:27:33 | 000,767,598 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.05 10:27:33 | 000,721,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.05 10:27:33 | 000,175,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.05 10:27:33 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.02 14:04:29 | 000,005,120 | ---- | M] () -- C:\Users\uwe\Desktop\branches.db [2012.03.01 14:59:35 | 000,001,392 | ---- | M] () -- C:\Windows\SysWow64\ccsync.err [2012.03.01 14:57:01 | 000,000,412 | ---- | M] () -- C:\NET.INI [2012.03.01 10:49:07 | 000,000,988 | ---- | M] () -- C:\Users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.01 09:41:07 | 000,020,369 | ---- | M] () -- C:\Users\uwe\Desktop\OTL_1.zip [2012.03.01 09:17:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.29 10:00:29 | 000,009,748 | ---- | M] () -- C:\Users\uwe\Desktop\Kompost_2012.odt [2012.02.25 23:00:53 | 000,002,849 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee 6.0.lnk [2012.02.25 22:11:42 | 000,024,925 | ---- | M] () -- C:\Users\uwe\Desktop\Unbenannt 1.odt [2012.02.25 20:24:58 | 000,027,937 | ---- | M] () -- C:\Users\uwe\Desktop\device-2012-02-25-201254.png.pdf [2012.02.25 20:19:04 | 000,022,620 | ---- | M] () -- C:\Users\uwe\Desktop\10 x 15 cm (2).pdf [2012.02.25 20:17:50 | 000,024,849 | ---- | M] () -- C:\Users\uwe\Desktop\myfinder_screenshot.pdf [2012.02.25 00:09:44 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2012.02.21 09:28:13 | 000,000,788 | ---- | M] () -- C:\Users\uwe\cintanotes.exe.lnk [2012.02.20 08:26:37 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.02.17 20:33:21 | 000,019,047 | ---- | M] () -- C:\Users\uwe\Aer Lingus - Buchungsbestätigung.pdf [2012.02.17 20:27:05 | 000,181,713 | ---- | M] () -- C:\Users\uwe\Desktop\T_C-WL-World-Aer-Lingus-Ger.pdf [2012.02.17 19:16:46 | 000,009,859 | ---- | M] () -- C:\Users\uwe\Hans Zimmer - ( Hoist The Colours tab ).pdf [2012.02.17 14:42:50 | 000,000,054 | ---- | M] () -- C:\Users\uwe\goandroid.bat [2012.02.17 14:11:05 | 000,000,714 | ---- | M] () -- C:\Users\uwe\Desktop\XMind.lnk [2012.02.16 13:43:03 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.02.16 13:35:54 | 000,005,120 | ---- | M] () -- C:\Users\uwe\filialen.db [2012.02.16 12:22:19 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.02.16 12:22:19 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.02.16 10:19:39 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.02.15 18:21:01 | 000,324,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.14 12:23:01 | 000,001,203 | ---- | M] () -- C:\Users\uwe\Desktop\ComboFix.exe.lnk [2012.02.12 09:57:44 | 000,000,133 | -HS- | M] () -- C:\ProgramData\.zreglib [2012.02.10 19:36:18 | 000,007,403 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err [2012.02.09 12:59:52 | 000,031,512 | ---- | M] () -- C:\Users\uwe\Desktop\Desktop_.zip [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.06 12:43:07 | 000,001,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.03.06 12:41:33 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.03.06 12:31:47 | 000,000,700 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.03.06 12:26:10 | 000,000,675 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk [2012.03.06 10:49:31 | 000,005,265 | ---- | C] () -- C:\Users\uwe\.recently-used.xbel [2012.03.05 11:02:08 | 000,000,512 | ---- | C] () -- C:\Users\uwe\Desktop\MBR.dat [2012.03.05 10:33:31 | 000,000,020 | ---- | C] () -- C:\Users\uwe\defogger_reenable [2012.03.05 10:31:15 | 000,050,477 | ---- | C] () -- C:\Users\uwe\Desktop\Defogger.exe [2012.03.01 14:57:17 | 000,001,392 | ---- | C] () -- C:\Windows\SysWow64\ccsync.err [2012.03.01 09:41:07 | 000,020,369 | ---- | C] () -- C:\Users\uwe\Desktop\OTL_1.zip [2012.03.01 09:17:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.28 10:22:53 | 000,009,748 | ---- | C] () -- C:\Users\uwe\Desktop\Kompost_2012.odt [2012.02.25 23:00:53 | 000,002,849 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee 6.0.lnk [2012.02.25 22:11:40 | 000,024,925 | ---- | C] () -- C:\Users\uwe\Desktop\Unbenannt 1.odt [2012.02.25 20:24:58 | 000,027,937 | ---- | C] () -- C:\Users\uwe\Desktop\device-2012-02-25-201254.png.pdf [2012.02.25 20:19:04 | 000,022,620 | ---- | C] () -- C:\Users\uwe\Desktop\10 x 15 cm (2).pdf [2012.02.25 20:17:50 | 000,024,849 | ---- | C] () -- C:\Users\uwe\Desktop\myfinder_screenshot.pdf [2012.02.25 00:09:44 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2012.02.21 09:28:13 | 000,000,788 | ---- | C] () -- C:\Users\uwe\cintanotes.exe.lnk [2012.02.20 23:06:04 | 000,005,120 | ---- | C] () -- C:\Users\uwe\Desktop\branches.db [2012.02.20 08:26:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.02.20 08:26:37 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.02.17 20:33:21 | 000,019,047 | ---- | C] () -- C:\Users\uwe\Aer Lingus - Buchungsbestätigung.pdf [2012.02.17 20:27:03 | 000,181,713 | ---- | C] () -- C:\Users\uwe\Desktop\T_C-WL-World-Aer-Lingus-Ger.pdf [2012.02.17 19:16:43 | 000,009,859 | ---- | C] () -- C:\Users\uwe\Hans Zimmer - ( Hoist The Colours tab ).pdf [2012.02.17 14:41:57 | 000,000,054 | ---- | C] () -- C:\Users\uwe\goandroid.bat [2012.02.17 14:11:05 | 000,000,714 | ---- | C] () -- C:\Users\uwe\Desktop\XMind.lnk [2012.02.16 13:43:03 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.02.16 13:35:37 | 000,005,120 | ---- | C] () -- C:\Users\uwe\filialen.db [2012.02.14 12:27:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.02.14 12:27:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.02.14 12:27:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.02.14 12:27:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.02.14 12:27:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.02.14 12:23:01 | 000,001,203 | ---- | C] () -- C:\Users\uwe\Desktop\ComboFix.exe.lnk [2012.02.09 12:59:52 | 000,031,512 | ---- | C] () -- C:\Users\uwe\Desktop\Desktop_.zip [2011.11.21 21:46:14 | 000,225,255 | ---- | C] () -- C:\Windows\hpoins43.dat [2011.07.29 07:02:40 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2011.07.21 21:56:44 | 000,000,080 | RHS- | C] () -- C:\Windows\ICLET30.BIN [2011.07.21 21:50:21 | 000,000,080 | RHS- | C] () -- C:\Windows\CT5SEET.BIN [2011.07.21 21:47:20 | 000,559,104 | ---- | C] () -- C:\Windows\lame.exe [2011.07.21 21:47:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.07.21 21:47:20 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mp3gain.exe [2011.07.21 21:47:20 | 000,079,360 | ---- | C] () -- C:\Windows\mp3gain.exe [2011.07.17 22:21:44 | 000,000,281 | ---- | C] () -- C:\Users\uwe\AppData\Roaming\Network Meter_Settings.ini [2011.07.10 21:10:37 | 000,001,207 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat [2011.07.10 21:09:48 | 000,000,141 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2011.07.10 21:09:48 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2011.07.10 21:09:47 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe [2011.07.10 21:09:47 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys [2011.07.10 21:09:46 | 000,000,600 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2011.05.01 12:06:25 | 000,000,000 | ---- | C] () -- C:\Users\uwe\AppData\Roaming\.NANotifyHere [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.13 08:53:23 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.13 08:53:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.11.24 20:30:44 | 000,000,133 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.23 13:06:21 | 000,007,619 | ---- | C] () -- C:\Users\uwe\AppData\Local\Resmon.ResmonCfg [2010.11.11 16:37:53 | 000,001,134 | ---- | C] () -- C:\Windows\disney.ini [2010.11.11 16:36:24 | 000,000,207 | ---- | C] () -- C:\Windows\disneysy.ini [2010.07.07 15:31:24 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2010.07.07 15:31:24 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2010.05.01 20:34:56 | 000,033,134 | ---- | C] () -- C:\Users\uwe\AppData\Roaming\UserTile.png [2010.04.24 21:06:21 | 000,021,504 | ---- | C] () -- C:\Users\uwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.14 17:04:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.11 11:18:22 | 000,012,893 | ---- | C] () -- C:\Windows\Q-Dir.ini [2010.03.11 11:12:15 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2010.03.11 11:12:15 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2010.03.11 10:30:58 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\GBGraphics.dll < End of report > und die extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.03.2012 10:04:12 - Run 7
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\uwe\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,99 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 73,32% Memory free
15,98 Gb Paging File | 13,80 Gb Available in Paging File | 86,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,00 Gb Total Space | 60,67 Gb Free Space | 30,34% Space Free | Partition Type: NTFS
Drive D: | 500,00 Gb Total Space | 50,04 Gb Free Space | 10,01% Space Free | Partition Type: NTFS
Drive E: | 400,00 Gb Total Space | 127,86 Gb Free Space | 31,97% Space Free | Partition Type: NTFS
Drive F: | 162,80 Gb Total Space | 64,76 Gb Free Space | 39,78% Space Free | Partition Type: NTFS
Computer Name: ATHOS | User Name: uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\browser\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\tools\multimedia\grafik\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Folderico] -- D:\tools\filesystem\Folderico\Folderico.exe "%1" (Shedko software)
Directory [PlayWithVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Touch_It] -- "C:\Program Files (x86)\MicroTools4U\Touch It\Touch It.exe" "%l" (Kovalev'S.oftware)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\tools\multimedia\grafik\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Folderico] -- D:\tools\filesystem\Folderico\Folderico.exe "%1" (Shedko software)
Directory [PlayWithVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Touch_It] -- "C:\Program Files (x86)\MicroTools4U\Touch It\Touch It.exe" "%l" (Kovalev'S.oftware)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{49D5BCB5-31E0-4B32-816D-E953C372E650}" = TortoiseSVN 1.6.8.19260 (64 bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E7253AF-1DAB-4589-8F75-AC3B55450245}" = Streaming Media Recorder
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.6.4 x64
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8118019-96B5-42FB-9A45-5D82D1CB62EE}" = AxCrypt 1.7.2867.0
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1140
"HardlinkShellExt" = Link Shell Extension
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Shop for HP Supplies" = Shop for HP Supplies
"TeraCopy_is1" = TeraCopy 2.1
"Unlocker" = Unlocker 1.9.1-x64
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Pirates of the Caribbean - At Worlds End
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{083C54E1-22E9-415F-9CB8-3A8A31905305}" = ACDSee 6.0 Standard
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18AE8ACB-0419-45F6-9CF6-155E128A4BCE}_is1" = GD WinTools.net 8.1 Ultimate
"{1A1443D7-7A4E-51EC-B41D-EB84114ED943}" = DVD2AVI Ripper Professional v3.4.0.81
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{29D8415B-F561-4A73-9C9A-29C8A1473BC9}" = Zamzom
"{2A87B210-5672-421E-AD15-B8DF44D78691}" = Garmin City Navigator Europe NT 2011.40 Update
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 SE
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55658640-23F2-4F69-89DE-012713536025}" = S4 League_EU
"{5612C844-55BC-4B77-82C2-A2E28962418E}" = Republic Heroes
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5F6FCADA-5E8A-4FB2-997D-9AFCAB0EF520}" = Synching Thunder
"{603D5FB8-3605-48AC-B1B7-16A5401FD105}" = FoxAnalysis
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6419ED85-0F56-473E-9C65-5BFCA43402C0}" = VMXWizard beta
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 10.4k, 2010.10.29
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B34251B-AB68-4b47-AA5E-09B50EFE41A0}" = Battlefield Heroes (PTE)
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D5F9921-3756-4397-917C-9FB912CA2287}_is1" = concept/design music2go 2
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.9
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A261769-9640-4DB4-B877-3E00C61967F3}_is1" = concept/design onlineTV 5
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}" = Greenfoot
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9761AC3A-7B7C-4ACB-8F02-140308012C4D}_is1" = FormPrinter
"{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe
"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Open XML Editor 1.6
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}" = VMware Server
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B9303204-1369-4B15-B749-EFFBC0658466}" = Clipboard Master
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2E1ED34-EF54-43D4-B634-8C76B15CFF18}" = iClone v3.2 SE
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5344219-9988-480B-8D1F-EFAB0EEF3F3C}" = VMware vCenter Converter Standalone
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED3D71CC-9F3B-4AC5-9E55-AB915EBC0BEB}" = HDD Temperature v.4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F23D156D-5542-48C2-88A0-C99CB8151354}" = Jalbum
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"AAA Photo Album_is1" = AAA Photo Album 2.10
"Advanced CSV Converter" = Advanced CSV Converter 2.65
"Advanced Registry Tracer" = Advanced Registry Tracer
"Advanced XML Converter" = Advanced XML Converter 2.31
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"Akamai" = Akamai NetSession Interface
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"Android SDK Tools" = Android SDK Tools
"Ant Renamer 2_is1" = Ant Renamer
"Any Video Converter_is1" = Any Video Converter 3.2.3
"Aptana Studio 3" = Aptana Studio 3
"Artisteer 2" = Artisteer 2
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"bitRipper" = bitRipper
"CHK-Mate_is1" = DIY DataRecovery CHK-Mate
"Clipboard Master" = Clipboard Master 1.2.0
"CSMFYUV" = CSMX AVI lossless video codec (Remove Only)
"DDR - Removable Media(Demo)" = DDR - Removable Media(Demo) 4.0.1.6
"Ditto_is1" = Ditto 3.17.0.17
"DivX2Mp4_is1" = DivX2Mp4 version 1.7.0.1
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"Ema Personal Wiki" = Ema Personal Wiki
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.4.0
"Folderico" = Folderico 4.0 RC11
"Foxit Reader" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"GameSpy Arcade" = GameSpy Arcade
"GOM Player" = GOM Player
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HTMLPad 2010_is1" = HTMLPad 2010 v10.1
"InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2:*Die neuen Abenteuer
"InstallShield_{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C2E1ED34-EF54-43D4-B634-8C76B15CFF18}" = iClone v3.2 SE
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"IrfanView" = IrfanView (remove only)
"Kindersicherung_is1" = Kindersicherung 2011
"LAN-Explorer" = LAN-Explorer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Mobile Partner" = Mobile Partner
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MPE" = MyPhoneExplorer
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"PhotoResampling_is1" = PhotoResampling 9.2
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 9.1
"Project Eden" = Project Eden deinstallieren
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSPVideoExpress" = PSP Video Express(remove only)
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Samsung ML-1710 Series" = Samsung ML-1710 Series
"Scribus 1.3.3.13" = Scribus 1.3.3.13
"Secure Eraser_is1" = Secure Eraser v3.1
"ShapeCollage" = Shape Collage
"SpeedFan" = SpeedFan (remove only)
"SPlayer" = SPlayer
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"SumatraPDF" = SumatraPDF
"Tarr Chronicles_is1" = Tarr Chronicles
"TreeSize Free_is1" = TreeSize Free V2.5
"TrueCrypt" = TrueCrypt
"UltraSearch_is1" = UltraSearch V1.5
"VLC media player" = VLC media player 2.0.0
"VobSub" = VobSub v2.23 (Remove Only)
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"Xfire" = Xfire (remove only)
"XMind" = XMind
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Zattoo" = Zattoo 3.3.4 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{89F1F896-7C24-4441-A166-89A1400F52C1}_is1" = WAC SDK 1.0
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"GeoGebra 4" = GeoGebra 4
"Google Chrome" = Google Chrome
"Napkin Look and Feel Demo" = Napkin Look and Feel Demo
"Touch It" = Touch It
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.03.2012 09:51:11 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\uwe\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 06.03.2012 09:51:13 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\uwe\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 06.03.2012 09:51:15 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\uwe\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 06.03.2012 09:51:25 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\uwe\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 06.03.2012 09:51:26 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\uwe\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 06.03.2012 09:53:01 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\uwe\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 06.03.2012 09:53:03 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\uwe\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 06.03.2012 21:35:59 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 06.03.2012 21:37:37 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "d:\download\tools\security\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 06.03.2012 21:37:40 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\uwe\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 06.03.2012 04:14:38 | Computer Name = athos | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 06.03.2012 04:14:38 | Computer Name = athos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 07.03.2012 03:23:30 | Computer Name = athos | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 07.03.2012 03:23:30 | Computer Name = athos | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 07.03.2012 04:50:54 | Computer Name = athos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 07.03.2012 04:51:05 | Computer Name = athos | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 07.03.2012 04:51:05 | Computer Name = athos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 07.03.2012 04:59:23 | Computer Name = athos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 07.03.2012 04:59:35 | Computer Name = athos | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 07.03.2012 04:59:35 | Computer Name = athos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
< End of report >
VG, robibor. |
|
07.03.2012, 10:18
| #20 |
| | SystemCheck - falsches Tools - Virus oder Malware?? Hallo, hier die Logfiles. VG, robibor. |
|
07.03.2012, 10:35
| #21 | ||
| /// Malwareteam | SystemCheck - falsches Tools - Virus oder Malware??Zitat:
 OTL-Fix
Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
:files
E:\tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NT-Crack
:Commands
[emptytemp]
__________________ --> SystemCheck - falsches Tools - Virus oder Malware?? Geändert von Psychotic (07.03.2012 um 11:04 Uhr) |
|
07.03.2012, 11:08
| #22 |
| | SystemCheck - falsches Tools - Virus oder Malware?? Hallo, habe es gelesen und auch gelöscht. hier das log: All processes killed ========== OTL ========== Prefs.js: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627" removed from browser.search.defaulturl Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL ========== FILES ========== E:\tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NT-Crack\PWDUMP folder moved successfully. E:\tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NT-Crack\NTCRACK folder moved successfully. E:\tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NT-Crack folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: frauke ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: ggehrau ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: mathis ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: ugehrau ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: uwe ->Temp folder emptied: 356762 bytes ->Temporary Internet Files folder emptied: 38149 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 35972936 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4189 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 35,00 mb OTL by OldTimer - Version 3.2.35.1 log created on 03072012_110238 Files\Folders moved on Reboot... C:\Users\uwe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... VG, robibor. |
|
07.03.2012, 11:17
| #23 |
| /// Malwareteam | SystemCheck - falsches Tools - Virus oder Malware?? Sieht gut aus... Mach noch die beiden Scans zur Kontrolle! Schritt 1: MBAM Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
08.03.2012, 18:15
| #24 |
| | SystemCheck - falsches Tools - Virus oder Malware?? HAllo, hier das MBAM Log: Malwarebytes Anti-Malware (Test) 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.03.07.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ***** :: ATHOS [Administrator] Schutz: Deaktiviert 07.03.2012 11:38:17 mbam-log-2012-03-07 (11-38-17).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1610716 Laufzeit: 3 Stunde(n), 22 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 D:\download\tools\filesystem\red_folders_setup.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\download\tools\filesystem\Red Folders Desktop Organizer\red_folders_setup.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\personen\*****\sticks\toshiba_20091005\uwg\Adobe.Photoshop.Lightroom.2008.PC\Keygen\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und das eset Log: C:\Program Files (x86)\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application C:\temp\backup.zip Win32/Adware.ADON application C:\Users\******\Downloads\SoftonicDownloader38341.exe a variant of Win32/SoftonicDownloader.A application C:\Users\******\Documents\Downloads\SoftonicDownloader_fuer_battlefield-2.exe a variant of Win32/SoftonicDownloader.A application C:\Users\******\Downloads\ibario.exe a variant of Win32/SweetIM.B application C:\_OTL\MovedFiles\03072012_095731\C_Users\******\Desktop\MyBabylonTB.exe Win32/Toolbar.Babylon application C:\_OTL\MovedFiles\03072012_095731\C_Users\******\Desktop\Top Secret\MyBabylonTB[1].exe Win32/Toolbar.Babylon application C:\_OTL\MovedFiles\03072012_095731\D_download\tools\multimedia\video\Setup_FreeBurner.exe multiple threats C:\_OTL\MovedFiles\03072012_095731\D_download\tools\multimedia\video\Setup_FreeFlvConverter698.exe multiple threats C:\_OTL\MovedFiles\03072012_095731\E_tranfer\alter_Rechner\backups\portos\2003_2004\laufwerk_i\NT_Tools_Tricks\NTCRACK.ZIP probably a variant of Win32/Hacktool.Agent.FVLPPJP trojan C:\_OTL\MovedFiles\03072012_095731\E_tranfer\alter_Rechner\backups\portos\Backup_alter_rechner\transfair\marko.zip a variant of Win32/Adware.Ezula application C:\_OTL\MovedFiles\03072012_095731\E_tranfer\alter_Rechner\eigeneDateien\Bilder\stickoma\AUTORUN.INF Win32/AutoRun.GD worm D:\cd\pc_mag_201109\interface\contents\youtubepaket_18560\49480\files\Setup_FreeFlvConverter.exe a variant of Win32/Toolbar.Widgi application D:\download\tools\filesystem\Unlocker1.9.1-x64.exe Win32/Adware.ADON application D:\download\tools\multimedia\SoftonicDownloader_fuer_clonedvd.exe Win32/SoftonicDownloader.C application D:\download\tools\multimedia\audio\freeripmp3-setup.exe Win32/Adware.ADON application D:\tools\multimedia\video\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application E:\******_2010.zip a variant of Win32/SoftonicDownloader.A application E:\personen\******\sticks\******_vom_stick\download\tools\pdf\SoftonicDownloader38341.exe a variant of Win32/SoftonicDownloader.A application E:\tranfer\alter_Rechner\lost_and_found\lw_c_20091107\Dokumente und Einstellungen\******\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\4hlwm20q.default\Cache\29024463d01 Win32/RegistryBooster application E:\tranfer\bilder\stickoma\AUTORUN.INF Win32/AutoRun.GD worm VG, robibor |
|
08.03.2012, 18:33
| #25 | |
| /// Malwareteam | SystemCheck - falsches Tools - Virus oder Malware??Zitat:
Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren. Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malware Dateien ) Dies ist einer der Hauptgründe wie man sich infiziert. Ausserdem sind Cracks usw illegal und das ist genauso Diebstahl wie in einem Laden. Darum haben wir uns darauf geeinigt, Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems __________________
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu SystemCheck - falsches Tools - Virus oder Malware?? |
| falsches, fehler, festplatte, malware, malware?, melde, meldet, platte, ram, schädling, systemcheck, tools, troja, virus, virus oder malware |
Textbox.
Linear-Darstellung
