| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SystemCheck - falsches Tools - Virus oder Malware??Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.03.2012, 09:41
| #1 |
 |  SystemCheck - falsches Tools - Virus oder Malware?? Hallo Trojaner-Board-Team, ich habe mir da einen Schädling eingefangen. Er meldet sich als Systemcheck. Er gibt an, dass es Fehler mit RAM und Festplatte gibt. Könnt Ihr da helfen? VG, Robibor Geändert von robibor (01.03.2012 um 10:25 Uhr) |
|
01.03.2012, 11:23
| #2 |
| | SystemCheck - falsches Tools - Virus oder Malware?? Hallo,
__________________der Taskmanager geht auch nicht auf. Wenn man msconfig aufruft, dann stehen die beiden Dateien (pEmGJfPLIOhOo.exe und mZ49sP985las5s.exe) in der StystemStart Liste. Ich habe die Einstellung deaktiviert. Ich konnte die Dateien pEmGJfPLIOhOo.exe und mZ49sP985las5s.exe im Verzeichnis C:\ProgramData umbenennen und nach dem Reboot löschen. Die Meldungen über System-Probleme werden z.Z. nicht angezeigt. Die Liste der Programme wird in der Taskleiste wird nicht (mehr) angezeigt. Ich habe mit Malwarebytes das System gescannt und konnte die Infektionen beseitigen. Ich schicke noch mal eine aktuelle olt.txt mit. Vielleicht gibt es noch was, was sich versteckt. VG, Robibor Geändert von robibor (01.03.2012 um 11:42 Uhr) |
|
05.03.2012, 09:26
| #3 |
| /// Malwareteam    | SystemCheck - falsches Tools - Virus oder Malware?? Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1: Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: Scan mit aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 3: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
05.03.2012, 11:05
| #4 |
| | SystemCheck - falsches Tools - Virus oder Malware?? Hallo Marius, hier die aswMBR.txt. Kann ich den TDSS-Killer schon laufen lassen? VG, robibor Sorry. aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software Run date: 2012-03-05 10:40:21 ----------------------------- 10:40:21.080 OS Version: Windows x64 6.1.7601 Service Pack 1 10:40:21.080 Number of processors: 4 586 0x402 10:40:21.080 ComputerName: ATHOS UserName: uwe 10:40:21.595 Initialize success 10:42:01.676 AVAST engine defs: 12030500 10:42:10.459 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000090 10:42:10.459 Disk 0 Vendor: AMD_____ 1.10 Size: 1907611MB BusType: 8 10:42:10.475 Disk 0 MBR read successfully 10:42:10.475 Disk 0 MBR scan 10:42:10.475 Disk 0 Windows 7 default MBR code 10:42:10.490 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 10:42:10.506 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 204798 MB offset 206848 10:42:10.506 Disk 0 Partition - 00 0F Extended LBA 1088310 MB offset 1677926400 10:42:10.522 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 512000 MB offset 1677928448 10:42:10.522 Disk 0 Partition - 00 05 Extended 409601 MB offset 2726504448 10:42:10.553 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 409600 MB offset 2726506496 10:42:10.553 Disk 0 Partition - 00 05 Extended 166708 MB offset 4613945344 10:42:10.568 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 166707 MB offset 3565369344 10:42:10.678 Disk 0 scanning C:\Windows\system32\drivers 10:42:32.034 Service scanning 10:43:02.454 Modules scanning 10:43:02.454 Disk 0 trace - called modules: 10:43:02.485 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll amdsbs.sys 10:43:02.501 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800816a060] 10:43:02.501 3 CLASSPNP.SYS[fffff8800144243f] -> nt!IofCallDriver -> [0xfffffa8007111e40] 10:43:02.501 5 ACPI.sys[fffff88000f237a1] -> nt!IofCallDriver -> \Device\00000090[0xfffffa800710a060] 10:43:03.250 AVAST engine scan C:\Windows 10:43:10.285 AVAST engine scan C:\Windows\system32 10:48:34.095 AVAST engine scan C:\Windows\system32\drivers 10:48:53.065 AVAST engine scan C:\Users\uwe 10:49:39.834 File: C:\Users\uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23TT1W18\3[1].exe **INFECTED** Win32:Sirefef-OW [Trj] 10:54:13.528 AVAST engine scan C:\ProgramData 11:01:40.281 Scan finished successfully 11:02:08.016 Disk 0 MBR has been saved successfully to "C:\Users\uwe\Desktop\MBR.dat" 11:02:08.021 The log file has been saved successfully to "C:\Users\uwe\Desktop\aswMBR.txt" Geändert von robibor (05.03.2012 um 11:23 Uhr) |
|
05.03.2012, 11:27
| #5 |
| /// Malwareteam | SystemCheck - falsches Tools - Virus oder Malware?? Hallo Uwe, ja, arbeite stets alle Punkte ab, bevor du antwortest! 
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
05.03.2012, 11:29
| #6 |
| | SystemCheck - falsches Tools - Virus oder Malware?? Hallo Marius, hier das Ergebnis von TDSS-Killer. VG, robibor 11:26:26.0197 1212 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39 11:26:26.0323 1212 ============================================================ 11:26:26.0323 1212 Current date / time: 2012/03/05 11:26:26.0323 11:26:26.0324 1212 SystemInfo: 11:26:26.0324 1212 11:26:26.0324 1212 OS Version: 6.1.7601 ServicePack: 1.0 11:26:26.0324 1212 Product type: Workstation 11:26:26.0324 1212 ComputerName: ATHOS 11:26:26.0324 1212 UserName: uwe 11:26:26.0324 1212 Windows directory: C:\Windows 11:26:26.0324 1212 System windows directory: C:\Windows 11:26:26.0324 1212 Running under WOW64 11:26:26.0324 1212 Processor architecture: Intel x64 11:26:26.0324 1212 Number of processors: 4 11:26:26.0324 1212 Page size: 0x1000 11:26:26.0324 1212 Boot type: Normal boot 11:26:26.0324 1212 ============================================================ 11:26:27.0175 1212 Drive \Device\Harddisk0\DR0 - Size: 0x1D1B9B60000 (1862.90 Gb), SectorSize: 0x200, Cylinders: 0x3B5F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:26:27.0216 1212 \Device\Harddisk0\DR0: 11:26:27.0216 1212 MBR used 11:26:27.0216 1212 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 11:26:27.0216 1212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x18FFF2C9 11:26:27.0232 1212 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64032800, BlocksNum 0x3E800000 11:26:27.0249 1212 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA2833000, BlocksNum 0x32000000 11:26:27.0263 1212 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xD4833800, BlocksNum 0x14599800 11:26:27.0424 1212 Initialize success 11:26:27.0424 1212 ============================================================ 11:26:32.0937 4612 ============================================================ 11:26:32.0937 4612 Scan started 11:26:32.0937 4612 Mode: Manual; 11:26:32.0937 4612 ============================================================ 11:26:34.0506 4612 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 11:26:34.0511 4612 1394ohci - ok 11:26:34.0552 4612 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys 11:26:34.0554 4612 61883 - ok 11:26:34.0649 4612 acedrv11 (6ce02d42183cdf31315f208ae35f153f) C:\Windows\system32\drivers\acedrv11.sys 11:26:34.0674 4612 acedrv11 - ok 11:26:34.0744 4612 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 11:26:34.0747 4612 ACPI - ok 11:26:34.0763 4612 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 11:26:34.0763 4612 AcpiPmi - ok 11:26:34.0841 4612 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 11:26:34.0850 4612 adp94xx - ok 11:26:34.0869 4612 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 11:26:34.0872 4612 adpahci - ok 11:26:34.0884 4612 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 11:26:34.0885 4612 adpu320 - ok 11:26:34.0916 4612 afcdp (d9a76e6e541e2e61c78140b65db63e6a) C:\Windows\system32\DRIVERS\afcdp.sys 11:26:34.0918 4612 afcdp - ok 11:26:34.0964 4612 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 11:26:34.0968 4612 AFD - ok 11:26:34.0986 4612 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 11:26:34.0987 4612 agp440 - ok 11:26:35.0037 4612 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 11:26:35.0039 4612 aliide - ok 11:26:35.0116 4612 ALSysIO - ok 11:26:35.0131 4612 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 11:26:35.0132 4612 amdide - ok 11:26:35.0156 4612 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 11:26:35.0158 4612 AmdK8 - ok 11:26:35.0177 4612 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 11:26:35.0178 4612 AmdPPM - ok 11:26:35.0195 4612 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 11:26:35.0196 4612 amdsata - ok 11:26:35.0207 4612 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 11:26:35.0208 4612 amdsbs - ok 11:26:35.0224 4612 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 11:26:35.0224 4612 amdxata - ok 11:26:35.0258 4612 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys 11:26:35.0260 4612 androidusb - ok 11:26:35.0313 4612 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 11:26:35.0315 4612 AppID - ok 11:26:35.0353 4612 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 11:26:35.0355 4612 arc - ok 11:26:35.0373 4612 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 11:26:35.0374 4612 arcsas - ok 11:26:35.0393 4612 Aspi32 - ok 11:26:35.0409 4612 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 11:26:35.0410 4612 AsyncMac - ok 11:26:35.0420 4612 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 11:26:35.0420 4612 atapi - ok 11:26:35.0449 4612 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys 11:26:35.0450 4612 Avc - ok 11:26:35.0477 4612 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 11:26:35.0478 4612 avgntflt - ok 11:26:35.0516 4612 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 11:26:35.0517 4612 avipbb - ok 11:26:35.0558 4612 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 11:26:35.0562 4612 b06bdrv - ok 11:26:35.0575 4612 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 11:26:35.0577 4612 b57nd60a - ok 11:26:35.0590 4612 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 11:26:35.0591 4612 Beep - ok 11:26:35.0602 4612 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 11:26:35.0602 4612 blbdrive - ok 11:26:35.0625 4612 BlueletAudio (44582f5543fd48afbe20e9d9287db0c0) C:\Windows\system32\DRIVERS\blueletaudio.sys 11:26:35.0625 4612 BlueletAudio - ok 11:26:35.0640 4612 BlueletSCOAudio (7e40dfb0cb6dd07eb63cf6f8c67c0962) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys 11:26:35.0640 4612 BlueletSCOAudio - ok 11:26:35.0694 4612 bmdrvr (4d6eee6f8dde33ac7818308335175385) C:\Windows\SysWOW64\drivers\bmdrvr.sys 11:26:35.0694 4612 bmdrvr - ok 11:26:35.0747 4612 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 11:26:35.0750 4612 bowser - ok 11:26:35.0765 4612 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:26:35.0767 4612 BrFiltLo - ok 11:26:35.0780 4612 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:26:35.0782 4612 BrFiltUp - ok 11:26:35.0803 4612 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 11:26:35.0804 4612 BridgeMP - ok 11:26:35.0834 4612 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 11:26:35.0836 4612 Brserid - ok 11:26:35.0857 4612 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 11:26:35.0858 4612 BrSerWdm - ok 11:26:35.0875 4612 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 11:26:35.0877 4612 BrUsbMdm - ok 11:26:35.0895 4612 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 11:26:35.0897 4612 BrUsbSer - ok 11:26:35.0921 4612 BT (0f890e854fcbe98f4574acc6423fccef) C:\Windows\system32\DRIVERS\btnetdrv.sys 11:26:35.0922 4612 BT - ok 11:26:35.0940 4612 Btcsrusb (e0c1e6b70e0c626b37e643b799e434f3) C:\Windows\system32\Drivers\btcusb.sys 11:26:35.0940 4612 Btcsrusb - ok 11:26:35.0971 4612 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 11:26:35.0971 4612 BthEnum - ok 11:26:35.0985 4612 BTHidEnum (e49a371185d5e79c103765da93856ee1) C:\Windows\system32\Drivers\vbtenum.sys 11:26:35.0986 4612 BTHidEnum - ok 11:26:36.0012 4612 BTHidMgr (8fa060b557c7de309d2d5c16c3da2ef6) C:\Windows\system32\Drivers\BTHidMgr.sys 11:26:36.0014 4612 BTHidMgr - ok 11:26:36.0042 4612 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 11:26:36.0044 4612 BTHMODEM - ok 11:26:36.0075 4612 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 11:26:36.0078 4612 BthPan - ok 11:26:36.0119 4612 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 11:26:36.0129 4612 BTHPORT - ok 11:26:36.0157 4612 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 11:26:36.0158 4612 BTHUSB - ok 11:26:36.0174 4612 catchme - ok 11:26:36.0200 4612 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 11:26:36.0201 4612 cdfs - ok 11:26:36.0234 4612 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 11:26:36.0235 4612 cdrom - ok 11:26:36.0263 4612 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 11:26:36.0264 4612 circlass - ok 11:26:36.0293 4612 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 11:26:36.0297 4612 CLFS - ok 11:26:36.0340 4612 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 11:26:36.0341 4612 CmBatt - ok 11:26:36.0358 4612 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 11:26:36.0359 4612 cmdide - ok 11:26:36.0383 4612 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 11:26:36.0387 4612 CNG - ok 11:26:36.0396 4612 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 11:26:36.0397 4612 Compbatt - ok 11:26:36.0421 4612 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 11:26:36.0422 4612 CompositeBus - ok 11:26:36.0429 4612 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 11:26:36.0429 4612 crcdisk - ok 11:26:36.0464 4612 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 11:26:36.0469 4612 CSC - ok 11:26:36.0548 4612 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 11:26:36.0549 4612 DfsC - ok 11:26:36.0594 4612 dgderdrv (867fa8b9e9e3078f68c4089904bbf4b0) C:\Windows\system32\drivers\dgderdrv.sys 11:26:36.0596 4612 dgderdrv - ok 11:26:36.0633 4612 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys 11:26:36.0635 4612 DgiVecp - ok 11:26:36.0658 4612 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 11:26:36.0659 4612 discache - ok 11:26:36.0687 4612 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 11:26:36.0688 4612 Disk - ok 11:26:36.0742 4612 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 11:26:36.0743 4612 Dot4 - ok 11:26:36.0767 4612 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys 11:26:36.0768 4612 Dot4Print - ok 11:26:36.0786 4612 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 11:26:36.0787 4612 dot4usb - ok 11:26:36.0825 4612 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 11:26:36.0826 4612 drmkaud - ok 11:26:36.0876 4612 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 11:26:36.0893 4612 DXGKrnl - ok 11:26:36.0951 4612 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 11:26:36.0974 4612 ebdrv - ok 11:26:36.0997 4612 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 11:26:37.0000 4612 elxstor - ok 11:26:37.0021 4612 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 11:26:37.0023 4612 ErrDev - ok 11:26:37.0060 4612 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 11:26:37.0062 4612 exfat - ok 11:26:37.0084 4612 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 11:26:37.0087 4612 fastfat - ok 11:26:37.0110 4612 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 11:26:37.0111 4612 fdc - ok 11:26:37.0123 4612 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 11:26:37.0124 4612 FileInfo - ok 11:26:37.0138 4612 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 11:26:37.0138 4612 Filetrace - ok 11:26:37.0159 4612 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 11:26:37.0160 4612 flpydisk - ok 11:26:37.0193 4612 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 11:26:37.0197 4612 FltMgr - ok 11:26:37.0279 4612 FreshIO (caac750e6d27866c28494e0de9fa802a) D:\tools\system\FreshDiagnose\FreshIO.sys 11:26:37.0280 4612 FreshIO - ok 11:26:37.0330 4612 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 11:26:37.0332 4612 FsDepends - ok 11:26:37.0390 4612 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys 11:26:37.0392 4612 fssfltr - ok 11:26:37.0420 4612 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 11:26:37.0422 4612 Fs_Rec - ok 11:26:37.0452 4612 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 11:26:37.0458 4612 fvevol - ok 11:26:37.0479 4612 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 11:26:37.0480 4612 gagp30kx - ok 11:26:37.0524 4612 hcmon (edb09f2df76c352b7af56d0b473049d6) C:\Windows\system32\drivers\hcmon.sys 11:26:37.0525 4612 hcmon - ok 11:26:37.0537 4612 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 11:26:37.0538 4612 hcw85cir - ok 11:26:37.0587 4612 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 11:26:37.0593 4612 HdAudAddService - ok 11:26:37.0632 4612 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 11:26:37.0635 4612 HDAudBus - ok 11:26:37.0661 4612 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 11:26:37.0662 4612 HidBatt - ok 11:26:37.0681 4612 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 11:26:37.0682 4612 HidBth - ok 11:26:37.0706 4612 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 11:26:37.0707 4612 HidIr - ok 11:26:37.0741 4612 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 11:26:37.0742 4612 HidUsb - ok 11:26:37.0771 4612 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 11:26:37.0772 4612 HpSAMD - ok 11:26:37.0808 4612 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 11:26:37.0815 4612 HTTP - ok 11:26:37.0842 4612 hwdatacard (c8f3119ad72a507d12ef389df4c266ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys 11:26:37.0843 4612 hwdatacard - ok 11:26:37.0869 4612 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 11:26:37.0870 4612 hwpolicy - ok 11:26:37.0888 4612 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 11:26:37.0890 4612 i8042prt - ok 11:26:37.0913 4612 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 11:26:37.0917 4612 iaStorV - ok 11:26:37.0941 4612 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 11:26:37.0941 4612 iirsp - ok 11:26:37.0963 4612 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 11:26:37.0964 4612 intelide - ok 11:26:37.0989 4612 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 11:26:37.0990 4612 intelppm - ok 11:26:38.0018 4612 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:26:38.0019 4612 IpFilterDriver - ok 11:26:38.0034 4612 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 11:26:38.0035 4612 IPMIDRV - ok 11:26:38.0051 4612 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 11:26:38.0052 4612 IPNAT - ok 11:26:38.0057 4612 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 11:26:38.0058 4612 IRENUM - ok 11:26:38.0073 4612 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 11:26:38.0074 4612 isapnp - ok 11:26:38.0091 4612 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 11:26:38.0093 4612 iScsiPrt - ok 11:26:38.0126 4612 ISWKL - ok 11:26:38.0160 4612 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys 11:26:38.0162 4612 ivusb - ok 11:26:38.0203 4612 JakNDis (9a0e8f5cd93ad955f2325b10d6e85fd2) C:\Windows\system32\DRIVERS\JakNDis.sys 11:26:38.0205 4612 JakNDis - ok 11:26:38.0214 4612 JakNDisMP (9a0e8f5cd93ad955f2325b10d6e85fd2) C:\Windows\system32\DRIVERS\JakNDis.sys 11:26:38.0215 4612 JakNDisMP - ok 11:26:38.0236 4612 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 11:26:38.0237 4612 kbdclass - ok 11:26:38.0251 4612 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 11:26:38.0252 4612 kbdhid - ok 11:26:38.0270 4612 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 11:26:38.0271 4612 KSecDD - ok 11:26:38.0292 4612 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 11:26:38.0294 4612 KSecPkg - ok 11:26:38.0312 4612 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 11:26:38.0313 4612 ksthunk - ok 11:26:38.0357 4612 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 11:26:38.0358 4612 lltdio - ok 11:26:38.0377 4612 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 11:26:38.0378 4612 LSI_FC - ok 11:26:38.0392 4612 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 11:26:38.0393 4612 LSI_SAS - ok 11:26:38.0407 4612 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:26:38.0408 4612 LSI_SAS2 - ok 11:26:38.0419 4612 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:26:38.0420 4612 LSI_SCSI - ok 11:26:38.0434 4612 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 11:26:38.0435 4612 luafv - ok 11:26:38.0472 4612 lvpepf64 (4cb64d7458abd8396bcd389a69c8fc80) C:\Windows\system32\DRIVERS\lv302a64.sys 11:26:38.0472 4612 lvpepf64 - ok 11:26:38.0494 4612 LVUSBS64 (0034f69d0007d3f77f6b96fa51228e85) C:\Windows\system32\drivers\LVUSBS64.sys 11:26:38.0495 4612 LVUSBS64 - ok 11:26:38.0520 4612 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 11:26:38.0522 4612 MBAMProtector - ok 11:26:38.0558 4612 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 11:26:38.0560 4612 megasas - ok 11:26:38.0584 4612 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 11:26:38.0586 4612 MegaSR - ok 11:26:38.0604 4612 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 11:26:38.0605 4612 Modem - ok 11:26:38.0620 4612 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 11:26:38.0620 4612 monitor - ok 11:26:38.0638 4612 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 11:26:38.0639 4612 mouclass - ok 11:26:38.0670 4612 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 11:26:38.0671 4612 mouhid - ok 11:26:38.0676 4612 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 11:26:38.0677 4612 mountmgr - ok 11:26:38.0693 4612 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 11:26:38.0695 4612 mpio - ok 11:26:38.0705 4612 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 11:26:38.0706 4612 mpsdrv - ok 11:26:38.0724 4612 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 11:26:38.0725 4612 MRxDAV - ok 11:26:38.0748 4612 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:26:38.0750 4612 mrxsmb - ok 11:26:38.0775 4612 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:26:38.0778 4612 mrxsmb10 - ok 11:26:38.0797 4612 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:26:38.0798 4612 mrxsmb20 - ok 11:26:38.0983 4612 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 11:26:38.0984 4612 msahci - ok 11:26:38.0999 4612 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 11:26:39.0000 4612 msdsm - ok 11:26:39.0041 4612 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys 11:26:39.0042 4612 MSDV - ok 11:26:39.0058 4612 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 11:26:39.0059 4612 Msfs - ok 11:26:39.0067 4612 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 11:26:39.0068 4612 mshidkmdf - ok 11:26:39.0083 4612 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 11:26:39.0084 4612 msisadrv - ok 11:26:39.0107 4612 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 11:26:39.0108 4612 MSKSSRV - ok 11:26:39.0128 4612 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 11:26:39.0129 4612 MSPCLOCK - ok 11:26:39.0134 4612 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 11:26:39.0135 4612 MSPQM - ok 11:26:39.0167 4612 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 11:26:39.0170 4612 MsRPC - ok 11:26:39.0188 4612 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 11:26:39.0189 4612 mssmbios - ok 11:26:39.0205 4612 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 11:26:39.0206 4612 MSTEE - ok 11:26:39.0216 4612 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 11:26:39.0218 4612 MTConfig - ok 11:26:39.0232 4612 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 11:26:39.0233 4612 Mup - ok 11:26:39.0272 4612 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 11:26:39.0279 4612 NativeWifiP - ok 11:26:39.0349 4612 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 11:26:39.0366 4612 NDIS - ok 11:26:39.0383 4612 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 11:26:39.0385 4612 NdisCap - ok 11:26:39.0395 4612 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 11:26:39.0396 4612 NdisTapi - ok 11:26:39.0420 4612 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 11:26:39.0421 4612 Ndisuio - ok 11:26:39.0439 4612 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 11:26:39.0441 4612 NdisWan - ok 11:26:39.0458 4612 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 11:26:39.0459 4612 NDProxy - ok 11:26:39.0473 4612 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 11:26:39.0474 4612 NetBIOS - ok 11:26:39.0491 4612 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 11:26:39.0494 4612 NetBT - ok 11:26:39.0536 4612 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 11:26:39.0537 4612 nfrd960 - ok 11:26:39.0565 4612 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 11:26:39.0566 4612 Npfs - ok 11:26:39.0577 4612 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 11:26:39.0578 4612 nsiproxy - ok 11:26:39.0615 4612 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 11:26:39.0630 4612 Ntfs - ok 11:26:39.0644 4612 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 11:26:39.0645 4612 Null - ok 11:26:39.0847 4612 nvlddmkm (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 11:26:39.0933 4612 nvlddmkm - ok 11:26:39.0950 4612 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 11:26:39.0952 4612 nvraid - ok 11:26:39.0963 4612 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 11:26:39.0964 4612 nvstor - ok 11:26:40.0004 4612 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 11:26:40.0005 4612 nv_agp - ok 11:26:40.0019 4612 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 11:26:40.0019 4612 ohci1394 - ok 11:26:40.0058 4612 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 11:26:40.0060 4612 Parport - ok 11:26:40.0080 4612 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 11:26:40.0081 4612 partmgr - ok 11:26:40.0100 4612 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 11:26:40.0101 4612 pci - ok 11:26:40.0110 4612 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 11:26:40.0111 4612 pciide - ok 11:26:40.0129 4612 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 11:26:40.0131 4612 pcmcia - ok 11:26:40.0151 4612 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 11:26:40.0152 4612 pcw - ok 11:26:40.0171 4612 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 11:26:40.0177 4612 PEAUTH - ok 11:26:40.0234 4612 PID_PEPI (37ea62238e17ae88e4713d9246ca1c1c) C:\Windows\system32\DRIVERS\LV302V64.SYS 11:26:40.0244 4612 PID_PEPI - ok 11:26:40.0308 4612 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 11:26:40.0309 4612 PptpMiniport - ok 11:26:40.0329 4612 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 11:26:40.0330 4612 Processor - ok 11:26:40.0352 4612 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 11:26:40.0354 4612 Psched - ok 11:26:40.0389 4612 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 11:26:40.0402 4612 ql2300 - ok 11:26:40.0414 4612 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 11:26:40.0416 4612 ql40xx - ok 11:26:40.0432 4612 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 11:26:40.0433 4612 QWAVEdrv - ok 11:26:40.0448 4612 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 11:26:40.0449 4612 RasAcd - ok 11:26:40.0483 4612 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 11:26:40.0484 4612 RasAgileVpn - ok 11:26:40.0504 4612 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:26:40.0505 4612 Rasl2tp - ok 11:26:40.0532 4612 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 11:26:40.0533 4612 RasPppoe - ok 11:26:40.0548 4612 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 11:26:40.0550 4612 RasSstp - ok 11:26:40.0570 4612 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 11:26:40.0572 4612 rdbss - ok 11:26:40.0590 4612 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 11:26:40.0590 4612 rdpbus - ok 11:26:40.0607 4612 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:26:40.0608 4612 RDPCDD - ok 11:26:40.0634 4612 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 11:26:40.0635 4612 RDPDR - ok 11:26:40.0666 4612 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 11:26:40.0667 4612 RDPENCDD - ok 11:26:40.0679 4612 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 11:26:40.0680 4612 RDPREFMP - ok 11:26:40.0722 4612 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 11:26:40.0724 4612 RdpVideoMiniport - ok 11:26:40.0755 4612 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 11:26:40.0760 4612 RDPWD - ok 11:26:40.0788 4612 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 11:26:40.0793 4612 rdyboost - ok 11:26:40.0837 4612 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 11:26:40.0841 4612 RFCOMM - ok 11:26:40.0887 4612 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys 11:26:40.0889 4612 ROOTMODEM - ok 11:26:40.0941 4612 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys 11:26:40.0944 4612 RsFx0103 - ok 11:26:40.0957 4612 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 11:26:40.0959 4612 rspndr - ok 11:26:40.0978 4612 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys 11:26:40.0980 4612 RTL8167 - ok 11:26:40.0992 4612 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 11:26:40.0993 4612 s3cap - ok 11:26:41.0006 4612 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 11:26:41.0007 4612 sbp2port - ok 11:26:41.0029 4612 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 11:26:41.0029 4612 scfilter - ok 11:26:41.0071 4612 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 11:26:41.0073 4612 secdrv - ok 11:26:41.0103 4612 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 11:26:41.0103 4612 Serenum - ok 11:26:41.0119 4612 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 11:26:41.0120 4612 Serial - ok 11:26:41.0139 4612 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 11:26:41.0140 4612 sermouse - ok 11:26:41.0171 4612 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 11:26:41.0172 4612 sffdisk - ok 11:26:41.0187 4612 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 11:26:41.0189 4612 sffp_mmc - ok 11:26:41.0206 4612 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 11:26:41.0209 4612 sffp_sd - ok 11:26:41.0227 4612 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 11:26:41.0228 4612 sfloppy - ok 11:26:41.0255 4612 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:26:41.0255 4612 SiSRaid2 - ok 11:26:41.0269 4612 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 11:26:41.0270 4612 SiSRaid4 - ok 11:26:41.0294 4612 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 11:26:41.0295 4612 Smb - ok 11:26:41.0338 4612 snapman (0775cb5147953cce129bc3414740d109) C:\Windows\system32\DRIVERS\snapman.sys 11:26:41.0341 4612 snapman - ok 11:26:41.0352 4612 speedfan - ok 11:26:41.0371 4612 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 11:26:41.0371 4612 spldr - ok 11:26:41.0417 4612 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys 11:26:41.0424 4612 sptd - ok 11:26:41.0458 4612 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 11:26:41.0462 4612 srv - ok 11:26:41.0487 4612 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 11:26:41.0491 4612 srv2 - ok 11:26:41.0509 4612 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 11:26:41.0510 4612 srvnet - ok 11:26:41.0553 4612 ssadbus (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys 11:26:41.0557 4612 ssadbus - ok 11:26:41.0580 4612 ssadmdfl (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys 11:26:41.0582 4612 ssadmdfl - ok 11:26:41.0605 4612 ssadmdm (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys 11:26:41.0606 4612 ssadmdm - ok 11:26:41.0619 4612 ssadserd (5eb7da2f72b90c8398df9d7a82e43fcb) C:\Windows\system32\DRIVERS\ssadserd.sys 11:26:41.0620 4612 ssadserd - ok 11:26:41.0656 4612 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys 11:26:41.0657 4612 SSPORT - ok 11:26:41.0668 4612 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 11:26:41.0669 4612 stexstor - ok 11:26:41.0685 4612 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 11:26:41.0685 4612 storflt - ok 11:26:41.0702 4612 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 11:26:41.0703 4612 storvsc - ok 11:26:41.0722 4612 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 11:26:41.0723 4612 swenum - ok 11:26:41.0730 4612 Synth3dVsc - ok 11:26:41.0791 4612 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 11:26:41.0807 4612 Tcpip - ok 11:26:41.0834 4612 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 11:26:41.0842 4612 TCPIP6 - ok 11:26:41.0863 4612 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 11:26:41.0864 4612 tcpipreg - ok 11:26:41.0892 4612 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 11:26:41.0894 4612 TDPIPE - ok 11:26:41.0958 4612 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys 11:26:41.0973 4612 tdrpman258 - ok 11:26:41.0989 4612 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 11:26:41.0990 4612 TDTCP - ok 11:26:42.0013 4612 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 11:26:42.0014 4612 tdx - ok 11:26:42.0030 4612 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 11:26:42.0031 4612 TermDD - ok 11:26:42.0059 4612 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys 11:26:42.0060 4612 TFsExDisk - ok 11:26:42.0086 4612 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys 11:26:42.0094 4612 timounter - ok 11:26:42.0103 4612 truecrypt - ok 11:26:42.0133 4612 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:26:42.0134 4612 tssecsrv - ok 11:26:42.0147 4612 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 11:26:42.0149 4612 TsUsbFlt - ok 11:26:42.0154 4612 tsusbhub - ok 11:26:42.0189 4612 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 11:26:42.0191 4612 tunnel - ok 11:26:42.0208 4612 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 11:26:42.0209 4612 uagp35 - ok 11:26:42.0235 4612 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 11:26:42.0242 4612 udfs - ok 11:26:42.0283 4612 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 11:26:42.0284 4612 uliagpkx - ok 11:26:42.0312 4612 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 11:26:42.0312 4612 umbus - ok 11:26:42.0328 4612 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 11:26:42.0328 4612 UmPass - ok 11:26:42.0350 4612 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 11:26:42.0351 4612 usbaudio - ok 11:26:42.0376 4612 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 11:26:42.0390 4612 usbccgp - ok 11:26:42.0442 4612 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 11:26:42.0443 4612 usbcir - ok 11:26:42.0469 4612 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 11:26:42.0470 4612 usbehci - ok 11:26:42.0543 4612 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 11:26:42.0550 4612 usbhub - ok 11:26:42.0589 4612 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 11:26:42.0591 4612 usbohci - ok 11:26:42.0607 4612 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 11:26:42.0608 4612 usbprint - ok 11:26:42.0643 4612 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 11:26:42.0645 4612 usbscan - ok 11:26:42.0669 4612 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:26:42.0671 4612 USBSTOR - ok 11:26:42.0693 4612 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 11:26:42.0694 4612 usbuhci - ok 11:26:42.0721 4612 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys 11:26:42.0723 4612 usb_rndisx - ok 11:26:42.0766 4612 VComm (b9b0a0b9232a51bbde9f28ca41716d61) C:\Windows\system32\DRIVERS\VComm.sys 11:26:42.0767 4612 VComm - ok 11:26:42.0797 4612 VcommMgr (f1b2d9ac422f8b72bf417c8d77c85a3b) C:\Windows\system32\Drivers\VcommMgr.sys 11:26:42.0798 4612 VcommMgr - ok 11:26:42.0812 4612 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 11:26:42.0814 4612 vdrvroot - ok 11:26:42.0840 4612 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 11:26:42.0842 4612 vga - ok 11:26:42.0864 4612 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 11:26:42.0866 4612 VgaSave - ok 11:26:42.0885 4612 VGPU - ok 11:26:42.0913 4612 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 11:26:42.0918 4612 vhdmp - ok 11:26:42.0938 4612 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 11:26:42.0939 4612 viaide - ok 11:26:42.0956 4612 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 11:26:42.0958 4612 vmbus - ok 11:26:42.0974 4612 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 11:26:42.0975 4612 VMBusHID - ok 11:26:43.0014 4612 vmci (69f38919ff1510560d67f9a0b2375b01) C:\Windows\system32\drivers\vmci.sys 11:26:43.0015 4612 vmci - ok 11:26:43.0034 4612 VMnetAdapter (3c37a81c995aee1802c9d8dd9ea0e835) C:\Windows\system32\DRIVERS\vmnetadapter.sys 11:26:43.0034 4612 VMnetAdapter - ok 11:26:43.0074 4612 VMnetBridge (d3b25ed3a6796fe3078475d8cfcd6024) C:\Windows\system32\DRIVERS\vmnetbridge.sys 11:26:43.0075 4612 VMnetBridge - ok 11:26:43.0122 4612 VMnetuserif (ea48bef5bc53d6cb5fec8f9be088b337) C:\Windows\system32\drivers\vmnetuserif.sys 11:26:43.0125 4612 VMnetuserif - ok 11:26:43.0150 4612 VMparport (53b7f021f489649fe30733913fa4f3fc) C:\Windows\system32\drivers\VMparport.sys 11:26:43.0152 4612 VMparport - ok 11:26:43.0211 4612 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 11:26:43.0212 4612 volmgr - ok 11:26:43.0234 4612 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 11:26:43.0237 4612 volmgrx - ok 11:26:43.0255 4612 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 11:26:43.0257 4612 volsnap - ok 11:26:43.0272 4612 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys 11:26:43.0274 4612 vpcbus - ok 11:26:43.0288 4612 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys 11:26:43.0289 4612 vpcnfltr - ok 11:26:43.0310 4612 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys 11:26:43.0311 4612 vpcusb - ok 11:26:43.0349 4612 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys 11:26:43.0356 4612 vpcvmm - ok 11:26:43.0394 4612 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 11:26:43.0398 4612 vsmraid - ok 11:26:43.0496 4612 vstor2-mntapi10 (e755434912834b96b77a58867acaf279) D:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys 11:26:43.0498 4612 vstor2-mntapi10 - ok 11:26:43.0508 4612 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 11:26:43.0510 4612 vwifibus - ok 11:26:43.0529 4612 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 11:26:43.0530 4612 WacomPen - ok 11:26:43.0576 4612 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:26:43.0579 4612 WANARP - ok 11:26:43.0586 4612 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:26:43.0589 4612 Wanarpv6 - ok 11:26:43.0624 4612 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 11:26:43.0625 4612 Wd - ok 11:26:43.0649 4612 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 11:26:43.0655 4612 Wdf01000 - ok 11:26:43.0686 4612 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 11:26:43.0687 4612 WfpLwf - ok 11:26:43.0705 4612 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 11:26:43.0706 4612 WIMMount - ok 11:26:43.0771 4612 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 11:26:43.0771 4612 WmiAcpi - ok 11:26:43.0798 4612 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 11:26:43.0798 4612 ws2ifsl - ok 11:26:43.0832 4612 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 11:26:43.0833 4612 WudfPf - ok 11:26:43.0853 4612 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:26:43.0855 4612 WUDFRd - ok 11:26:43.0936 4612 X6va005 - ok 11:26:43.0966 4612 X6va006 - ok 11:26:44.0009 4612 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 11:26:44.0053 4612 \Device\Harddisk0\DR0 - ok 11:26:44.0056 4612 Boot (0x1200) (1fe89318b417ead26e3867eb8d47b7f9) \Device\Harddisk0\DR0\Partition0 11:26:44.0057 4612 \Device\Harddisk0\DR0\Partition0 - ok 11:26:44.0064 4612 Boot (0x1200) (a3813defb94f524cc52d9d243cbb7593) \Device\Harddisk0\DR0\Partition1 11:26:44.0065 4612 \Device\Harddisk0\DR0\Partition1 - ok 11:26:44.0079 4612 Boot (0x1200) (0b6f2c743b70167daef7b258f61f72f2) \Device\Harddisk0\DR0\Partition2 11:26:44.0080 4612 \Device\Harddisk0\DR0\Partition2 - ok 11:26:44.0094 4612 Boot (0x1200) (93faec31df714ce9c44a49eaf76e2c79) \Device\Harddisk0\DR0\Partition3 11:26:44.0095 4612 \Device\Harddisk0\DR0\Partition3 - ok 11:26:44.0112 4612 Boot (0x1200) (c986a3428c21cdba370e8072651a2967) \Device\Harddisk0\DR0\Partition4 11:26:44.0112 4612 \Device\Harddisk0\DR0\Partition4 - ok 11:26:44.0113 4612 ============================================================ 11:26:44.0113 4612 Scan finished 11:26:44.0113 4612 ============================================================ 11:26:44.0121 4560 Detected object count: 0 11:26:44.0121 4560 Actual detected object count: 0 11:27:18.0656 3108 Deinitialize success |
|
05.03.2012, 11:30
| #7 | |
| /// Malwareteam | SystemCheck - falsches Tools - Virus oder Malware?? Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
05.03.2012, 12:46
| #8 |
| | SystemCheck - falsches Tools - Virus oder Malware?? Hallo Marius, das combofix Log. vg, robibor Combofix Logfile: Code:
ATTFilter ComboFix 12-03-04.02 - uwe 05.03.2012 11:58:40.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8183.5084 [GMT 1:00]
ausgeführt von:: c:\users\uwe\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\umon.exe
c:\users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\uwe\SetupCloneDVD_2.9.3.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-05 bis 2012-03-05 ))))))))))))))))))))))))))))))
.
.
2012-03-05 11:07 . 2012-03-05 11:07 -------- d-----w- c:\users\ugehrau\AppData\Local\temp
2012-03-05 11:07 . 2012-03-05 11:07 -------- d-----w- c:\users\mathis\AppData\Local\temp
2012-03-05 11:07 . 2012-03-05 11:07 -------- d-----w- c:\users\ggehrau\AppData\Local\temp
2012-03-05 11:07 . 2012-03-05 11:07 -------- d-----w- c:\users\frauke\AppData\Local\temp
2012-03-05 11:07 . 2012-03-05 11:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 11:07 . 2012-03-05 11:07 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-03-04 10:23 . 2012-03-04 10:23 -------- d-----w- c:\users\ugehrau\AppData\Local\Aspyr
2012-03-01 08:17 . 2012-03-01 08:17 -------- d-----w- c:\users\uwe\AppData\Roaming\Malwarebytes
2012-03-01 08:17 . 2012-03-01 08:17 -------- d-----w- c:\programdata\Malwarebytes
2012-03-01 08:17 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 16:39 . 2012-02-29 16:39 -------- d-----w- c:\users\uwe\AppData\Roaming\ACD Systems
2012-02-28 11:26 . 2012-02-28 11:29 -------- d-----w- c:\users\uwe\AppData\Roaming\Mp3tag
2012-02-25 22:00 . 2012-02-25 22:00 -------- d-----w- c:\programdata\ACD Systems
2012-02-25 22:00 . 2012-02-25 22:00 -------- d-----w- c:\program files (x86)\Common Files\ACD Systems
2012-02-25 09:05 . 2012-02-25 14:31 -------- d-----w- c:\users\uwe\AppData\Roaming\Amkaa
2012-02-24 23:09 . 2012-02-26 16:58 -------- d-----w- c:\users\uwe\AppData\Roaming\MyPhoneExplorer
2012-02-24 07:46 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3D88983-0AD7-4114-9246-D15ACCD16662}\mpengine.dll
2012-02-20 20:40 . 2012-02-20 20:40 -------- d-----w- c:\users\ggehrau\AppData\Local\Adobe
2012-02-20 19:16 . 2012-02-20 19:16 -------- d-----w- c:\users\frauke\AppData\Local\Adobe
2012-02-20 07:27 . 2012-02-20 07:27 -------- d-----w- c:\users\uwe\AppData\Local\Adobe
2012-02-20 07:26 . 2012-02-20 07:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-02-19 11:10 . 2012-02-19 11:10 -------- d-----w- c:\users\frauke\AppData\Roaming\Apple Computer
2012-02-17 13:41 . 2012-02-17 13:42 54 ----a-w- c:\users\uwe\goandroid.bat
2012-02-17 10:12 . 2012-02-17 10:12 -------- d-----w- c:\users\mathis\AppData\Roaming\Apple Computer
2012-02-16 19:59 . 2012-02-16 19:59 -------- d-----w- c:\users\ggehrau\AppData\Roaming\Apple Computer
2012-02-16 14:48 . 2012-02-16 14:48 -------- d-----w- c:\users\ugehrau\AppData\Roaming\Apple Computer
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2012-02-16 12:42 . 2012-02-16 12:43 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-16 12:42 . 2012-02-16 12:42 -------- d-----w- c:\programdata\Apple Computer
2012-02-16 11:27 . 2012-02-16 11:27 -------- d-----w- C:\glassfish3
2012-02-16 11:22 . 2012-02-16 11:23 -------- d-----w- c:\program files\Oracle
2012-02-16 11:22 . 2012-01-10 12:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-15 07:01 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 07:01 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 07:01 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 07:01 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 07:01 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:01 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 07:01 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:01 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 11:02 . 2012-02-14 11:02 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-02-12 19:22 . 2012-02-19 14:00 -------- d-----w- c:\users\frauke\AppData\Roaming\ExpressFiles
2012-02-12 09:28 . 2012-03-01 12:46 -------- d-----w- c:\users\uwe\.dvdcss
2012-02-12 09:28 . 2012-02-12 09:28 -------- d-----w- c:\users\uwe\AppData\Local\MPlayer
2012-02-11 17:06 . 2012-02-22 06:18 -------- d-----w- c:\users\ggehrau\AppData\Roaming\ExpressFiles
2012-02-11 13:23 . 2012-02-20 17:36 -------- d-----w- c:\users\ugehrau\AppData\Roaming\ExpressFiles
2012-02-11 13:21 . 2012-02-11 13:21 -------- d-----w- c:\users\ugehrau\AppData\Local\ElevatedDiagnostics
2012-02-11 07:34 . 2012-02-20 17:44 -------- d-----w- c:\users\mathis\AppData\Roaming\ExpressFiles
2012-02-08 07:36 . 2012-02-08 07:36 -------- d-----w- c:\program files (x86)\Evoluent
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 09:45 . 2011-03-13 10:30 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-04 09:45 . 2011-03-13 07:53 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-29 16:37 . 2011-05-15 18:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-16 09:19 . 2011-03-13 07:53 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-29 04:10 . 2009-12-31 11:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 12:28 . 2011-04-21 15:43 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-08 09:53 . 2011-03-13 07:53 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2009-04-30 05:45 36864 --sh--r- c:\windows\ShutDownApp\Cassia.dll
2011-04-09 23:23 121856 --sh--r- c:\windows\ShutDownApp\global.dll
2010-05-25 10:55 200704 --sh--r- c:\windows\ShutDownApp\ICSharpCode.SharpZipLib.dll
2010-10-26 13:03 119296 --sh--r- c:\windows\ShutDownApp\Microsoft.Win32.TaskScheduler.dll
2011-04-09 23:23 7168 --sh--r- c:\windows\ShutDownApp\sdasvc.exe
2011-04-09 23:23 19456 --sha-r- c:\windows\ShutDownApp\sdausr.exe
2011-04-09 23:23 91648 --sh--r- c:\windows\ShutDownApp\svc.dll
2010-04-18 12:34 904704 --sh--r- c:\windows\ShutDownApp\System.Data.SQLite.DLL
2011-05-19 20:22 99174 --sh--r- c:\windows\ShutDownApp\uninstall.exe
2011-02-04 03:00 13824 --sh--r- c:\windows\ShutDownApp\updater.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Winload\prxtbWin0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 20:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2011-03-23 15:12 931696 ----a-w- c:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2009-07-13 6017176]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"sdaumon"="c:\programdata\Microsoft\Network\umon.exe" [2011-04-09 19456]
"ChicoSys"="c:\windows\SysWOW64\cc32\webtmr.exe" [2009-07-13 5658776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2009-07-13 6017176]
.
c:\users\frauke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\ggehrau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\mathis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Stardock ObjectDock.lnk - d:\tools\system\ObjectDock\ObjectDock.exe [2010-3-11 3450608]
.
c:\users\ugehrau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\uwe\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableClock"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched^32*Registry: HKLM:RUN
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
R2 ksupmgr;File-/Update Service;c:\windows\SysWOW64\ksupmgr.exe [2010-08-25 765592]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R3 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-09 2480048]
R3 ALSysIO;ALSysIO;c:\users\uwe\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\SysWOW64\drivers\bmdrvr.sys [2009-04-17 34864]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-25 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vmware-converter-agent;VMware vCenter Converter Agent;d:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2009-04-17 428592]
R3 vmware-converter-server;VMware vCenter Converter Server;d:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2009-04-17 428592]
R3 VMwareServerWebAccess;VMware Server Web Access;d:\tools\virtualisierung\vmware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
R3 X6va005;X6va005;c:\users\ugehrau\AppData\Local\Temp\0059563.tmp [x]
R3 X6va006;X6va006;c:\users\ugehrau\AppData\Local\Temp\00649DF.tmp [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\tools\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 HDD & SSD access service;HDD & SSD access service;c:\program files (x86)\Common Files\BinarySense\disksvc.exe [2009-11-13 205976]
S2 MBAMService;MBAMService;d:\tools\system\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 sda;SDA Dienst;c:\windows\ShutDownApp\sdasvc.exe [2011-04-09 7168]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 vstor2-mntapi10;Vstor2 MntApi 1.0 Driver;d:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys [2009-04-17 32816]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1001Core.job
- c:\users\uwe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 15:26]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1001UA.job
- c:\users\uwe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 15:26]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1015Core.job
- c:\users\ggehrau\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 09:32]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1015UA.job
- c:\users\ggehrau\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 09:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2010-01-30 13:45 259072 ----a-w- d:\tools\system\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2010-01-30 13:45 259072 ----a-w- d:\tools\system\LinkShellExtension\HardlinkShellExt.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/home?AF=15627
uInternet Settings,ProxyOverride = *.local
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
LSP: d:\tools\virtualisierung\vmware\VMware Server\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\users\uwe\AppData\Roaming\Mozilla\Firefox\Profiles\dxmcai45.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - file:///E:/Liste-Server/listeserver1.html
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-DivX2Mp4_is1 - d:\tools\multimedia\video\DivX2Mp4\unins000.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe
AddRemove-Project Eden - c:\windows\IsUn0407.exe
AddRemove-{6B34251B-AB68-4b47-AA5E-09B50EFE41A0} - d:\spiele\Battlefield Heroes-Dateien\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\ugehrau\AppData\Local\Temp\0059563.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\ugehrau\AppData\Local\Temp\00649DF.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,75,4f,76,7c,11,2e,48,93,24,07,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,75,4f,76,7c,11,2e,48,93,24,07,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\tools\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\windows\SysWOW64\cchservice.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-05 12:24:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-05 11:24
ComboFix2.txt 2012-02-14 12:24
.
Vor Suchlauf: 21 Verzeichnis(se), 67.757.109.248 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 68.544.040.960 Bytes frei
.
- - End Of File - - 43F3C06D0648245D75B41957FF6B1A70
|
|
05.03.2012, 14:40
| #9 |
| /// Malwareteam | SystemCheck - falsches Tools - Virus oder Malware?? Schritt 1: Software deinstallieren Klicke auf Start-->Systemsteuerung, wähle Programme und Funktionen. Suche und deinstalliere folgende Software: Code:
ATTFilter Conduit engine
Babylon toolbar
Kikin
Ask toolbar
Winload toolbar
Schritt 2: CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter DirLook::
c:\users\uwe\AppData\Roaming\Amkaa
Wichtig:
Schritt 3: Neues OTL-Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! Geändert von Psychotic (05.03.2012 um 14:47 Uhr) |
|
05.03.2012, 15:30
| #10 |
| | SystemCheck - falsches Tools - Virus oder Malware?? Hallo Marius, Combofix Logfile: Code:
ATTFilter ComboFix 12-03-04.02 - uwe 05.03.2012 14:54:14.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8183.6180 [GMT 1:00]
ausgeführt von:: c:\users\uwe\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\uwe\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\umon.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-05 bis 2012-03-05 ))))))))))))))))))))))))))))))
.
.
2012-03-05 14:03 . 2012-03-05 14:03 -------- d-----w- c:\users\ugehrau\AppData\Local\temp
2012-03-05 14:03 . 2012-03-05 14:03 -------- d-----w- c:\users\mathis\AppData\Local\temp
2012-03-05 14:03 . 2012-03-05 14:03 -------- d-----w- c:\users\ggehrau\AppData\Local\temp
2012-03-05 14:03 . 2012-03-05 14:03 -------- d-----w- c:\users\frauke\AppData\Local\temp
2012-03-05 14:03 . 2012-03-05 14:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 14:03 . 2012-03-05 14:03 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-03-04 10:23 . 2012-03-04 10:23 -------- d-----w- c:\users\ugehrau\AppData\Local\Aspyr
2012-03-01 08:17 . 2012-03-01 08:17 -------- d-----w- c:\users\uwe\AppData\Roaming\Malwarebytes
2012-03-01 08:17 . 2012-03-01 08:17 -------- d-----w- c:\programdata\Malwarebytes
2012-03-01 08:17 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 16:39 . 2012-02-29 16:39 -------- d-----w- c:\users\uwe\AppData\Roaming\ACD Systems
2012-02-28 11:26 . 2012-02-28 11:29 -------- d-----w- c:\users\uwe\AppData\Roaming\Mp3tag
2012-02-25 22:00 . 2012-02-25 22:00 -------- d-----w- c:\programdata\ACD Systems
2012-02-25 22:00 . 2012-02-25 22:00 -------- d-----w- c:\program files (x86)\Common Files\ACD Systems
2012-02-25 09:05 . 2012-02-25 14:31 -------- d-----w- c:\users\uwe\AppData\Roaming\Amkaa
2012-02-24 23:09 . 2012-02-26 16:58 -------- d-----w- c:\users\uwe\AppData\Roaming\MyPhoneExplorer
2012-02-24 07:46 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3D88983-0AD7-4114-9246-D15ACCD16662}\mpengine.dll
2012-02-20 20:40 . 2012-02-20 20:40 -------- d-----w- c:\users\ggehrau\AppData\Local\Adobe
2012-02-20 19:16 . 2012-02-20 19:16 -------- d-----w- c:\users\frauke\AppData\Local\Adobe
2012-02-20 07:27 . 2012-02-20 07:27 -------- d-----w- c:\users\uwe\AppData\Local\Adobe
2012-02-20 07:26 . 2012-02-20 07:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-02-19 11:10 . 2012-02-19 11:10 -------- d-----w- c:\users\frauke\AppData\Roaming\Apple Computer
2012-02-17 13:41 . 2012-02-17 13:42 54 ----a-w- c:\users\uwe\goandroid.bat
2012-02-17 10:12 . 2012-02-17 10:12 -------- d-----w- c:\users\mathis\AppData\Roaming\Apple Computer
2012-02-16 19:59 . 2012-02-16 19:59 -------- d-----w- c:\users\ggehrau\AppData\Roaming\Apple Computer
2012-02-16 14:48 . 2012-02-16 14:48 -------- d-----w- c:\users\ugehrau\AppData\Roaming\Apple Computer
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-02-16 12:43 . 2012-02-16 12:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2012-02-16 12:42 . 2012-02-16 12:43 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-16 12:42 . 2012-02-16 12:42 -------- d-----w- c:\programdata\Apple Computer
2012-02-16 11:27 . 2012-02-16 11:27 -------- d-----w- C:\glassfish3
2012-02-16 11:22 . 2012-02-16 11:23 -------- d-----w- c:\program files\Oracle
2012-02-16 11:22 . 2012-01-10 12:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-15 07:01 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 07:01 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 07:01 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 07:01 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 07:01 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:01 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 07:01 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:01 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 11:02 . 2012-02-14 11:02 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-02-12 19:22 . 2012-02-19 14:00 -------- d-----w- c:\users\frauke\AppData\Roaming\ExpressFiles
2012-02-12 09:28 . 2012-03-01 12:46 -------- d-----w- c:\users\uwe\.dvdcss
2012-02-12 09:28 . 2012-02-12 09:28 -------- d-----w- c:\users\uwe\AppData\Local\MPlayer
2012-02-11 17:06 . 2012-02-22 06:18 -------- d-----w- c:\users\ggehrau\AppData\Roaming\ExpressFiles
2012-02-11 13:23 . 2012-02-20 17:36 -------- d-----w- c:\users\ugehrau\AppData\Roaming\ExpressFiles
2012-02-11 13:21 . 2012-02-11 13:21 -------- d-----w- c:\users\ugehrau\AppData\Local\ElevatedDiagnostics
2012-02-11 07:34 . 2012-02-20 17:44 -------- d-----w- c:\users\mathis\AppData\Roaming\ExpressFiles
2012-02-08 07:36 . 2012-02-08 07:36 -------- d-----w- c:\program files (x86)\Evoluent
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 09:45 . 2011-03-13 10:30 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-04 09:45 . 2011-03-13 07:53 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-29 16:37 . 2011-05-15 18:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-16 09:19 . 2011-03-13 07:53 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-29 04:10 . 2009-12-31 11:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 12:28 . 2011-04-21 15:43 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-08 09:53 . 2011-03-13 07:53 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2009-04-30 05:45 36864 --sh--r- c:\windows\ShutDownApp\Cassia.dll
2011-04-09 23:23 121856 --sh--r- c:\windows\ShutDownApp\global.dll
2010-05-25 10:55 200704 --sh--r- c:\windows\ShutDownApp\ICSharpCode.SharpZipLib.dll
2010-10-26 13:03 119296 --sh--r- c:\windows\ShutDownApp\Microsoft.Win32.TaskScheduler.dll
2011-04-09 23:23 7168 --sh--r- c:\windows\ShutDownApp\sdasvc.exe
2011-04-09 23:23 19456 --sha-r- c:\windows\ShutDownApp\sdausr.exe
2011-04-09 23:23 91648 --sh--r- c:\windows\ShutDownApp\svc.dll
2010-04-18 12:34 904704 --sh--r- c:\windows\ShutDownApp\System.Data.SQLite.DLL
2011-05-19 20:22 99174 --sh--r- c:\windows\ShutDownApp\uninstall.exe
2011-02-04 03:00 13824 --sh--r- c:\windows\ShutDownApp\updater.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\uwe\AppData\Roaming\Amkaa ----
.
2012-02-25 14:31 . 2012-03-01 08:41 322453 ----a-w- c:\users\uwe\AppData\Roaming\Amkaa\orkuh.efv
2010-07-05 20:10 . 2012-02-25 09:05 29257 ----a-w- c:\users\uwe\AppData\Roaming\Amkaa\orkuh.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_11.10.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-11 20:55 . 2012-03-05 13:09 79814 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-03-05 09:37 36892 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-05 13:09 36892 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-31 14:58 . 2012-03-05 13:09 16842 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4034204148-3353989843-4214094598-1001_UserData.bin
+ 2012-03-05 14:04 . 2012-03-05 14:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-05 11:09 . 2012-03-05 11:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-05 14:04 . 2012-03-05 14:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-05 11:09 . 2012-03-05 11:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-03-05 11:08 288644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-05 14:03 288644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-05 14:08 . 2009-07-13 23:15 4813180 c:\windows\SysWOW64\wdrv\wdrvbdb.bin
- 2012-03-05 11:10 . 2009-07-13 23:15 4813180 c:\windows\SysWOW64\wdrv\wdrvbdb.bin
- 2011-05-02 20:32 . 2012-03-05 11:08 2590398 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4034204148-3353989843-4214094598-1001-12288.dat
+ 2011-05-02 20:32 . 2012-03-05 13:04 2590398 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4034204148-3353989843-4214094598-1001-12288.dat
- 2011-02-21 22:15 . 2012-03-05 11:08 22185528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4034204148-3353989843-4214094598-1001-8192.dat
+ 2011-02-21 22:15 . 2012-03-05 14:03 22185528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4034204148-3353989843-4214094598-1001-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Winload\prxtbWin0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 20:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2011-03-23 15:12 931696 ----a-w- c:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWin0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2009-07-13 6017176]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"sdaumon"="c:\programdata\Microsoft\Network\umon.exe" [2011-04-09 19456]
"ChicoSys"="c:\windows\SysWOW64\cc32\webtmr.exe" [2009-07-13 5658776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="d:\tools\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2009-07-13 6017176]
.
c:\users\frauke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\ggehrau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\mathis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Stardock ObjectDock.lnk - d:\tools\system\ObjectDock\ObjectDock.exe [2010-3-11 3450608]
.
c:\users\ugehrau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
OpenOffice.org 3.3.lnk - d:\tools\office\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\uwe\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableClock"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched^32*Registry: HKLM:RUN
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
R2 ksupmgr;File-/Update Service;c:\windows\SysWOW64\ksupmgr.exe [2010-08-25 765592]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R3 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-09 2480048]
R3 ALSysIO;ALSysIO;c:\users\uwe\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 bmdrvr;Modified Clusters Tracking Driver;c:\windows\SysWOW64\drivers\bmdrvr.sys [2009-04-17 34864]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-25 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vmware-converter-agent;VMware vCenter Converter Agent;d:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2009-04-17 428592]
R3 vmware-converter-server;VMware vCenter Converter Server;d:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2009-04-17 428592]
R3 VMwareServerWebAccess;VMware Server Web Access;d:\tools\virtualisierung\vmware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
R3 X6va005;X6va005;c:\users\ugehrau\AppData\Local\Temp\0059563.tmp [x]
R3 X6va006;X6va006;c:\users\ugehrau\AppData\Local\Temp\00649DF.tmp [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\tools\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 HDD & SSD access service;HDD & SSD access service;c:\program files (x86)\Common Files\BinarySense\disksvc.exe [2009-11-13 205976]
S2 MBAMService;MBAMService;d:\tools\system\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 sda;SDA Dienst;c:\windows\ShutDownApp\sdasvc.exe [2011-04-09 7168]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 vstor2-mntapi10;Vstor2 MntApi 1.0 Driver;d:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys [2009-04-17 32816]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1001Core.job
- c:\users\uwe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 15:26]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1001UA.job
- c:\users\uwe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 15:26]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1015Core.job
- c:\users\ggehrau\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 09:32]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1015UA.job
- c:\users\ggehrau\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 09:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\uwe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2010-01-30 13:45 259072 ----a-w- d:\tools\system\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2010-01-30 13:45 259072 ----a-w- d:\tools\system\LinkShellExtension\HardlinkShellExt.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/home?AF=15627
uInternet Settings,ProxyOverride = *.local
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
LSP: d:\tools\virtualisierung\vmware\VMware Server\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\users\uwe\AppData\Roaming\Mozilla\Firefox\Profiles\dxmcai45.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - file:///E:/Liste-Server/listeserver1.html
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\ugehrau\AppData\Local\Temp\0059563.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\ugehrau\AppData\Local\Temp\00649DF.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,75,4f,76,7c,11,2e,48,93,24,07,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,75,4f,76,7c,11,2e,48,93,24,07,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\tools\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\windows\SysWOW64\cchservice.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-05 15:21:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-05 14:21
ComboFix2.txt 2012-03-05 11:24
ComboFix3.txt 2012-02-14 12:24
.
Vor Suchlauf: 21 Verzeichnis(se), 68.600.541.184 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 68.282.720.256 Bytes frei
.
- - End Of File - - AFF09F06B0D3AC3E966744D82B42101E
VG, robibor Schei.. habe was vermasselt. Habe den Schritt 1 nicht erledigt. Ist noch was zu retten?? Geändert von robibor (05.03.2012 um 15:51 Uhr) |
|
05.03.2012, 15:39
| #11 |
| /// Malwareteam | SystemCheck - falsches Tools - Virus oder Malware?? und wo sind die beiden OTL-Dateien? 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
05.03.2012, 16:35
| #12 |
| | SystemCheck - falsches Tools - Virus oder Malware?? So hier die 2 Files. OTL.Txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.03.2012 16:27:16 - Run 6 OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\uwe\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 5,15 Gb Available Physical Memory | 64,41% Memory free 15,98 Gb Paging File | 13,31 Gb Available in Paging File | 83,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200,00 Gb Total Space | 63,70 Gb Free Space | 31,85% Space Free | Partition Type: NTFS Drive D: | 500,00 Gb Total Space | 50,76 Gb Free Space | 10,15% Space Free | Partition Type: NTFS Drive E: | 400,00 Gb Total Space | 127,23 Gb Free Space | 31,81% Space Free | Partition Type: NTFS Drive F: | 162,80 Gb Total Space | 61,09 Gb Free Space | 37,52% Space Free | Partition Type: NTFS Drive G: | 6,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ATHOS | User Name: uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\uwe\Desktop\OTL.exe (OldTimer Tools) PRC - D:\browser\firefox35\firefox.exe (Mozilla Corporation) PRC - D:\browser\firefox35\plugin-container.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - D:\tools\system\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\tools\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\tools\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\ShutDownApp\sdasvc.exe () PRC - C:\ProgramData\Microsoft\Network\umon.exe () PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe (BinarySense Ltd.) PRC - C:\Windows\SysWOW64\cchservice.exe (Salfeld Computer) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - D:\browser\firefox35\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\ProgramData\Microsoft\Network\umon.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll () SRV - (MBAMService) -- D:\tools\system\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- D:\tools\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\tools\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (sda) -- C:\Windows\ShutDownApp\sdasvc.exe () SRV - (ksupmgr) -- C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (HDD & SSD access service) -- C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe (BinarySense Ltd.) SRV - (VMwareServerWebAccess) -- D:\tools\virtualisierung\vmware\VMware Server\tomcat\bin\Tomcat6.exe (Apache Software Foundation) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (vmware-converter-server) -- D:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.) SRV - (vmware-converter-agent) -- D:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (JakNDisMP) -- C:\Windows\SysNative\drivers\JakNDis.sys (Jaksta LLC) DRV:64bit: - (JakNDis) -- C:\Windows\SysNative\drivers\JakNDis.sys (Jaksta LLC) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (BlueletAudio) -- C:\Windows\SysNative\drivers\blueletaudio.sys (IVT Corporation.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.) DRV:64bit: - (BlueletSCOAudio) -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV:64bit: - (BT) -- C:\Windows\SysNative\drivers\BtNetDrv.sys (IVT Corporation.) DRV:64bit: - (VcommMgr) -- C:\Windows\SysNative\drivers\VcommMgr.sys (IVT Corporation.) DRV:64bit: - (VComm) -- C:\Windows\SysNative\drivers\VComm.sys (IVT Corporation.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (bmdrvr) -- C:\Windows\SysWOW64\drivers\bmdrvr.sys (VMware, Inc.) DRV - (vstor2-mntapi10) -- D:\tools\virtualisierung\vmware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys (VMware, Inc.) DRV - (BlueletAudio) -- C:\Windows\SysWOW64\drivers\blueletaudio.sys (IVT Corporation.) DRV - (Btcsrusb) -- C:\Windows\SysWOW64\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\SysWOW64\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\SysWOW64\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\SysWOW64\drivers\VComm.sys (IVT Corporation.) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) DRV - (FreshIO) -- D:\tools\system\FreshDiagnose\FreshIO.sys () DRV - (Aspi32) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 F5 57 DD EF 77 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "file:///E:/Liste-Server/listeserver1.html" FF - prefs.js..extensions.enabledItems: jsonview@brh.numbera.com:0.5 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13 FF - prefs.js..extensions.enabledItems: csscoverage@spaghetticoder.org:0.2.4 FF - prefs.js..extensions.enabledItems: dictlookup@arnhold.com:0.0.4 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.2 FF - prefs.js..extensions.enabledItems: historyTree@norman.solomon:1.2 FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.2.2.0 FF - prefs.js..extensions.enabledItems: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca}:2.0.5 FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:3.1.7 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.6.1 FF - prefs.js..extensions.enabledItems: {8A6C82A1-F6C9-481a-AAE7-C96444C9A754}:5.1.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1 FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.122581 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: xlt-scriptrecorder@xceptance.com:3.3.5 FF - prefs.js..extensions.enabledItems: {7eb3f691-25b4-4a85-9038-9e57e2bcd537}:0.4.4 FF - prefs.js..extensions.enabledItems: {636fd8b0-ce2b-4e00-b812-2afbe77ee899}:1.4.5 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.21 FF - prefs.js..extensions.enabledItems: {F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}:1.6.0 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1 FF - prefs.js..extensions.enabledItems: {D9CFDC5F-081E-420c-A108-A628AC2E556B}:2.0 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: capturefoxmovie@advancity.net:0.7.0 FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.8 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5 FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0 FF - prefs.js..extensions.enabledItems: {0bdb2530-7a5e-11df-93f2-0800200c9a66}:1.2.2.20101221 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94 FF - prefs.js..extensions.enabledItems: translator@zoli.bod:1.0.6 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\uwe\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\uwe\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.15 14:34:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.21 21:51:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\browser\firefox35\components [2012.02.17 12:42:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\browser\firefox35\plugins [2012.02.20 08:26:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: D:\browser\firefox358\components [2012.02.16 13:43:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: D:\browser\firefox358\plugins [2012.02.20 08:26:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: D:\tools\internet\mail\thunderbird20024\components [2012.02.16 13:43:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.21 21:51:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\browser\firefox358\components [2012.02.16 13:43:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\browser\firefox358\plugins [2012.02.20 08:26:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\browser\firefox35\components [2012.02.17 12:42:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\browser\firefox35\plugins [2012.02.20 08:26:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: D:\tools\internet\mail\thunderbird20024\components [2012.02.16 13:43:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: D:\tools\internet\mail\thunderbird20024\plugins [2010.01.16 22:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Extensions [2010.01.16 22:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.03.05 16:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\3b63qqyk.Schnell ohne alles\extensions [2011.12.03 16:29:19 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\3b63qqyk.Schnell ohne alles\extensions\battlefieldplay4free@ea.com [2011.10.16 18:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\aikyvwdm.Test\extensions [2011.07.03 07:34:21 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\aikyvwdm.Test\extensions\battlefieldheroespatcher@ea.com [2011.10.16 18:53:49 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\aikyvwdm.Test\extensions\battlefieldplay4free@ea.com [2012.03.01 22:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions [2011.05.07 20:15:48 | 000,000,000 | ---D | M] (Transit Widget Emulator) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{0bdb2530-7a5e-11df-93f2-0800200c9a66} [2010.12.15 09:56:05 | 000,000,000 | ---D | M] ("Enhanced History Manager [de]") -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{36EC55C0-D27E-11d8-9418-444553540001} [2011.02.16 20:36:36 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.05.15 21:23:54 | 000,000,000 | ---D | M] (XPather) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{636fd8b0-ce2b-4e00-b812-2afbe77ee899} [2010.08.13 20:59:31 | 000,000,000 | ---D | M] (XPath Checker) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537} [2011.11.30 15:48:17 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2012.01.10 22:08:50 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2011.08.27 22:02:29 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2010.02.22 08:34:07 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2011.12.27 22:18:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.22 07:30:38 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2011.01.08 22:13:44 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011.06.23 20:22:19 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2010.11.26 18:30:15 | 000,000,000 | ---D | M] (GridFox) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{D9CFDC5F-081E-420c-A108-A628AC2E556B} [2011.06.09 16:35:31 | 000,000,000 | ---D | M] (Capture Fox) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\capturefoxmovie@advancity.net [2010.03.25 13:14:42 | 000,000,000 | ---D | M] (Dictionary (EN/DE)) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\dictlookup@arnhold.com [2010.01.25 08:50:48 | 000,000,000 | ---D | M] (History Tree) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\historyTree@norman.solomon [2011.11.12 07:22:52 | 000,000,000 | ---D | M] (Pixel Perfect) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\pixelperfectplugin@openhouseconcepts.com [2010.02.11 19:52:57 | 000,000,000 | ---D | M] (VMware Remote Console Plug-in) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\VMwareVMRC@vmware.com [2011.01.16 20:27:14 | 000,000,000 | ---D | M] ("XLT Script Recorder") -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\xlt-scriptrecorder@xceptance.com [2011.05.07 20:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{0bdb2530-7a5e-11df-93f2-0800200c9a66}\modules\api\wac\extensions [2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\uwe\AppData\Roaming\Mozilla\Firefox\Profiles\dxmcai45.default\searchplugins\conduit.xml () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{563E4790-7E70-11DA-A72B-0800200C9A66}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{6DFC4F52-26F0-4E5F-89C7-31D6DE480DB9}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{8A6C82A1-F6C9-481A-AAE7-C96444C9A754}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{C666C018-6409-4479-AFA3-68E4129E7EFF}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{CF15270E-CF08-4DEF-B4EA-6A5AC23F3BCA}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{F5DDF39C-9293-4D5E-9AA8-E04E6DD5E9B4}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\CSSCOVERAGE@SPAGHETTICODER.ORG.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\JSONVIEW@BRH.NUMBERA.COM.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\SQLITEMANAGER@MRINALKANT.BLOGSPOT.COM.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\TRANSLATOR@ZOLI.BOD.XPI ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\uwe\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\uwe\AppData\Local\Google\Chrome\Application\16.0.912.75\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\uwe\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\browser\firefox35\plugins\np-mswmp.dll CHR - plugin: Windows Genuine Advantage (Enabled) = D:\browser\firefox35\plugins\npLegitCheckPlugin.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = D:\browser\firefox35\plugins\NPPDLicenseHelper.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = D:\browser\firefox35\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = D:\browser\firefox35\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = D:\browser\firefox35\plugins\nprpjplug.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\uwe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Babylon Translator = C:\Users\uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0\ O1 HOSTS File: ([2012.03.05 15:08:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] D:\tools\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [sdaumon] C:\ProgramData\Microsoft\Network\umon.exe () O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - Startup: C:\Users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\uwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCpl = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - DD:\tools\virtualisierung\vmware\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - DD:\tools\virtualisierung\vmware\x64\vsocklib.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\tools\virtualisierung\vmware\VMware Server\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\tools\virtualisierung\vmware\VMware Server\vsocklib.dll (VMware, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3545A51-C0E5-4C69-A812-F938652B1D70}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.17 09:03:23 | 000,000,024 | R--- | M] () - G:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.05 11:41:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.03.05 11:39:30 | 004,427,148 | R--- | C] (Swearware) -- C:\Users\uwe\Desktop\ComboFix.exe [2012.03.05 11:25:59 | 000,000,000 | ---D | C] -- C:\Users\uwe\Desktop\tdsskiller [2012.03.05 10:39:06 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\uwe\Desktop\TDSSKiller.exe [2012.03.05 10:38:56 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\uwe\Desktop\aswMBR.exe [2012.03.01 09:17:27 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Malwarebytes [2012.03.01 09:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.01 09:17:20 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.01 09:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.29 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\ACD Systems [2012.02.28 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Mp3tag [2012.02.25 23:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems [2012.02.25 23:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems [2012.02.25 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems [2012.02.25 10:05:36 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Amkaa [2012.02.25 00:09:46 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\MyPhoneExplorer [2012.02.25 00:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2012.02.20 08:27:05 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Local\Adobe [2012.02.20 08:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.02.20 08:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.02.20 08:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.02.19 20:44:03 | 000,000,000 | ---D | C] -- C:\Users\uwe\Desktop\gtd [2012.02.17 14:11:05 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind [2012.02.17 14:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind [2012.02.17 14:10:53 | 000,000,000 | ---D | C] -- C:\Users\uwe\Application Data [2012.02.16 13:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.02.16 13:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.02.16 13:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.02.16 12:27:46 | 000,000,000 | ---D | C] -- C:\glassfish3 [2012.02.16 12:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.02.16 12:22:22 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012.02.15 17:50:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.02.15 17:50:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.02.15 17:50:12 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.02.15 17:50:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.02.15 17:50:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.02.15 17:50:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.02.15 17:50:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.02.15 17:50:11 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.02.15 17:50:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.02.15 17:50:11 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.02.15 17:50:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.02.15 08:01:59 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.02.15 08:01:58 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.02.15 08:01:58 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012.02.15 08:01:54 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.02.14 12:27:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.02.14 12:27:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.02.14 12:27:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.02.14 12:27:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.02.14 12:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.02.12 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\uwe\.dvdcss [2012.02.12 10:28:10 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Local\MPlayer [2012.02.12 10:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDx 4.0 [2012.02.09 11:17:53 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\uwe\Desktop\OTL.exe [2012.02.08 08:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evoluent [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.05 16:26:04 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\uwe\Desktop\OTL.exe [2012.03.05 16:00:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1015UA.job [2012.03.05 15:36:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1001UA.job [2012.03.05 15:12:11 | 000,018,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.05 15:12:11 | 000,018,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.05 15:08:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.03.05 15:04:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.05 15:04:44 | 2140,454,911 | -HS- | M] () -- C:\hiberfil.sys [2012.03.05 14:43:11 | 004,427,148 | R--- | M] (Swearware) -- C:\Users\uwe\Desktop\ComboFix.exe [2012.03.05 11:25:39 | 002,044,980 | ---- | M] () -- C:\Users\uwe\Desktop\tdsskiller.zip [2012.03.05 11:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\uwe\Desktop\TDSSKiller.exe [2012.03.05 11:02:08 | 000,000,512 | ---- | M] () -- C:\Users\uwe\Desktop\MBR.dat [2012.03.05 10:38:58 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\uwe\Desktop\aswMBR.exe [2012.03.05 10:33:31 | 000,000,020 | ---- | M] () -- C:\Users\uwe\defogger_reenable [2012.03.05 10:31:16 | 000,050,477 | ---- | M] () -- C:\Users\uwe\Desktop\Defogger.exe [2012.03.05 10:27:33 | 001,808,256 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.05 10:27:33 | 000,767,598 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.05 10:27:33 | 000,721,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.05 10:27:33 | 000,175,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.05 10:27:33 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.04 21:12:01 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1015Core.job [2012.03.04 20:36:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1001Core.job [2012.03.04 13:05:34 | 000,001,207 | ---- | M] () -- C:\Windows\SysWow64\excltmp~.dat [2012.03.04 10:45:01 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.04 10:45:01 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.02 14:04:29 | 000,005,120 | ---- | M] () -- C:\Users\uwe\Desktop\branches.db [2012.03.01 14:59:35 | 000,001,392 | ---- | M] () -- C:\Windows\SysWow64\ccsync.err [2012.03.01 14:57:01 | 000,000,412 | ---- | M] () -- C:\NET.INI [2012.03.01 11:35:04 | 000,019,785 | ---- | M] () -- C:\Users\uwe\Desktop\OTL.zip [2012.03.01 10:49:07 | 000,000,988 | ---- | M] () -- C:\Users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.01 09:41:07 | 000,020,369 | ---- | M] () -- C:\Users\uwe\Desktop\OTL_1.zip [2012.03.01 09:17:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.29 17:37:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.02.29 10:08:59 | 000,004,628 | ---- | M] () -- C:\Users\uwe\.recently-used.xbel [2012.02.29 10:00:29 | 000,009,748 | ---- | M] () -- C:\Users\uwe\Desktop\Kompost_2012.odt [2012.02.25 23:00:53 | 000,002,849 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee 6.0.lnk [2012.02.25 22:11:42 | 000,024,925 | ---- | M] () -- C:\Users\uwe\Desktop\Unbenannt 1.odt [2012.02.25 20:24:58 | 000,027,937 | ---- | M] () -- C:\Users\uwe\Desktop\device-2012-02-25-201254.png.pdf [2012.02.25 20:19:04 | 000,022,620 | ---- | M] () -- C:\Users\uwe\Desktop\10 x 15 cm (2).pdf [2012.02.25 20:17:50 | 000,024,849 | ---- | M] () -- C:\Users\uwe\Desktop\myfinder_screenshot.pdf [2012.02.25 00:09:44 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2012.02.21 09:28:13 | 000,000,788 | ---- | M] () -- C:\Users\uwe\cintanotes.exe.lnk [2012.02.20 08:26:37 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.02.17 20:33:21 | 000,019,047 | ---- | M] () -- C:\Users\uwe\Aer Lingus - Buchungsbestätigung.pdf [2012.02.17 20:27:05 | 000,181,713 | ---- | M] () -- C:\Users\uwe\Desktop\T_C-WL-World-Aer-Lingus-Ger.pdf [2012.02.17 19:16:46 | 000,009,859 | ---- | M] () -- C:\Users\uwe\Hans Zimmer - ( Hoist The Colours tab ).pdf [2012.02.17 14:42:50 | 000,000,054 | ---- | M] () -- C:\Users\uwe\goandroid.bat [2012.02.17 14:11:05 | 000,000,714 | ---- | M] () -- C:\Users\uwe\Desktop\XMind.lnk [2012.02.16 13:43:03 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.02.16 13:35:54 | 000,005,120 | ---- | M] () -- C:\Users\uwe\filialen.db [2012.02.16 12:22:19 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.02.16 12:22:19 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.02.16 10:19:39 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.02.15 18:21:01 | 000,324,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.14 12:23:01 | 000,001,203 | ---- | M] () -- C:\Users\uwe\Desktop\ComboFix.exe.lnk [2012.02.12 09:57:44 | 000,000,133 | -HS- | M] () -- C:\ProgramData\.zreglib [2012.02.10 19:36:18 | 000,007,403 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err [2012.02.09 12:59:52 | 000,031,512 | ---- | M] () -- C:\Users\uwe\Desktop\Desktop_.zip [2012.02.07 08:36:19 | 000,065,414 | ---- | M] () -- C:\Users\uwe\Desktop\Unbenannt 1.pdf [2012.02.05 20:33:34 | 000,016,622 | ---- | M] () -- C:\Users\uwe\Desktop\mathis_plan.ods [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.05 11:25:38 | 002,044,980 | ---- | C] () -- C:\Users\uwe\Desktop\tdsskiller.zip [2012.03.05 11:02:08 | 000,000,512 | ---- | C] () -- C:\Users\uwe\Desktop\MBR.dat [2012.03.05 10:33:31 | 000,000,020 | ---- | C] () -- C:\Users\uwe\defogger_reenable [2012.03.05 10:31:15 | 000,050,477 | ---- | C] () -- C:\Users\uwe\Desktop\Defogger.exe [2012.03.01 14:57:17 | 000,001,392 | ---- | C] () -- C:\Windows\SysWow64\ccsync.err [2012.03.01 09:41:07 | 000,020,369 | ---- | C] () -- C:\Users\uwe\Desktop\OTL_1.zip [2012.03.01 09:41:07 | 000,019,785 | ---- | C] () -- C:\Users\uwe\Desktop\OTL.zip [2012.03.01 09:17:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.29 10:08:59 | 000,004,628 | ---- | C] () -- C:\Users\uwe\.recently-used.xbel [2012.02.28 10:22:53 | 000,009,748 | ---- | C] () -- C:\Users\uwe\Desktop\Kompost_2012.odt [2012.02.25 23:00:53 | 000,002,849 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee 6.0.lnk [2012.02.25 22:11:40 | 000,024,925 | ---- | C] () -- C:\Users\uwe\Desktop\Unbenannt 1.odt [2012.02.25 20:24:58 | 000,027,937 | ---- | C] () -- C:\Users\uwe\Desktop\device-2012-02-25-201254.png.pdf [2012.02.25 20:19:04 | 000,022,620 | ---- | C] () -- C:\Users\uwe\Desktop\10 x 15 cm (2).pdf [2012.02.25 20:17:50 | 000,024,849 | ---- | C] () -- C:\Users\uwe\Desktop\myfinder_screenshot.pdf [2012.02.25 00:09:44 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2012.02.21 09:28:13 | 000,000,788 | ---- | C] () -- C:\Users\uwe\cintanotes.exe.lnk [2012.02.20 23:06:04 | 000,005,120 | ---- | C] () -- C:\Users\uwe\Desktop\branches.db [2012.02.20 08:26:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.02.20 08:26:37 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.02.17 20:33:21 | 000,019,047 | ---- | C] () -- C:\Users\uwe\Aer Lingus - Buchungsbestätigung.pdf [2012.02.17 20:27:03 | 000,181,713 | ---- | C] () -- C:\Users\uwe\Desktop\T_C-WL-World-Aer-Lingus-Ger.pdf [2012.02.17 19:16:43 | 000,009,859 | ---- | C] () -- C:\Users\uwe\Hans Zimmer - ( Hoist The Colours tab ).pdf [2012.02.17 14:41:57 | 000,000,054 | ---- | C] () -- C:\Users\uwe\goandroid.bat [2012.02.17 14:11:05 | 000,000,714 | ---- | C] () -- C:\Users\uwe\Desktop\XMind.lnk [2012.02.16 13:43:03 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.02.16 13:35:37 | 000,005,120 | ---- | C] () -- C:\Users\uwe\filialen.db [2012.02.14 12:27:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.02.14 12:27:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.02.14 12:27:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.02.14 12:27:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.02.14 12:27:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.02.14 12:23:01 | 000,001,203 | ---- | C] () -- C:\Users\uwe\Desktop\ComboFix.exe.lnk [2012.02.09 12:59:52 | 000,031,512 | ---- | C] () -- C:\Users\uwe\Desktop\Desktop_.zip [2012.02.07 08:33:01 | 000,065,414 | ---- | C] () -- C:\Users\uwe\Desktop\Unbenannt 1.pdf [2011.11.21 21:46:14 | 000,225,255 | ---- | C] () -- C:\Windows\hpoins43.dat [2011.07.29 07:02:40 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2011.07.21 21:56:44 | 000,000,080 | RHS- | C] () -- C:\Windows\ICLET30.BIN [2011.07.21 21:50:21 | 000,000,080 | RHS- | C] () -- C:\Windows\CT5SEET.BIN [2011.07.21 21:47:20 | 000,559,104 | ---- | C] () -- C:\Windows\lame.exe [2011.07.21 21:47:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.07.21 21:47:20 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mp3gain.exe [2011.07.21 21:47:20 | 000,079,360 | ---- | C] () -- C:\Windows\mp3gain.exe [2011.07.17 22:21:44 | 000,000,281 | ---- | C] () -- C:\Users\uwe\AppData\Roaming\Network Meter_Settings.ini [2011.07.10 21:10:37 | 000,001,207 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat [2011.07.10 21:09:48 | 000,000,141 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2011.07.10 21:09:48 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2011.07.10 21:09:47 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe [2011.07.10 21:09:47 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys [2011.07.10 21:09:46 | 000,000,600 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2011.05.01 12:06:25 | 000,000,000 | ---- | C] () -- C:\Users\uwe\AppData\Roaming\.NANotifyHere [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.13 08:53:23 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.13 08:53:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.11.24 20:30:44 | 000,000,133 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.23 13:06:21 | 000,007,619 | ---- | C] () -- C:\Users\uwe\AppData\Local\Resmon.ResmonCfg [2010.11.11 16:37:53 | 000,001,134 | ---- | C] () -- C:\Windows\disney.ini [2010.11.11 16:36:24 | 000,000,207 | ---- | C] () -- C:\Windows\disneysy.ini [2010.07.07 15:31:24 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2010.07.07 15:31:24 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2010.05.01 20:34:56 | 000,033,134 | ---- | C] () -- C:\Users\uwe\AppData\Roaming\UserTile.png [2010.04.24 21:06:21 | 000,021,504 | ---- | C] () -- C:\Users\uwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.14 17:04:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.11 11:18:22 | 000,012,893 | ---- | C] () -- C:\Windows\Q-Dir.ini [2010.03.11 11:12:15 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2010.03.11 11:12:15 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2010.03.11 10:30:58 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\GBGraphics.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ECF54A0E @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:05D195EC < End of report > Extras.Txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.03.2012 16:27:16 - Run 6
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\uwe\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,99 Gb Total Physical Memory | 5,15 Gb Available Physical Memory | 64,41% Memory free
15,98 Gb Paging File | 13,31 Gb Available in Paging File | 83,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,00 Gb Total Space | 63,70 Gb Free Space | 31,85% Space Free | Partition Type: NTFS
Drive D: | 500,00 Gb Total Space | 50,76 Gb Free Space | 10,15% Space Free | Partition Type: NTFS
Drive E: | 400,00 Gb Total Space | 127,23 Gb Free Space | 31,81% Space Free | Partition Type: NTFS
Drive F: | 162,80 Gb Total Space | 61,09 Gb Free Space | 37,52% Space Free | Partition Type: NTFS
Drive G: | 6,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ATHOS | User Name: uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\browser\firefox35\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\tools\multimedia\grafik\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Folderico] -- D:\tools\filesystem\Folderico\Folderico.exe "%1" (Shedko software)
Directory [PlayWithVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Touch_It] -- "C:\Program Files (x86)\MicroTools4U\Touch It\Touch It.exe" "%l" (Kovalev'S.oftware)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\tools\multimedia\grafik\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Folderico] -- D:\tools\filesystem\Folderico\Folderico.exe "%1" (Shedko software)
Directory [PlayWithVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Touch_It] -- "C:\Program Files (x86)\MicroTools4U\Touch It\Touch It.exe" "%l" (Kovalev'S.oftware)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{49D5BCB5-31E0-4B32-816D-E953C372E650}" = TortoiseSVN 1.6.8.19260 (64 bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E7253AF-1DAB-4589-8F75-AC3B55450245}" = Streaming Media Recorder
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.6.4 x64
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8118019-96B5-42FB-9A45-5D82D1CB62EE}" = AxCrypt 1.7.2867.0
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1140
"HardlinkShellExt" = Link Shell Extension
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Shop for HP Supplies" = Shop for HP Supplies
"TeraCopy_is1" = TeraCopy 2.1
"Unlocker" = Unlocker 1.9.1-x64
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Pirates of the Caribbean - At Worlds End
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{083C54E1-22E9-415F-9CB8-3A8A31905305}" = ACDSee 6.0 Standard
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18AE8ACB-0419-45F6-9CF6-155E128A4BCE}_is1" = GD WinTools.net 8.1 Ultimate
"{1A1443D7-7A4E-51EC-B41D-EB84114ED943}" = DVD2AVI Ripper Professional v3.4.0.81
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{29D8415B-F561-4A73-9C9A-29C8A1473BC9}" = Zamzom
"{2A87B210-5672-421E-AD15-B8DF44D78691}" = Garmin City Navigator Europe NT 2011.40 Update
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 SE
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55658640-23F2-4F69-89DE-012713536025}" = S4 League_EU
"{5612C844-55BC-4B77-82C2-A2E28962418E}" = Republic Heroes
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5F6FCADA-5E8A-4FB2-997D-9AFCAB0EF520}" = Synching Thunder
"{603D5FB8-3605-48AC-B1B7-16A5401FD105}" = FoxAnalysis
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6419ED85-0F56-473E-9C65-5BFCA43402C0}" = VMXWizard beta
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 10.4k, 2010.10.29
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B34251B-AB68-4b47-AA5E-09B50EFE41A0}" = Battlefield Heroes (PTE)
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D5F9921-3756-4397-917C-9FB912CA2287}_is1" = concept/design music2go 2
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.9
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A261769-9640-4DB4-B877-3E00C61967F3}_is1" = concept/design onlineTV 5
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}" = Greenfoot
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9761AC3A-7B7C-4ACB-8F02-140308012C4D}_is1" = FormPrinter
"{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe
"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Open XML Editor 1.6
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}" = VMware Server
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B9303204-1369-4B15-B749-EFFBC0658466}" = Clipboard Master
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2E1ED34-EF54-43D4-B634-8C76B15CFF18}" = iClone v3.2 SE
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5344219-9988-480B-8D1F-EFAB0EEF3F3C}" = VMware vCenter Converter Standalone
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED3D71CC-9F3B-4AC5-9E55-AB915EBC0BEB}" = HDD Temperature v.4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F23D156D-5542-48C2-88A0-C99CB8151354}" = Jalbum
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"AAA Photo Album_is1" = AAA Photo Album 2.10
"Advanced CSV Converter" = Advanced CSV Converter 2.65
"Advanced Registry Tracer" = Advanced Registry Tracer
"Advanced XML Converter" = Advanced XML Converter 2.31
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"Akamai" = Akamai NetSession Interface
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"Android SDK Tools" = Android SDK Tools
"Ant Renamer 2_is1" = Ant Renamer
"Any Video Converter_is1" = Any Video Converter 3.2.3
"Aptana Studio 3" = Aptana Studio 3
"Artisteer 2" = Artisteer 2
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"bitRipper" = bitRipper
"CHK-Mate_is1" = DIY DataRecovery CHK-Mate
"Clipboard Master" = Clipboard Master 1.2.0
"CSMFYUV" = CSMX AVI lossless video codec (Remove Only)
"DDR - Removable Media(Demo)" = DDR - Removable Media(Demo) 4.0.1.6
"Ditto_is1" = Ditto 3.17.0.17
"DivX2Mp4_is1" = DivX2Mp4 version 1.7.0.1
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"Ema Personal Wiki" = Ema Personal Wiki
"FileZilla Client" = FileZilla Client 3.4.0
"Folderico" = Folderico 4.0 RC11
"Foxit Reader" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"GameSpy Arcade" = GameSpy Arcade
"GOM Player" = GOM Player
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HTMLPad 2010_is1" = HTMLPad 2010 v10.1
"InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2:*Die neuen Abenteuer
"InstallShield_{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C2E1ED34-EF54-43D4-B634-8C76B15CFF18}" = iClone v3.2 SE
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"IrfanView" = IrfanView (remove only)
"Kindersicherung_is1" = Kindersicherung 2011
"LAN-Explorer" = LAN-Explorer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"MPE" = MyPhoneExplorer
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"PhotoResampling_is1" = PhotoResampling 9.2
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 9.1
"Project Eden" = Project Eden deinstallieren
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSPVideoExpress" = PSP Video Express(remove only)
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Samsung ML-1710 Series" = Samsung ML-1710 Series
"Scribus 1.3.3.13" = Scribus 1.3.3.13
"Secure Eraser_is1" = Secure Eraser v3.1
"ShapeCollage" = Shape Collage
"SpeedFan" = SpeedFan (remove only)
"SPlayer" = SPlayer
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"SumatraPDF" = SumatraPDF
"Tarr Chronicles_is1" = Tarr Chronicles
"TreeSize Free_is1" = TreeSize Free V2.5
"TrueCrypt" = TrueCrypt
"UltraSearch_is1" = UltraSearch V1.5
"VLC media player" = VLC media player 1.1.11
"VobSub" = VobSub v2.23 (Remove Only)
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"Xfire" = Xfire (remove only)
"XMind" = XMind
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Zattoo" = Zattoo 3.3.4 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{89F1F896-7C24-4441-A166-89A1400F52C1}_is1" = WAC SDK 1.0
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"GeoGebra 4" = GeoGebra 4
"Google Chrome" = Google Chrome
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"Napkin Look and Feel Demo" = Napkin Look and Feel Demo
"Touch It" = Touch It
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.03.2012 09:53:28 | Computer Name = athos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8dfff908 ID des fehlerhaften
Prozesses: 0xf38 Startzeit der fehlerhaften Anwendung: 0x01ccf944f645136f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 40b7e48b-6538-11e1-90e2-005056c00008
Error - 03.03.2012 11:10:22 | Computer Name = athos | Source = Application Hang | ID = 1002
Description = Programm S4Client.exe, Version 0.8.32.45069 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: c0c Startzeit: 01ccf94fa15bca3b Endzeit: 311 Anwendungspfad:
D:\spiele\s4league\S4Client.exe Berichts-ID: f9fef6cc-6542-11e1-997d-005056c00008
Error - 03.03.2012 17:20:35 | Computer Name = athos | Source = .NET Runtime | ID = 1026
Description =
Error - 03.03.2012 17:20:39 | Computer Name = athos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KiesPDLR.exe, Version: 1.0.0.0, Zeitstempel:
0x4d7efa4b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002224b8 ID des fehlerhaften Prozesses:
0xcd8 Startzeit der fehlerhaften Anwendung: 0x01ccf98375fec47c Pfad der fehlerhaften
Anwendung: D:\tools\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: b8e80a89-6576-11e1-9955-005056c00008
Error - 04.03.2012 05:53:55 | Computer Name = athos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BFP4f.exe, Version: 0.0.0.0, Zeitstempel:
0x4f4606f3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000222b2 ID des fehlerhaften Prozesses:
0xe80 Startzeit der fehlerhaften Anwendung: 0x01ccf9e9cea23cf9 Pfad der fehlerhaften
Anwendung: D:\spiele\play4free\BFP4f.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
f3ec8f49-65df-11e1-8e83-005056c00008
Error - 04.03.2012 06:26:07 | Computer Name = athos | Source = Application Hang | ID = 1002
Description = Programm SWTFU.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 94c Startzeit:
01ccf9f0ea1337ca Endzeit: 20 Anwendungspfad: D:\spiele\Star Wars The Force Unleashed\SWTFU.exe
Berichts-ID:
Error - 04.03.2012 13:21:19 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\download\tools\multimedia\SoftonicDownloader_fuer_clonedvd.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 04.03.2012 14:34:53 | Computer Name = athos | Source = .NET Runtime | ID = 1026
Description =
Error - 04.03.2012 14:34:54 | Computer Name = athos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KiesPDLR.exe, Version: 1.0.0.0, Zeitstempel:
0x4d7efa4b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003324b8 ID des fehlerhaften Prozesses:
0x1604 Startzeit der fehlerhaften Anwendung: 0x01ccfa3579e1114a Pfad der fehlerhaften
Anwendung: D:\tools\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: bbfa6559-6628-11e1-a4d9-005056c00008
Error - 05.03.2012 11:21:51 | Computer Name = athos | Source = MsiInstaller | ID = 11730
Description =
[ System Events ]
Error - 05.03.2012 09:52:43 | Computer Name = athos | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 05.03.2012 09:58:03 | Computer Name = athos | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 05.03.2012 10:01:06 | Computer Name = athos | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 05.03.2012 10:01:06 | Computer Name = athos | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 05.03.2012 10:01:11 | Computer Name = athos | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 05.03.2012 10:03:36 | Computer Name = athos | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 05.03.2012 10:04:52 | Computer Name = athos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 05.03.2012 10:05:02 | Computer Name = athos | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 05.03.2012 10:05:02 | Computer Name = athos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 05.03.2012 10:05:04 | Computer Name = athos | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
< End of report >
VG, robibor |
|
05.03.2012, 16:37
| #13 |
| | SystemCheck - falsches Tools - Virus oder Malware?? So hier die 2 Files. OTL.Txt: Code:
ATTFilter OTL logfile created on: 05.03.2012 16:27:16 - Run 6 OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\uwe\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 5,15 Gb Available Physical Memory | 64,41% Memory free 15,98 Gb Paging File | 13,31 Gb Available in Paging File | 83,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200,00 Gb Total Space | 63,70 Gb Free Space | 31,85% Space Free | Partition Type: NTFS Drive D: | 500,00 Gb Total Space | 50,76 Gb Free Space | 10,15% Space Free | Partition Type: NTFS Drive E: | 400,00 Gb Total Space | 127,23 Gb Free Space | 31,81% Space Free | Partition Type: NTFS Drive F: | 162,80 Gb Total Space | 61,09 Gb Free Space | 37,52% Space Free | Partition Type: NTFS Drive G: | 6,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ATHOS | User Name: uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\uwe\Desktop\OTL.exe (OldTimer Tools) PRC - D:\browser\firefox35\firefox.exe (Mozilla Corporation) PRC - D:\browser\firefox35\plugin-container.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - D:\tools\system\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\tools\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\tools\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\ShutDownApp\sdasvc.exe () PRC - C:\ProgramData\Microsoft\Network\umon.exe () PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe (BinarySense Ltd.) PRC - C:\Windows\SysWOW64\cchservice.exe (Salfeld Computer) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - D:\browser\firefox35\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\ProgramData\Microsoft\Network\umon.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll () SRV - (MBAMService) -- D:\tools\system\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- D:\tools\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\tools\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (sda) -- C:\Windows\ShutDownApp\sdasvc.exe () SRV - (ksupmgr) -- C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (HDD & SSD access service) -- C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe (BinarySense Ltd.) SRV - (VMwareServerWebAccess) -- D:\tools\virtualisierung\vmware\VMware Server\tomcat\bin\Tomcat6.exe (Apache Software Foundation) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (vmware-converter-server) -- D:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.) SRV - (vmware-converter-agent) -- D:\tools\virtualisierung\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (JakNDisMP) -- C:\Windows\SysNative\drivers\JakNDis.sys (Jaksta LLC) DRV:64bit: - (JakNDis) -- C:\Windows\SysNative\drivers\JakNDis.sys (Jaksta LLC) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (BlueletAudio) -- C:\Windows\SysNative\drivers\blueletaudio.sys (IVT Corporation.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.) DRV:64bit: - (BlueletSCOAudio) -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV:64bit: - (BT) -- C:\Windows\SysNative\drivers\BtNetDrv.sys (IVT Corporation.) DRV:64bit: - (VcommMgr) -- C:\Windows\SysNative\drivers\VcommMgr.sys (IVT Corporation.) DRV:64bit: - (VComm) -- C:\Windows\SysNative\drivers\VComm.sys (IVT Corporation.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (bmdrvr) -- C:\Windows\SysWOW64\drivers\bmdrvr.sys (VMware, Inc.) DRV - (vstor2-mntapi10) -- D:\tools\virtualisierung\vmware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys (VMware, Inc.) DRV - (BlueletAudio) -- C:\Windows\SysWOW64\drivers\blueletaudio.sys (IVT Corporation.) DRV - (Btcsrusb) -- C:\Windows\SysWOW64\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\SysWOW64\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\SysWOW64\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\SysWOW64\drivers\VComm.sys (IVT Corporation.) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) DRV - (FreshIO) -- D:\tools\system\FreshDiagnose\FreshIO.sys () DRV - (Aspi32) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 F5 57 DD EF 77 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "file:///E:/Liste-Server/listeserver1.html" FF - prefs.js..extensions.enabledItems: jsonview@brh.numbera.com:0.5 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13 FF - prefs.js..extensions.enabledItems: csscoverage@spaghetticoder.org:0.2.4 FF - prefs.js..extensions.enabledItems: dictlookup@arnhold.com:0.0.4 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.2 FF - prefs.js..extensions.enabledItems: historyTree@norman.solomon:1.2 FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.2.2.0 FF - prefs.js..extensions.enabledItems: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca}:2.0.5 FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:3.1.7 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.6.1 FF - prefs.js..extensions.enabledItems: {8A6C82A1-F6C9-481a-AAE7-C96444C9A754}:5.1.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1 FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.122581 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: xlt-scriptrecorder@xceptance.com:3.3.5 FF - prefs.js..extensions.enabledItems: {7eb3f691-25b4-4a85-9038-9e57e2bcd537}:0.4.4 FF - prefs.js..extensions.enabledItems: {636fd8b0-ce2b-4e00-b812-2afbe77ee899}:1.4.5 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.21 FF - prefs.js..extensions.enabledItems: {F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}:1.6.0 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1 FF - prefs.js..extensions.enabledItems: {D9CFDC5F-081E-420c-A108-A628AC2E556B}:2.0 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: capturefoxmovie@advancity.net:0.7.0 FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.8 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5 FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0 FF - prefs.js..extensions.enabledItems: {0bdb2530-7a5e-11df-93f2-0800200c9a66}:1.2.2.20101221 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94 FF - prefs.js..extensions.enabledItems: translator@zoli.bod:1.0.6 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\uwe\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\uwe\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.15 14:34:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.21 21:51:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\browser\firefox35\components [2012.02.17 12:42:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\browser\firefox35\plugins [2012.02.20 08:26:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: D:\browser\firefox358\components [2012.02.16 13:43:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: D:\browser\firefox358\plugins [2012.02.20 08:26:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: D:\tools\internet\mail\thunderbird20024\components [2012.02.16 13:43:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.21 21:51:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\browser\firefox358\components [2012.02.16 13:43:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\browser\firefox358\plugins [2012.02.20 08:26:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\browser\firefox35\components [2012.02.17 12:42:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\browser\firefox35\plugins [2012.02.20 08:26:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: D:\tools\internet\mail\thunderbird20024\components [2012.02.16 13:43:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: D:\tools\internet\mail\thunderbird20024\plugins [2010.01.16 22:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Extensions [2010.01.16 22:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.03.05 16:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\3b63qqyk.Schnell ohne alles\extensions [2011.12.03 16:29:19 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\3b63qqyk.Schnell ohne alles\extensions\battlefieldplay4free@ea.com [2011.10.16 18:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\aikyvwdm.Test\extensions [2011.07.03 07:34:21 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\aikyvwdm.Test\extensions\battlefieldheroespatcher@ea.com [2011.10.16 18:53:49 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\aikyvwdm.Test\extensions\battlefieldplay4free@ea.com [2012.03.01 22:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions [2011.05.07 20:15:48 | 000,000,000 | ---D | M] (Transit Widget Emulator) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{0bdb2530-7a5e-11df-93f2-0800200c9a66} [2010.12.15 09:56:05 | 000,000,000 | ---D | M] ("Enhanced History Manager [de]") -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{36EC55C0-D27E-11d8-9418-444553540001} [2011.02.16 20:36:36 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.05.15 21:23:54 | 000,000,000 | ---D | M] (XPather) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{636fd8b0-ce2b-4e00-b812-2afbe77ee899} [2010.08.13 20:59:31 | 000,000,000 | ---D | M] (XPath Checker) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537} [2011.11.30 15:48:17 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2012.01.10 22:08:50 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2011.08.27 22:02:29 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2010.02.22 08:34:07 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2011.12.27 22:18:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.22 07:30:38 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2011.01.08 22:13:44 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011.06.23 20:22:19 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2010.11.26 18:30:15 | 000,000,000 | ---D | M] (GridFox) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{D9CFDC5F-081E-420c-A108-A628AC2E556B} [2011.06.09 16:35:31 | 000,000,000 | ---D | M] (Capture Fox) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\capturefoxmovie@advancity.net [2010.03.25 13:14:42 | 000,000,000 | ---D | M] (Dictionary (EN/DE)) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\dictlookup@arnhold.com [2010.01.25 08:50:48 | 000,000,000 | ---D | M] (History Tree) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\historyTree@norman.solomon [2011.11.12 07:22:52 | 000,000,000 | ---D | M] (Pixel Perfect) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\pixelperfectplugin@openhouseconcepts.com [2010.02.11 19:52:57 | 000,000,000 | ---D | M] (VMware Remote Console Plug-in) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\VMwareVMRC@vmware.com [2011.01.16 20:27:14 | 000,000,000 | ---D | M] ("XLT Script Recorder") -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\xlt-scriptrecorder@xceptance.com [2011.05.07 20:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uwe\AppData\Roaming\mozilla\Firefox\Profiles\dxmcai45.default\extensions\{0bdb2530-7a5e-11df-93f2-0800200c9a66}\modules\api\wac\extensions [2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\uwe\AppData\Roaming\Mozilla\Firefox\Profiles\dxmcai45.default\searchplugins\conduit.xml () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{563E4790-7E70-11DA-A72B-0800200C9A66}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{6DFC4F52-26F0-4E5F-89C7-31D6DE480DB9}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{8A6C82A1-F6C9-481A-AAE7-C96444C9A754}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{C666C018-6409-4479-AFA3-68E4129E7EFF}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{CF15270E-CF08-4DEF-B4EA-6A5AC23F3BCA}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\{F5DDF39C-9293-4D5E-9AA8-E04E6DD5E9B4}.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\CSSCOVERAGE@SPAGHETTICODER.ORG.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\JSONVIEW@BRH.NUMBERA.COM.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\SQLITEMANAGER@MRINALKANT.BLOGSPOT.COM.XPI () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXMCAI45.DEFAULT\EXTENSIONS\TRANSLATOR@ZOLI.BOD.XPI ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\uwe\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\uwe\AppData\Local\Google\Chrome\Application\16.0.912.75\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\uwe\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\browser\firefox35\plugins\np-mswmp.dll CHR - plugin: Windows Genuine Advantage (Enabled) = D:\browser\firefox35\plugins\npLegitCheckPlugin.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = D:\browser\firefox35\plugins\NPPDLicenseHelper.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = D:\browser\firefox35\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = D:\browser\firefox35\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = D:\browser\firefox35\plugins\nprpjplug.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\uwe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Babylon Translator = C:\Users\uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0\ O1 HOSTS File: ([2012.03.05 15:08:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] D:\tools\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [sdaumon] C:\ProgramData\Microsoft\Network\umon.exe () O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - Startup: C:\Users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\uwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCpl = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - DD:\tools\virtualisierung\vmware\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - DD:\tools\virtualisierung\vmware\x64\vsocklib.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\tools\virtualisierung\vmware\VMware Server\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\tools\virtualisierung\vmware\VMware Server\vsocklib.dll (VMware, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3545A51-C0E5-4C69-A812-F938652B1D70}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.17 09:03:23 | 000,000,024 | R--- | M] () - G:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.05 11:41:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.03.05 11:39:30 | 004,427,148 | R--- | C] (Swearware) -- C:\Users\uwe\Desktop\ComboFix.exe [2012.03.05 11:25:59 | 000,000,000 | ---D | C] -- C:\Users\uwe\Desktop\tdsskiller [2012.03.05 10:39:06 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\uwe\Desktop\TDSSKiller.exe [2012.03.05 10:38:56 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\uwe\Desktop\aswMBR.exe [2012.03.01 09:17:27 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Malwarebytes [2012.03.01 09:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.01 09:17:20 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.01 09:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.29 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\ACD Systems [2012.02.28 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Mp3tag [2012.02.25 23:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems [2012.02.25 23:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems [2012.02.25 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems [2012.02.25 10:05:36 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Amkaa [2012.02.25 00:09:46 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\MyPhoneExplorer [2012.02.25 00:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2012.02.20 08:27:05 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Local\Adobe [2012.02.20 08:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.02.20 08:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.02.20 08:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.02.19 20:44:03 | 000,000,000 | ---D | C] -- C:\Users\uwe\Desktop\gtd [2012.02.17 14:11:05 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind [2012.02.17 14:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind [2012.02.17 14:10:53 | 000,000,000 | ---D | C] -- C:\Users\uwe\Application Data [2012.02.16 13:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.02.16 13:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.02.16 13:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.02.16 12:27:46 | 000,000,000 | ---D | C] -- C:\glassfish3 [2012.02.16 12:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.02.16 12:22:22 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012.02.15 17:50:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.02.15 17:50:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.02.15 17:50:12 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.02.15 17:50:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.02.15 17:50:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.02.15 17:50:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.02.15 17:50:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.02.15 17:50:11 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.02.15 17:50:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.02.15 17:50:11 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.02.15 17:50:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.02.15 08:01:59 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.02.15 08:01:58 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.02.15 08:01:58 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012.02.15 08:01:54 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.02.14 12:27:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.02.14 12:27:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.02.14 12:27:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.02.14 12:27:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.02.14 12:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.02.12 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\uwe\.dvdcss [2012.02.12 10:28:10 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Local\MPlayer [2012.02.12 10:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDx 4.0 [2012.02.09 11:17:53 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\uwe\Desktop\OTL.exe [2012.02.08 08:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evoluent [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.05 16:26:04 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\uwe\Desktop\OTL.exe [2012.03.05 16:00:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1015UA.job [2012.03.05 15:36:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1001UA.job [2012.03.05 15:12:11 | 000,018,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.05 15:12:11 | 000,018,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.05 15:08:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.03.05 15:04:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.05 15:04:44 | 2140,454,911 | -HS- | M] () -- C:\hiberfil.sys [2012.03.05 14:43:11 | 004,427,148 | R--- | M] (Swearware) -- C:\Users\uwe\Desktop\ComboFix.exe [2012.03.05 11:25:39 | 002,044,980 | ---- | M] () -- C:\Users\uwe\Desktop\tdsskiller.zip [2012.03.05 11:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\uwe\Desktop\TDSSKiller.exe [2012.03.05 11:02:08 | 000,000,512 | ---- | M] () -- C:\Users\uwe\Desktop\MBR.dat [2012.03.05 10:38:58 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\uwe\Desktop\aswMBR.exe [2012.03.05 10:33:31 | 000,000,020 | ---- | M] () -- C:\Users\uwe\defogger_reenable [2012.03.05 10:31:16 | 000,050,477 | ---- | M] () -- C:\Users\uwe\Desktop\Defogger.exe [2012.03.05 10:27:33 | 001,808,256 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.05 10:27:33 | 000,767,598 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.05 10:27:33 | 000,721,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.05 10:27:33 | 000,175,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.05 10:27:33 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.04 21:12:01 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1015Core.job [2012.03.04 20:36:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4034204148-3353989843-4214094598-1001Core.job [2012.03.04 13:05:34 | 000,001,207 | ---- | M] () -- C:\Windows\SysWow64\excltmp~.dat [2012.03.04 10:45:01 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.04 10:45:01 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.02 14:04:29 | 000,005,120 | ---- | M] () -- C:\Users\uwe\Desktop\branches.db [2012.03.01 14:59:35 | 000,001,392 | ---- | M] () -- C:\Windows\SysWow64\ccsync.err [2012.03.01 14:57:01 | 000,000,412 | ---- | M] () -- C:\NET.INI [2012.03.01 11:35:04 | 000,019,785 | ---- | M] () -- C:\Users\uwe\Desktop\OTL.zip [2012.03.01 10:49:07 | 000,000,988 | ---- | M] () -- C:\Users\uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.01 09:41:07 | 000,020,369 | ---- | M] () -- C:\Users\uwe\Desktop\OTL_1.zip [2012.03.01 09:17:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.29 17:37:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.02.29 10:08:59 | 000,004,628 | ---- | M] () -- C:\Users\uwe\.recently-used.xbel [2012.02.29 10:00:29 | 000,009,748 | ---- | M] () -- C:\Users\uwe\Desktop\Kompost_2012.odt [2012.02.25 23:00:53 | 000,002,849 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee 6.0.lnk [2012.02.25 22:11:42 | 000,024,925 | ---- | M] () -- C:\Users\uwe\Desktop\Unbenannt 1.odt [2012.02.25 20:24:58 | 000,027,937 | ---- | M] () -- C:\Users\uwe\Desktop\device-2012-02-25-201254.png.pdf [2012.02.25 20:19:04 | 000,022,620 | ---- | M] () -- C:\Users\uwe\Desktop\10 x 15 cm (2).pdf [2012.02.25 20:17:50 | 000,024,849 | ---- | M] () -- C:\Users\uwe\Desktop\myfinder_screenshot.pdf [2012.02.25 00:09:44 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2012.02.21 09:28:13 | 000,000,788 | ---- | M] () -- C:\Users\uwe\cintanotes.exe.lnk [2012.02.20 08:26:37 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.02.17 20:33:21 | 000,019,047 | ---- | M] () -- C:\Users\uwe\Aer Lingus - Buchungsbestätigung.pdf [2012.02.17 20:27:05 | 000,181,713 | ---- | M] () -- C:\Users\uwe\Desktop\T_C-WL-World-Aer-Lingus-Ger.pdf [2012.02.17 19:16:46 | 000,009,859 | ---- | M] () -- C:\Users\uwe\Hans Zimmer - ( Hoist The Colours tab ).pdf [2012.02.17 14:42:50 | 000,000,054 | ---- | M] () -- C:\Users\uwe\goandroid.bat [2012.02.17 14:11:05 | 000,000,714 | ---- | M] () -- C:\Users\uwe\Desktop\XMind.lnk [2012.02.16 13:43:03 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.02.16 13:35:54 | 000,005,120 | ---- | M] () -- C:\Users\uwe\filialen.db [2012.02.16 12:22:19 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.02.16 12:22:19 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.02.16 10:19:39 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.02.15 18:21:01 | 000,324,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.14 12:23:01 | 000,001,203 | ---- | M] () -- C:\Users\uwe\Desktop\ComboFix.exe.lnk [2012.02.12 09:57:44 | 000,000,133 | -HS- | M] () -- C:\ProgramData\.zreglib [2012.02.10 19:36:18 | 000,007,403 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err [2012.02.09 12:59:52 | 000,031,512 | ---- | M] () -- C:\Users\uwe\Desktop\Desktop_.zip [2012.02.07 08:36:19 | 000,065,414 | ---- | M] () -- C:\Users\uwe\Desktop\Unbenannt 1.pdf [2012.02.05 20:33:34 | 000,016,622 | ---- | M] () -- C:\Users\uwe\Desktop\mathis_plan.ods [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.05 11:25:38 | 002,044,980 | ---- | C] () -- C:\Users\uwe\Desktop\tdsskiller.zip [2012.03.05 11:02:08 | 000,000,512 | ---- | C] () -- C:\Users\uwe\Desktop\MBR.dat [2012.03.05 10:33:31 | 000,000,020 | ---- | C] () -- C:\Users\uwe\defogger_reenable [2012.03.05 10:31:15 | 000,050,477 | ---- | C] () -- C:\Users\uwe\Desktop\Defogger.exe [2012.03.01 14:57:17 | 000,001,392 | ---- | C] () -- C:\Windows\SysWow64\ccsync.err [2012.03.01 09:41:07 | 000,020,369 | ---- | C] () -- C:\Users\uwe\Desktop\OTL_1.zip [2012.03.01 09:41:07 | 000,019,785 | ---- | C] () -- C:\Users\uwe\Desktop\OTL.zip [2012.03.01 09:17:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.29 10:08:59 | 000,004,628 | ---- | C] () -- C:\Users\uwe\.recently-used.xbel [2012.02.28 10:22:53 | 000,009,748 | ---- | C] () -- C:\Users\uwe\Desktop\Kompost_2012.odt [2012.02.25 23:00:53 | 000,002,849 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee 6.0.lnk [2012.02.25 22:11:40 | 000,024,925 | ---- | C] () -- C:\Users\uwe\Desktop\Unbenannt 1.odt [2012.02.25 20:24:58 | 000,027,937 | ---- | C] () -- C:\Users\uwe\Desktop\device-2012-02-25-201254.png.pdf [2012.02.25 20:19:04 | 000,022,620 | ---- | C] () -- C:\Users\uwe\Desktop\10 x 15 cm (2).pdf [2012.02.25 20:17:50 | 000,024,849 | ---- | C] () -- C:\Users\uwe\Desktop\myfinder_screenshot.pdf [2012.02.25 00:09:44 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2012.02.21 09:28:13 | 000,000,788 | ---- | C] () -- C:\Users\uwe\cintanotes.exe.lnk [2012.02.20 23:06:04 | 000,005,120 | ---- | C] () -- C:\Users\uwe\Desktop\branches.db [2012.02.20 08:26:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.02.20 08:26:37 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.02.17 20:33:21 | 000,019,047 | ---- | C] () -- C:\Users\uwe\Aer Lingus - Buchungsbestätigung.pdf [2012.02.17 20:27:03 | 000,181,713 | ---- | C] () -- C:\Users\uwe\Desktop\T_C-WL-World-Aer-Lingus-Ger.pdf [2012.02.17 19:16:43 | 000,009,859 | ---- | C] () -- C:\Users\uwe\Hans Zimmer - ( Hoist The Colours tab ).pdf [2012.02.17 14:41:57 | 000,000,054 | ---- | C] () -- C:\Users\uwe\goandroid.bat [2012.02.17 14:11:05 | 000,000,714 | ---- | C] () -- C:\Users\uwe\Desktop\XMind.lnk [2012.02.16 13:43:03 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.02.16 13:35:37 | 000,005,120 | ---- | C] () -- C:\Users\uwe\filialen.db [2012.02.14 12:27:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.02.14 12:27:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.02.14 12:27:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.02.14 12:27:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.02.14 12:27:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.02.14 12:23:01 | 000,001,203 | ---- | C] () -- C:\Users\uwe\Desktop\ComboFix.exe.lnk [2012.02.09 12:59:52 | 000,031,512 | ---- | C] () -- C:\Users\uwe\Desktop\Desktop_.zip [2012.02.07 08:33:01 | 000,065,414 | ---- | C] () -- C:\Users\uwe\Desktop\Unbenannt 1.pdf [2011.11.21 21:46:14 | 000,225,255 | ---- | C] () -- C:\Windows\hpoins43.dat [2011.07.29 07:02:40 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2011.07.21 21:56:44 | 000,000,080 | RHS- | C] () -- C:\Windows\ICLET30.BIN [2011.07.21 21:50:21 | 000,000,080 | RHS- | C] () -- C:\Windows\CT5SEET.BIN [2011.07.21 21:47:20 | 000,559,104 | ---- | C] () -- C:\Windows\lame.exe [2011.07.21 21:47:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.07.21 21:47:20 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mp3gain.exe [2011.07.21 21:47:20 | 000,079,360 | ---- | C] () -- C:\Windows\mp3gain.exe [2011.07.17 22:21:44 | 000,000,281 | ---- | C] () -- C:\Users\uwe\AppData\Roaming\Network Meter_Settings.ini [2011.07.10 21:10:37 | 000,001,207 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat [2011.07.10 21:09:48 | 000,000,141 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2011.07.10 21:09:48 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2011.07.10 21:09:47 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe [2011.07.10 21:09:47 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys [2011.07.10 21:09:46 | 000,000,600 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2011.05.01 12:06:25 | 000,000,000 | ---- | C] () -- C:\Users\uwe\AppData\Roaming\.NANotifyHere [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.13 08:53:23 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.13 08:53:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.11.24 20:30:44 | 000,000,133 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.23 13:06:21 | 000,007,619 | ---- | C] () -- C:\Users\uwe\AppData\Local\Resmon.ResmonCfg [2010.11.11 16:37:53 | 000,001,134 | ---- | C] () -- C:\Windows\disney.ini [2010.11.11 16:36:24 | 000,000,207 | ---- | C] () -- C:\Windows\disneysy.ini [2010.07.07 15:31:24 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2010.07.07 15:31:24 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2010.05.01 20:34:56 | 000,033,134 | ---- | C] () -- C:\Users\uwe\AppData\Roaming\UserTile.png [2010.04.24 21:06:21 | 000,021,504 | ---- | C] () -- C:\Users\uwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.14 17:04:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.11 11:18:22 | 000,012,893 | ---- | C] () -- C:\Windows\Q-Dir.ini [2010.03.11 11:12:15 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2010.03.11 11:12:15 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2010.03.11 10:30:58 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\GBGraphics.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ECF54A0E @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:05D195EC < End of report > Extras.Txt: Code:
ATTFilter OTL Extras logfile created on: 05.03.2012 16:27:16 - Run 6
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\uwe\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,99 Gb Total Physical Memory | 5,15 Gb Available Physical Memory | 64,41% Memory free
15,98 Gb Paging File | 13,31 Gb Available in Paging File | 83,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,00 Gb Total Space | 63,70 Gb Free Space | 31,85% Space Free | Partition Type: NTFS
Drive D: | 500,00 Gb Total Space | 50,76 Gb Free Space | 10,15% Space Free | Partition Type: NTFS
Drive E: | 400,00 Gb Total Space | 127,23 Gb Free Space | 31,81% Space Free | Partition Type: NTFS
Drive F: | 162,80 Gb Total Space | 61,09 Gb Free Space | 37,52% Space Free | Partition Type: NTFS
Drive G: | 6,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ATHOS | User Name: uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\browser\firefox35\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\tools\multimedia\grafik\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Folderico] -- D:\tools\filesystem\Folderico\Folderico.exe "%1" (Shedko software)
Directory [PlayWithVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Touch_It] -- "C:\Program Files (x86)\MicroTools4U\Touch It\Touch It.exe" "%l" (Kovalev'S.oftware)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\tools\multimedia\grafik\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Folderico] -- D:\tools\filesystem\Folderico\Folderico.exe "%1" (Shedko software)
Directory [PlayWithVLC] -- "D:\tools\multimedia\video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Touch_It] -- "C:\Program Files (x86)\MicroTools4U\Touch It\Touch It.exe" "%l" (Kovalev'S.oftware)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{49D5BCB5-31E0-4B32-816D-E953C372E650}" = TortoiseSVN 1.6.8.19260 (64 bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E7253AF-1DAB-4589-8F75-AC3B55450245}" = Streaming Media Recorder
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.6.4 x64
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8118019-96B5-42FB-9A45-5D82D1CB62EE}" = AxCrypt 1.7.2867.0
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1140
"HardlinkShellExt" = Link Shell Extension
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Shop for HP Supplies" = Shop for HP Supplies
"TeraCopy_is1" = TeraCopy 2.1
"Unlocker" = Unlocker 1.9.1-x64
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Pirates of the Caribbean - At Worlds End
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{083C54E1-22E9-415F-9CB8-3A8A31905305}" = ACDSee 6.0 Standard
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18AE8ACB-0419-45F6-9CF6-155E128A4BCE}_is1" = GD WinTools.net 8.1 Ultimate
"{1A1443D7-7A4E-51EC-B41D-EB84114ED943}" = DVD2AVI Ripper Professional v3.4.0.81
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{29D8415B-F561-4A73-9C9A-29C8A1473BC9}" = Zamzom
"{2A87B210-5672-421E-AD15-B8DF44D78691}" = Garmin City Navigator Europe NT 2011.40 Update
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 SE
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55658640-23F2-4F69-89DE-012713536025}" = S4 League_EU
"{5612C844-55BC-4B77-82C2-A2E28962418E}" = Republic Heroes
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5F6FCADA-5E8A-4FB2-997D-9AFCAB0EF520}" = Synching Thunder
"{603D5FB8-3605-48AC-B1B7-16A5401FD105}" = FoxAnalysis
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6419ED85-0F56-473E-9C65-5BFCA43402C0}" = VMXWizard beta
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 10.4k, 2010.10.29
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B34251B-AB68-4b47-AA5E-09B50EFE41A0}" = Battlefield Heroes (PTE)
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D5F9921-3756-4397-917C-9FB912CA2287}_is1" = concept/design music2go 2
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.9
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A261769-9640-4DB4-B877-3E00C61967F3}_is1" = concept/design onlineTV 5
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}" = Greenfoot
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9761AC3A-7B7C-4ACB-8F02-140308012C4D}_is1" = FormPrinter
"{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe
"{97D23E68-AF01-4B69-B31E-7DFC209D01F3}" = Open XML Editor 1.6
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}" = VMware Server
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B9303204-1369-4B15-B749-EFFBC0658466}" = Clipboard Master
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2E1ED34-EF54-43D4-B634-8C76B15CFF18}" = iClone v3.2 SE
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5344219-9988-480B-8D1F-EFAB0EEF3F3C}" = VMware vCenter Converter Standalone
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED3D71CC-9F3B-4AC5-9E55-AB915EBC0BEB}" = HDD Temperature v.4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F23D156D-5542-48C2-88A0-C99CB8151354}" = Jalbum
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"AAA Photo Album_is1" = AAA Photo Album 2.10
"Advanced CSV Converter" = Advanced CSV Converter 2.65
"Advanced Registry Tracer" = Advanced Registry Tracer
"Advanced XML Converter" = Advanced XML Converter 2.31
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"Akamai" = Akamai NetSession Interface
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"Android SDK Tools" = Android SDK Tools
"Ant Renamer 2_is1" = Ant Renamer
"Any Video Converter_is1" = Any Video Converter 3.2.3
"Aptana Studio 3" = Aptana Studio 3
"Artisteer 2" = Artisteer 2
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"bitRipper" = bitRipper
"CHK-Mate_is1" = DIY DataRecovery CHK-Mate
"Clipboard Master" = Clipboard Master 1.2.0
"CSMFYUV" = CSMX AVI lossless video codec (Remove Only)
"DDR - Removable Media(Demo)" = DDR - Removable Media(Demo) 4.0.1.6
"Ditto_is1" = Ditto 3.17.0.17
"DivX2Mp4_is1" = DivX2Mp4 version 1.7.0.1
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"Ema Personal Wiki" = Ema Personal Wiki
"FileZilla Client" = FileZilla Client 3.4.0
"Folderico" = Folderico 4.0 RC11
"Foxit Reader" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"GameSpy Arcade" = GameSpy Arcade
"GOM Player" = GOM Player
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HTMLPad 2010_is1" = HTMLPad 2010 v10.1
"InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2: Die neuen Abenteuer
"InstallShield_{2F7655DD-793E-40C6-B348-DE67C109F6FF}" = Spider-Man 2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C2E1ED34-EF54-43D4-B634-8C76B15CFF18}" = iClone v3.2 SE
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"IrfanView" = IrfanView (remove only)
"Kindersicherung_is1" = Kindersicherung 2011
"LAN-Explorer" = LAN-Explorer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"MPE" = MyPhoneExplorer
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"PhotoResampling_is1" = PhotoResampling 9.2
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 9.1
"Project Eden" = Project Eden deinstallieren
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSPVideoExpress" = PSP Video Express(remove only)
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Samsung ML-1710 Series" = Samsung ML-1710 Series
"Scribus 1.3.3.13" = Scribus 1.3.3.13
"Secure Eraser_is1" = Secure Eraser v3.1
"ShapeCollage" = Shape Collage
"SpeedFan" = SpeedFan (remove only)
"SPlayer" = SPlayer
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"SumatraPDF" = SumatraPDF
"Tarr Chronicles_is1" = Tarr Chronicles
"TreeSize Free_is1" = TreeSize Free V2.5
"TrueCrypt" = TrueCrypt
"UltraSearch_is1" = UltraSearch V1.5
"VLC media player" = VLC media player 1.1.11
"VobSub" = VobSub v2.23 (Remove Only)
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"Xfire" = Xfire (remove only)
"XMind" = XMind
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Zattoo" = Zattoo 3.3.4 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{89F1F896-7C24-4441-A166-89A1400F52C1}_is1" = WAC SDK 1.0
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"GeoGebra 4" = GeoGebra 4
"Google Chrome" = Google Chrome
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"Napkin Look and Feel Demo" = Napkin Look and Feel Demo
"Touch It" = Touch It
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.03.2012 09:53:28 | Computer Name = athos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8dfff908 ID des fehlerhaften
Prozesses: 0xf38 Startzeit der fehlerhaften Anwendung: 0x01ccf944f645136f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 40b7e48b-6538-11e1-90e2-005056c00008
Error - 03.03.2012 11:10:22 | Computer Name = athos | Source = Application Hang | ID = 1002
Description = Programm S4Client.exe, Version 0.8.32.45069 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: c0c Startzeit: 01ccf94fa15bca3b Endzeit: 311 Anwendungspfad:
D:\spiele\s4league\S4Client.exe Berichts-ID: f9fef6cc-6542-11e1-997d-005056c00008
Error - 03.03.2012 17:20:35 | Computer Name = athos | Source = .NET Runtime | ID = 1026
Description =
Error - 03.03.2012 17:20:39 | Computer Name = athos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KiesPDLR.exe, Version: 1.0.0.0, Zeitstempel:
0x4d7efa4b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002224b8 ID des fehlerhaften Prozesses:
0xcd8 Startzeit der fehlerhaften Anwendung: 0x01ccf98375fec47c Pfad der fehlerhaften
Anwendung: D:\tools\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: b8e80a89-6576-11e1-9955-005056c00008
Error - 04.03.2012 05:53:55 | Computer Name = athos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BFP4f.exe, Version: 0.0.0.0, Zeitstempel:
0x4f4606f3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000222b2 ID des fehlerhaften Prozesses:
0xe80 Startzeit der fehlerhaften Anwendung: 0x01ccf9e9cea23cf9 Pfad der fehlerhaften
Anwendung: D:\spiele\play4free\BFP4f.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
f3ec8f49-65df-11e1-8e83-005056c00008
Error - 04.03.2012 06:26:07 | Computer Name = athos | Source = Application Hang | ID = 1002
Description = Programm SWTFU.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 94c Startzeit:
01ccf9f0ea1337ca Endzeit: 20 Anwendungspfad: D:\spiele\Star Wars The Force Unleashed\SWTFU.exe
Berichts-ID:
Error - 04.03.2012 13:21:19 | Computer Name = athos | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\download\tools\multimedia\SoftonicDownloader_fuer_clonedvd.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 04.03.2012 14:34:53 | Computer Name = athos | Source = .NET Runtime | ID = 1026
Description =
Error - 04.03.2012 14:34:54 | Computer Name = athos | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KiesPDLR.exe, Version: 1.0.0.0, Zeitstempel:
0x4d7efa4b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003324b8 ID des fehlerhaften Prozesses:
0x1604 Startzeit der fehlerhaften Anwendung: 0x01ccfa3579e1114a Pfad der fehlerhaften
Anwendung: D:\tools\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: bbfa6559-6628-11e1-a4d9-005056c00008
Error - 05.03.2012 11:21:51 | Computer Name = athos | Source = MsiInstaller | ID = 11730
Description =
[ System Events ]
Error - 05.03.2012 09:52:43 | Computer Name = athos | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 05.03.2012 09:58:03 | Computer Name = athos | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 05.03.2012 10:01:06 | Computer Name = athos | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 05.03.2012 10:01:06 | Computer Name = athos | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 05.03.2012 10:01:11 | Computer Name = athos | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 05.03.2012 10:03:36 | Computer Name = athos | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 05.03.2012 10:04:52 | Computer Name = athos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 05.03.2012 10:05:02 | Computer Name = athos | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\aspi32.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 05.03.2012 10:05:02 | Computer Name = athos | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 05.03.2012 10:05:04 | Computer Name = athos | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
< End of report >
VG, robibor |
|
05.03.2012, 18:25
| #14 |
| /// Malwareteam | SystemCheck - falsches Tools - Virus oder Malware?? Schritt 1: OTL-Fix
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2012.02.25 10:05:36 | 000,000,000 | ---D | C] -- C:\Users\uwe\AppData\Roaming\Amkaa
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:05D195EC
:COMMANDS
[EMPTYTEMP]
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
Frage: Du hast mehrere uralte Versionen von Java und Firefox am System - ist das Absicht, weil du sie zur Entwicklung benötigst oder können wir das beheben?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
05.03.2012, 21:13
| #15 |
| | SystemCheck - falsches Tools - Virus oder Malware?? Hallo, All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627" removed from browser.search.defaulturl Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. C:\Users\uwe\AppData\Roaming\Amkaa folder moved successfully. ADS C:\ProgramData\TEMP:ECF54A0E deleted successfully. ADS C:\ProgramData\TEMP:05D195EC deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: frauke ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 670819018 bytes ->Flash cache emptied: 2347 bytes User: ggehrau ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 186413655 bytes ->Google Chrome cache emptied: 244449723 bytes ->Flash cache emptied: 1870 bytes User: mathis ->Temp folder emptied: 35969 bytes ->Temporary Internet Files folder emptied: 1172142 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 401991562 bytes ->Flash cache emptied: 1051 bytes User: Public ->Temp folder emptied: 0 bytes User: ugehrau ->Temp folder emptied: 705 bytes ->Temporary Internet Files folder emptied: 367868 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 157005852 bytes ->Flash cache emptied: 8348 bytes User: uwe ->Temp folder emptied: 5226877 bytes ->Temporary Internet Files folder emptied: 2429249 bytes ->Java cache emptied: 497170 bytes ->FireFox cache emptied: 632349471 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 10202 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 11988 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 584704 bytes Total Files Cleaned = 2.197,00 mb OTL by OldTimer - Version 3.2.35.1 log created on 03052012_203840 Files\Folders moved on Reboot... C:\Users\uwe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... ######################################################### Malwarebytes Anti-Malware (Test) 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.03.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 uwe :: ATHOS [Administrator] Schutz: Aktiviert 05.03.2012 20:47:11 mbam-log-2012-03-05 (20-47-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 286596 Laufzeit: 4 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ######################################################## Ich habe bei den Java-Files schon etwas aufgeräumt. Den Rest würde ich gern behalten. Beim FF brauche ich nur den aktuellsten FF. Ihr könnt also etwas putzen. Danke. VG, robibor |
|
| Themen zu SystemCheck - falsches Tools - Virus oder Malware?? |
| falsches, fehler, festplatte, malware, malware?, melde, meldet, platte, ram, schädling, systemcheck, tools, troja, virus, virus oder malware |
Textbox.
Linear-Darstellung
