| |
| |||||||
Log-Analyse und Auswertung: achtung aus sicherheitsgründen wurde ihr windowssystem blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.03.2012, 17:34
| #1 |
| |  achtung aus sicherheitsgründen wurde ihr windowssystem blockiert Hi Leute, ich habe mir wohl auch den neuen Trojaner eingefangen. Die Standard antworten von Google haben mir nicht weitergeholfen... Virus trat gestern am 04.03. um ca. 17:00 Uhr auf. Habe bereits mit Super Antispyware und Malwarebytes Anti-Malware mein System und besonders den befallenen User gescannt --> Ohne Erfolg. Auch Kaspersky's Rescue Disk hat nichts gefunden. Habe mir jetzt einen 2. User angelegt, auf dem ich ohne Probleme arbeiten kann... hätte aber mein normales Profil gerne wieder ;-) THX 4 Help !!! OTL.txt Code:
ATTFilter OTL logfile created on: 05.03.2012 17:12:18 - Run 4 OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\****\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,44 Gb Available Physical Memory | 80,74% Memory free 15,95 Gb Paging File | 14,28 Gb Available in Paging File | 89,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,53 Gb Total Space | 15,17 Gb Free Space | 25,48% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 109,65 Gb Free Space | 47,08% Space Free | Partition Type: NTFS Drive M: | 976,56 Gb Total Space | 322,32 Gb Free Space | 33,01% Space Free | Partition Type: NTFS Drive N: | 886,45 Gb Total Space | 166,86 Gb Free Space | 18,82% Space Free | Partition Type: NTFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Pro Gaming Keyboard\traicon.exe () PRC - C:\Program Files (x86)\Pro Gaming Keyboard\Control.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Pro Gaming Keyboard\traicon.exe () MOD - C:\Program Files (x86)\Pro Gaming Keyboard\Control.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office 2011\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.) DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.) DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc) DRV:64bit: - (ElanFltr) -- C:\Windows\SysNative\drivers\ElanFltr.sys (Waytech Development, Inc.) DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\drivers\lgbtpt64.sys (LG Electronics Inc.) DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\drivers\lgvmdm64.sys (LG Electronics Inc.) DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\drivers\lgbtbs64.sys (LG Electronics Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (Pnp680r) -- C:\Windows\SysNative\drivers\PnP680r.sys (Silicon Image, Inc) DRV - (AntiAries) -- C:\Windows\SysWOW64\drivers\RKL423D.tmp.sys (Lavasoft AB) DRV - (RTCore64) -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys () DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Almico Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.19 15:04:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.04 17:04:44 | 000,000,000 | ---D | M] [2012.03.05 00:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ABC\AppData\Roaming\mozilla\Extensions [2012.01.18 15:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.14 12:33:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.02.19 15:04:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.13 19:03:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 19:03:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.13 19:03:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.19 14:20:14 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.02.13 19:03:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 19:03:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 19:03:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.05 16:47:53 | 000,001,250 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost ::1 localhost O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office 2011\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office 2011\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [K3805] C:\Program Files (x86)\Pro Gaming Keyboard\control.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office 2011\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office 2011\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office 2011\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office 2011\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B287BA6-18B3-4BC8-915E-6E54119C0CDB}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office 2011\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.05 00:39:42 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Mozilla [2012.03.05 00:39:42 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Mozilla [2012.03.04 22:22:19 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\ElevatedDiagnostics [2012.03.04 22:22:18 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\vlc [2012.03.04 20:58:38 | 000,000,000 | --SD | C] -- C:\Users\ABC\Desktop\Microsoft [2012.03.04 17:48:40 | 000,000,000 | ---D | C] -- C:\Users\ABC\Desktop\USB [2012.03.04 17:47:19 | 000,000,000 | ---D | C] -- C:\Users\ABC\Desktop\MP3 Stick [2012.03.04 17:43:42 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Nero_AG [2012.03.04 17:43:36 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Nero [2012.03.04 17:43:33 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Nero [2012.03.04 17:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.03.04 17:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.03.04 17:20:59 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\SUPERAntiSpyware.com [2012.03.04 17:20:30 | 013,597,392 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\ABC\Desktop\SUPERAntiSpyware501142.exe [2012.03.04 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Macromedia [2012.03.04 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Adobe [2012.03.04 17:19:44 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Malwarebytes [2012.03.04 17:19:19 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Opera [2012.03.04 17:19:19 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Opera [2012.03.04 17:18:59 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Intel Corporation [2012.03.04 17:18:55 | 000,000,000 | R--D | C] -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.03.04 17:18:55 | 000,000,000 | R--D | C] -- C:\Users\ABC\Searches [2012.03.04 17:18:55 | 000,000,000 | R--D | C] -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.03.04 17:18:49 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Identities [2012.03.04 17:18:48 | 000,000,000 | R--D | C] -- C:\Users\ABC\Contacts [2012.03.04 17:18:46 | 000,000,000 | --SD | C] -- C:\Users\ABC\AppData\Roaming\Microsoft [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Videos [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Saved Games [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Pictures [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Music [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Links [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Favorites [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Downloads [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Documents [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Desktop [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Vorlagen [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\AppData\Local\Verlauf [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\AppData\Local\Temporary Internet Files [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Startmenü [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\SendTo [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Recent [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Netzwerkumgebung [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Lokale Einstellungen [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Documents\Eigene Videos [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Documents\Eigene Musik [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Eigene Dateien [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Documents\Eigene Bilder [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Druckumgebung [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Cookies [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\AppData\Local\Anwendungsdaten [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Anwendungsdaten [2012.03.04 17:18:46 | 000,000,000 | -H-D | C] -- C:\Users\ABC\AppData [2012.03.04 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Temp [2012.03.04 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Microsoft Help [2012.03.04 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Microsoft [2012.03.04 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Media Center Programs [2012.03.04 16:58:10 | 000,007,680 | ---- | C] (Lavasoft AB) -- C:\Windows\SysWow64\drivers\RKL423D.tmp.sys [2012.03.04 16:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.02.20 21:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.02.20 20:19:25 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2012.02.17 17:08:27 | 000,031,744 | ---- | C] (Google Inc) -- C:\Windows\SysNative\drivers\lgandadb.sys [2012.02.17 17:08:26 | 000,034,304 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgandmodem64.sys [2012.02.17 17:08:26 | 000,027,648 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lganddiag64.sys [2012.02.17 17:08:26 | 000,027,136 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgandgps64.sys [2012.02.17 17:08:26 | 000,019,456 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgandbus64.sys [2012.02.17 17:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite IV [2012.02.17 17:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.02.17 16:58:50 | 000,000,000 | ---D | C] -- C:\LGP990 [2012.02.17 16:58:23 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr90.dll [2012.02.17 16:58:23 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp90.dll [2012.02.17 16:58:23 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcm90.dll [2012.02.17 16:58:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll [2012.02.17 16:58:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll [2012.02.17 16:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool [2012.02.17 16:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX [2012.02.17 16:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics [2012.02.17 16:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.02.16 23:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.02.16 23:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.02.16 19:09:07 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.02.16 19:09:03 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.02.16 19:09:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012.02.16 19:09:02 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.02.16 19:08:57 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.02.16 19:08:57 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.02.16 19:08:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.02.16 19:08:56 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.02.16 19:08:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.02.16 19:08:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.02.16 19:08:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.02.05 13:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Software [2012.02.05 13:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MOUSE Editor [2012.02.04 23:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\HP ========== Files - Modified Within 30 Days ========== [2012.03.05 17:11:15 | 001,513,634 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.05 17:11:15 | 000,659,538 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.05 17:11:15 | 000,620,814 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.05 17:11:15 | 000,131,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.05 17:11:15 | 000,108,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.05 17:10:20 | 000,002,411 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012.03.05 17:09:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.05 07:25:12 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.05 07:25:12 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.05 00:39:41 | 000,001,150 | ---- | M] () -- C:\Users\ABC\Desktop\Mozilla Firefox.lnk [2012.03.04 22:21:37 | 000,000,521 | ---- | M] () -- C:\Users\ABC\Desktop\Netzwerk- und Freigabecenter - Verknüpfung.lnk [2012.03.04 17:44:13 | 259,418,112 | ---- | M] () -- C:\Users\ABC\Desktop\kav_rescue_10.iso [2012.03.04 17:41:48 | 000,387,584 | ---- | M] () -- C:\Users\ABC\Desktop\rescue2usb.exe [2012.03.04 17:21:11 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.04 17:20:52 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.04 17:20:36 | 013,597,392 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\ABC\Desktop\SUPERAntiSpyware501142.exe [2012.03.04 17:18:46 | 000,000,680 | RHS- | M] () -- C:\Users\ABC\ntuser.pol [2012.03.04 16:58:10 | 000,007,680 | ---- | M] (Lavasoft AB) -- C:\Windows\SysWow64\drivers\RKL423D.tmp.sys [2012.02.17 17:03:59 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk [2012.02.17 16:50:48 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.17 16:00:02 | 004,974,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.05 13:59:49 | 000,002,749 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Editor.lnk ========== Files Created - No Company Name ========== [2012.03.05 00:39:41 | 000,001,150 | ---- | C] () -- C:\Users\ABC\Desktop\Mozilla Firefox.lnk [2012.03.04 22:21:37 | 000,000,521 | ---- | C] () -- C:\Users\ABC\Desktop\Netzwerk- und Freigabecenter - Verknüpfung.lnk [2012.03.04 17:41:47 | 000,387,584 | ---- | C] () -- C:\Users\ABC\Desktop\rescue2usb.exe [2012.03.04 17:41:22 | 259,418,112 | ---- | C] () -- C:\Users\ABC\Desktop\kav_rescue_10.iso [2012.03.04 17:21:11 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.04 17:20:52 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.04 17:18:56 | 000,001,410 | ---- | C] () -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.03.04 17:18:55 | 000,001,444 | ---- | C] () -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.03.04 17:18:46 | 000,000,680 | RHS- | C] () -- C:\Users\ABC\ntuser.pol [2012.02.17 17:03:59 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk [2012.02.17 16:58:15 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012.02.17 16:58:15 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012.02.05 13:59:49 | 000,002,749 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Editor.lnk [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.10.24 15:38:13 | 000,000,525 | ---- | C] () -- C:\Windows\QIII.INI [2011.10.24 14:24:30 | 000,075,844 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.09.05 16:26:54 | 000,000,264 | ---- | C] () -- C:\Windows\game.ini [2011.08.13 18:26:51 | 001,532,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.13 17:42:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.13 17:28:31 | 000,030,063 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.08.13 17:25:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.08.13 17:25:49 | 000,026,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 05.03.2012 17:12:18 - Run 4
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\ABC\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,44 Gb Available Physical Memory | 80,74% Memory free
15,95 Gb Paging File | 14,28 Gb Available in Paging File | 89,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 15,17 Gb Free Space | 25,48% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 109,65 Gb Free Space | 47,08% Space Free | Partition Type: NTFS
Drive M: | 976,56 Gb Total Space | 322,32 Gb Free Space | 33,01% Space Free | Partition Type: NTFS
Drive N: | 886,45 Gb Total Space | 166,86 Gb Free Space | 18,82% Space Free | Partition Type: NTFS
Computer Name: WIEST | User Name: ABC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office 2011\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office 2011\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office 2011\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office 2011\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{04077D50-954B-4365-84BF-02DE4702BA00}" = Pro Gaming Keyboard
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = MOUSE Editor
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{323F7AD9-1F4D-49E1-973B-80E1B6F1623A}" = NSU
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F021D637-BBDA-486B-96F0-225B62596C3B}" = Nero 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.0.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"FlatOut 3 (c) Strategy First_is1" = FlatOut 3 (c) Strategy First version 1
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"Garena" = Garena
"InstallShield_{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = Mouse Editor
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"LG PC Suite IV" = LG PC Suite IV
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 11.60.1185" = Opera 11.60
"Origin" = Origin
"Precision" = EVGA Precision 2.0.4
"RouterControl" = RouterControl 2.0
"SpeedFan" = SpeedFan (remove only)
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"Steam App 10" = Counter-Strike
"Steam App 30" = Day of Defeat
"Steam App 40" = Deathmatch Classic
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Winamp" = Winamp
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.03.2012 08:27:50 | Computer Name = Wiest | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error - 04.03.2012 11:50:04 | Computer Name = Wiest | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 04.03.2012 11:51:07 | Computer Name = Wiest | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 04.03.2012 12:05:45 | Computer Name = Wiest | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 04.03.2012 12:18:39 | Computer Name = Wiest | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 04.03.2012 15:46:54 | Computer Name = Wiest | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 04.03.2012 16:00:23 | Computer Name = Wiest | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 05.03.2012 01:17:29 | Computer Name = Wiest | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 05.03.2012 02:18:09 | Computer Name = Wiest | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 05.03.2012 12:09:57 | Computer Name = Wiest | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
[ System Events ]
Error - 30.01.2012 07:37:33 | Computer Name = Wiest | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 30.01.2012 07:37:41 | Computer Name = Wiest | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 30.01.2012 07:37:59 | Computer Name = Wiest | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 30.01.2012 09:35:42 | Computer Name = Wiest | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.01.2012 09:35:43 | Computer Name = Wiest | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.01.2012 09:35:43 | Computer Name = Wiest | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist von folgendem
Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.01.2012 09:35:43 | Computer Name = Wiest | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ntiomin
Error - 30.01.2012 09:35:45 | Computer Name = Wiest | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 30.01.2012 09:35:53 | Computer Name = Wiest | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 30.01.2012 09:35:58 | Computer Name = Wiest | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
|
|
05.03.2012, 19:48
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | achtung aus sicherheitsgründen wurde ihr windowssystem blockiertZitat:
__________________ |
|
07.03.2012, 21:55
| #3 |
| | achtung aus sicherheitsgründen wurde ihr windowssystem blockiert Malwarebytes Anti-Malware Log:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.04.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 ABC :: *befallener User* [Administrator] Schutz: Aktiviert 07.03.2012 21:42:23 mbam-log-2012-03-07 (21-42-23).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 331684 Laufzeit: 7 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/07/2012 at 09:46 PM
Application Version : 5.0.1144
Core Rules Database Version : 8302
Trace Rules Database Version: 6114
Scan type : Complete Scan
Total Scan Time : 00:08:18
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 581
Memory threats detected : 0
Registry items scanned : 47185
Registry threats detected : 0
File items scanned : 50585
File threats detected : 4
Adware.Tracking Cookie
data-ero-advertising.com [ C:\USERS\ABC\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z3RXCBW5 ]
media.adxpansion.com [ C:\USERS\ABC\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z3RXCBW5 ]
stat.easydate.biz [ C:\USERS\ABC\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z3RXCBW5 ]
.doubleclick.net [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
Es heißt der Trojaner nistet sich manchmal auch in die explorer.exe ein... Wenn das bei mir der Fall wäre, würde ja aber der 2. User ABC auch infiziert sein? Ist er aber nicht. D.h. für mich der Trojaner muss in dem Userverzeichnis von Account 1 sein, bei dem der Trojaner aufgetaucht ist. Seht ihr das auch so? |
|
07.03.2012, 23:32
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | achtung aus sicherheitsgründen wurde ihr windowssystem blockiertZitat:
So kann dir niemand helfen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.03.2012, 18:49
| #5 |
| | achtung aus sicherheitsgründen wurde ihr windowssystem blockiert Ok, das war ja auch eher als Frage gedacht... Ich dachte der Trojaner kann nur im Profil stecken, da das 2. Profil ja noch funktioniert? Welche Logs soll ich den nun Posten? Komplett Scanns von allen 4en? |
|
08.03.2012, 19:59
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | achtung aus sicherheitsgründen wurde ihr windowssystem blockiert Ja alle Logs oder soll ich alle wichtigen Infos über deinen Rechner besser aus der  beziehen, wäre dir das lieber? 
__________________ --> achtung aus sicherheitsgründen wurde ihr windowssystem blockiert Geändert von cosinus (08.03.2012 um 20:06 Uhr) |
|
11.03.2012, 14:38
| #7 |
| | achtung aus sicherheitsgründen wurde ihr windowssystem blockiert Here we go: OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.03.2012 21:12:56 - Run 5 OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\ABC\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,58 Gb Available Physical Memory | 69,94% Memory free 15,95 Gb Paging File | 13,60 Gb Available in Paging File | 85,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,53 Gb Total Space | 11,38 Gb Free Space | 19,12% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 108,83 Gb Free Space | 46,73% Space Free | Partition Type: NTFS Drive M: | 976,56 Gb Total Space | 322,32 Gb Free Space | 33,01% Space Free | Partition Type: NTFS Drive N: | 886,45 Gb Total Space | 166,86 Gb Free Space | 18,82% Space Free | Partition Type: NTFS Computer Name: **** | User Name: ABC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Users\ABC\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Pro Gaming Keyboard\traicon.exe () PRC - C:\Program Files (x86)\Pro Gaming Keyboard\Control.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\ABC\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\533deafc53346179cd118acc874752a3\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Pro Gaming Keyboard\traicon.exe () MOD - C:\Program Files (x86)\Pro Gaming Keyboard\Control.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office 2011\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.) DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.) DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc) DRV:64bit: - (ElanFltr) -- C:\Windows\SysNative\drivers\ElanFltr.sys (Waytech Development, Inc.) DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\drivers\lgbtpt64.sys (LG Electronics Inc.) DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\drivers\lgvmdm64.sys (LG Electronics Inc.) DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\drivers\lgbtbs64.sys (LG Electronics Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (Pnp680r) -- C:\Windows\SysNative\drivers\PnP680r.sys (Silicon Image, Inc) DRV - (AntiAries) -- C:\Windows\SysWOW64\drivers\RKL423D.tmp.sys (Lavasoft AB) DRV - (RTCore64) -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys () DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Almico Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2345042320-180625349-847000275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKU\S-1-5-21-2345042320-180625349-847000275-1001\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} IE - HKU\S-1-5-21-2345042320-180625349-847000275-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2345042320-180625349-847000275-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-2345042320-180625349-847000275-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2345042320-180625349-847000275-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.08 15:17:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.08 15:17:11 | 000,000,000 | ---D | M] [2012.03.05 00:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ABC\AppData\Roaming\mozilla\Extensions [2012.03.08 14:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ABC\AppData\Roaming\mozilla\Firefox\Profiles\evjy7et5.default\extensions [2012.03.08 14:59:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ABC\AppData\Roaming\mozilla\Firefox\Profiles\evjy7et5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.18 15:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.05 17:52:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.02.19 15:04:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.13 19:03:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 19:03:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.13 19:03:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.19 14:20:14 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.02.13 19:03:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 19:03:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 19:03:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.05 16:47:53 | 000,001,250 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office 2011\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office 2011\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-2345042320-180625349-847000275-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [K3805] C:\Program Files (x86)\Pro Gaming Keyboard\control.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2345042320-180625349-847000275-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2345042320-180625349-847000275-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2345042320-180625349-847000275-1004..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-2345042320-180625349-847000275-1004..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-2345042320-180625349-847000275-1004..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2345042320-180625349-847000275-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2345042320-180625349-847000275-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2345042320-180625349-847000275-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2345042320-180625349-847000275-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office 2011\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office 2011\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office 2011\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office 2011\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office 2011\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office 2011\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office 2011\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office 2011\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B287BA6-18B3-4BC8-915E-6E54119C0CDB}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office 2011\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.09 23:42:18 | 000,000,000 | ---D | C] -- C:\Users\ABC\Desktop\Von Slider [2012.03.08 23:51:29 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Adobe [2012.03.08 22:31:41 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Temp [2012.03.08 22:30:08 | 000,000,000 | ---D | C] -- C:\Users\ABC\Desktop\Film Simon [2012.03.08 22:21:44 | 000,000,000 | ---D | C] -- C:\Users\ABC\Desktop\Neuer Ordner [2012.03.08 22:13:29 | 000,000,000 | ---D | C] -- C:\Temp [2012.03.08 22:12:03 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Samsung [2012.03.08 22:12:01 | 000,000,000 | ---D | C] -- C:\Users\ABC\Documents\samsung [2012.03.08 22:12:01 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Samsung [2012.03.08 22:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny [2012.03.08 22:06:28 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Downloaded Installations [2012.03.08 18:35:23 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg [2012.03.08 18:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg [2012.03.08 18:35:02 | 001,052,672 | ---- | C] (CDDB, Inc.) -- C:\Windows\SysWow64\CDDBControl.dll [2012.03.08 18:26:11 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\CrashDumps [2012.03.08 18:24:39 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\NVIDIA [2012.03.08 18:24:30 | 000,000,000 | ---D | C] -- C:\Users\ABC\Documents\Corel VideoStudio Pro [2012.03.08 15:17:37 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Corel [2012.03.08 15:17:36 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Ulead Systems [2012.03.08 15:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2012.03.08 15:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate [2012.03.08 15:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc [2012.03.08 15:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software [2012.03.08 15:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media [2012.03.08 15:17:14 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages [2012.03.08 15:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.03.08 15:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.03.08 15:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.03.08 15:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.03.08 15:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo [2012.03.08 15:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2012.03.08 15:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio Pro X4 [2012.03.08 15:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems [2012.03.08 15:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis [2012.03.08 15:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel [2012.03.08 15:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems [2012.03.08 15:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components [2012.03.08 15:02:19 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\DVDVideoSoft_Ltd [2012.03.08 14:58:52 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\DVDVideoSoft [2012.03.05 17:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.03.05 17:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.03.05 17:44:45 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Skype [2012.03.05 00:39:42 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Mozilla [2012.03.05 00:39:42 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Mozilla [2012.03.04 22:22:19 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\ElevatedDiagnostics [2012.03.04 22:22:18 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\vlc [2012.03.04 20:58:38 | 000,000,000 | --SD | C] -- C:\Users\ABC\Desktop\Microsoft [2012.03.04 17:48:40 | 000,000,000 | ---D | C] -- C:\Users\ABC\Desktop\USB [2012.03.04 17:47:19 | 000,000,000 | ---D | C] -- C:\Users\ABC\Desktop\MP3 Stick [2012.03.04 17:43:42 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Nero_AG [2012.03.04 17:43:36 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Nero [2012.03.04 17:43:33 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Nero [2012.03.04 17:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.03.04 17:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.03.04 17:20:59 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\SUPERAntiSpyware.com [2012.03.04 17:20:30 | 013,597,392 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\ABC\Desktop\SUPERAntiSpyware501142.exe [2012.03.04 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Macromedia [2012.03.04 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Adobe [2012.03.04 17:19:44 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Malwarebytes [2012.03.04 17:19:19 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Opera [2012.03.04 17:19:19 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Opera [2012.03.04 17:18:59 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Intel Corporation [2012.03.04 17:18:55 | 000,000,000 | R--D | C] -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.03.04 17:18:55 | 000,000,000 | R--D | C] -- C:\Users\ABC\Searches [2012.03.04 17:18:55 | 000,000,000 | R--D | C] -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.03.04 17:18:49 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Identities [2012.03.04 17:18:48 | 000,000,000 | R--D | C] -- C:\Users\ABC\Contacts [2012.03.04 17:18:46 | 000,000,000 | --SD | C] -- C:\Users\ABC\AppData\Roaming\Microsoft [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Videos [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Saved Games [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Pictures [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Music [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Links [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Favorites [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Downloads [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Documents [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\Desktop [2012.03.04 17:18:46 | 000,000,000 | R--D | C] -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Vorlagen [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\AppData\Local\Verlauf [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\AppData\Local\Temporary Internet Files [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Startmenü [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\SendTo [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Recent [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Netzwerkumgebung [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Lokale Einstellungen [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Documents\Eigene Videos [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Documents\Eigene Musik [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Eigene Dateien [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Documents\Eigene Bilder [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Druckumgebung [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Cookies [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\AppData\Local\Anwendungsdaten [2012.03.04 17:18:46 | 000,000,000 | -HSD | C] -- C:\Users\ABC\Anwendungsdaten [2012.03.04 17:18:46 | 000,000,000 | -H-D | C] -- C:\Users\ABC\AppData [2012.03.04 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Temp [2012.03.04 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Microsoft Help [2012.03.04 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Local\Microsoft [2012.03.04 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\ABC\AppData\Roaming\Media Center Programs [2012.03.04 16:58:10 | 000,007,680 | ---- | C] (Lavasoft AB) -- C:\Windows\SysWow64\drivers\RKL423D.tmp.sys [2012.03.04 16:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.02.20 21:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.02.20 20:19:25 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2012.02.17 17:08:27 | 000,031,744 | ---- | C] (Google Inc) -- C:\Windows\SysNative\drivers\lgandadb.sys [2012.02.17 17:08:26 | 000,034,304 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgandmodem64.sys [2012.02.17 17:08:26 | 000,027,648 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lganddiag64.sys [2012.02.17 17:08:26 | 000,027,136 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgandgps64.sys [2012.02.17 17:08:26 | 000,019,456 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgandbus64.sys [2012.02.17 17:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite IV [2012.02.17 17:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.02.17 16:58:50 | 000,000,000 | ---D | C] -- C:\LGP990 [2012.02.17 16:58:23 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr90.dll [2012.02.17 16:58:23 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp90.dll [2012.02.17 16:58:23 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcm90.dll [2012.02.17 16:58:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll [2012.02.17 16:58:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll [2012.02.17 16:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool [2012.02.17 16:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX [2012.02.17 16:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics [2012.02.17 16:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.02.16 23:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.02.16 23:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.02.16 19:09:07 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.02.16 19:09:03 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.02.16 19:09:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012.02.16 19:09:02 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.02.16 19:08:57 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.02.16 19:08:57 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.02.16 19:08:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.02.16 19:08:56 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.02.16 19:08:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.02.16 19:08:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.02.16 19:08:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.10 21:13:51 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.10 21:13:51 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.10 21:13:49 | 000,001,213 | ---- | M] () -- C:\Users\ABC\Desktop\Desktop - Verknüpfung.lnk [2012.03.10 21:12:54 | 001,513,634 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.10 21:12:54 | 000,659,538 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.10 21:12:54 | 000,620,814 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.10 21:12:54 | 000,131,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.10 21:12:54 | 000,108,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.10 21:07:49 | 000,002,411 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012.03.10 21:06:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.10 00:17:13 | 000,124,565 | ---- | M] () -- C:\Users\ABC\Desktop\Retourenlabel2243491.pdf [2012.03.09 23:49:55 | 000,382,976 | ---- | M] () -- C:\Users\ABC\Desktop\Simon.VSP [2012.03.09 19:40:57 | 166,539,060 | ---- | M] () -- C:\Users\ABC\Desktop\Simon test 3.wmv [2012.03.09 12:56:16 | 000,561,109 | ---- | M] () -- C:\Users\ABC\Desktop\MGM_Casino_in_Las_Vegas.jpg [2012.03.09 02:14:57 | 087,733,084 | ---- | M] () -- C:\Users\ABC\Desktop\Simon test 2.wmv [2012.03.08 22:11:59 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.03.08 22:06:12 | 000,001,186 | ---- | M] () -- C:\Users\ABC\Desktop\Downloads - Verknüpfung.lnk [2012.03.08 21:53:59 | 005,585,226 | ---- | M] () -- C:\Users\ABC\Desktop\Simon.test.wmv [2012.03.08 18:38:23 | 005,003,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.08 15:16:42 | 000,000,568 | ---- | M] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk [2012.03.07 19:51:44 | 000,001,331 | ---- | M] () -- C:\Users\ABC\Desktop\Gamez - Verknüpfung.lnk [2012.03.05 17:52:08 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.05 00:39:41 | 000,001,150 | ---- | M] () -- C:\Users\ABC\Desktop\Mozilla Firefox.lnk [2012.03.04 22:21:37 | 000,000,521 | ---- | M] () -- C:\Users\ABC\Desktop\Netzwerk- und Freigabecenter - Verknüpfung.lnk [2012.03.04 17:44:13 | 259,418,112 | ---- | M] () -- C:\Users\ABC\Desktop\kav_rescue_10.iso [2012.03.04 17:41:48 | 000,387,584 | ---- | M] () -- C:\Users\ABC\Desktop\rescue2usb.exe [2012.03.04 17:21:11 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.04 17:20:52 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.04 17:20:36 | 013,597,392 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\ABC\Desktop\SUPERAntiSpyware501142.exe [2012.03.04 17:18:46 | 000,000,680 | RHS- | M] () -- C:\Users\ABC\ntuser.pol [2012.03.04 16:58:10 | 000,007,680 | ---- | M] (Lavasoft AB) -- C:\Windows\SysWow64\drivers\RKL423D.tmp.sys [2012.02.17 17:03:59 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk [2012.02.17 16:50:48 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.10 00:17:12 | 000,124,565 | ---- | C] () -- C:\Users\ABC\Desktop\Retourenlabel2243491.pdf [2012.03.09 19:24:18 | 166,539,060 | ---- | C] () -- C:\Users\ABC\Desktop\Simon test 3.wmv [2012.03.09 19:01:29 | 005,448,184 | ---- | C] () -- C:\Users\ABC\Desktop\Bryan Adams - Here I Am .mp3 [2012.03.09 18:59:36 | 004,466,816 | ---- | C] () -- C:\Users\ABC\Desktop\Bob Marley - Red Red Wine.mp3 [2012.03.09 18:58:11 | 004,036,777 | ---- | C] () -- C:\Users\ABC\Desktop\Laserkraft_3d_-_Nein_Mann_Official_Music_Video.mp3 [2012.03.09 18:57:42 | 003,682,348 | ---- | C] () -- C:\Users\ABC\Desktop\Owl_City_-_Fireflies_with_Lyrics.mp3 [2012.03.09 12:56:16 | 000,561,109 | ---- | C] () -- C:\Users\ABC\Desktop\MGM_Casino_in_Las_Vegas.jpg [2012.03.09 12:30:02 | 005,970,924 | ---- | C] () -- C:\Users\ABC\Desktop\Pharoahe Monch - Simon Says Get The Fuck Up.mp3 [2012.03.09 02:02:50 | 087,733,084 | ---- | C] () -- C:\Users\ABC\Desktop\Simon test 2.wmv [2012.03.09 00:01:14 | 000,382,976 | ---- | C] () -- C:\Users\ABC\Desktop\Simon.VSP [2012.03.08 22:11:59 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.03.08 22:06:12 | 000,001,186 | ---- | C] () -- C:\Users\ABC\Desktop\Downloads - Verknüpfung.lnk [2012.03.08 21:53:07 | 005,585,226 | ---- | C] () -- C:\Users\ABC\Desktop\Simon.test.wmv [2012.03.08 15:16:42 | 000,000,568 | ---- | C] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk [2012.03.07 19:51:48 | 000,000,210 | ---- | C] () -- C:\Users\ABC\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url [2012.03.07 19:51:44 | 000,001,331 | ---- | C] () -- C:\Users\ABC\Desktop\Gamez - Verknüpfung.lnk [2012.03.05 17:44:44 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.05 00:39:41 | 000,001,150 | ---- | C] () -- C:\Users\ABC\Desktop\Mozilla Firefox.lnk [2012.03.04 22:21:37 | 000,000,521 | ---- | C] () -- C:\Users\ABC\Desktop\Netzwerk- und Freigabecenter - Verknüpfung.lnk [2012.03.04 17:41:47 | 000,387,584 | ---- | C] () -- C:\Users\ABC\Desktop\rescue2usb.exe [2012.03.04 17:41:22 | 259,418,112 | ---- | C] () -- C:\Users\ABC\Desktop\kav_rescue_10.iso [2012.03.04 17:21:11 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.04 17:20:52 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.04 17:18:56 | 000,001,410 | ---- | C] () -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.03.04 17:18:55 | 000,001,444 | ---- | C] () -- C:\Users\ABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.03.04 17:18:46 | 000,000,680 | RHS- | C] () -- C:\Users\ABC\ntuser.pol [2012.02.17 17:03:59 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk [2012.02.17 16:58:15 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012.02.17 16:58:15 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.10.24 15:38:13 | 000,000,525 | ---- | C] () -- C:\Windows\QIII.INI [2011.10.24 14:24:30 | 000,075,844 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.09.05 16:26:54 | 000,000,264 | ---- | C] () -- C:\Windows\game.ini [2011.08.13 18:26:51 | 001,532,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.13 17:42:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.13 17:28:31 | 000,030,063 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.08.13 17:25:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.08.13 17:25:49 | 000,026,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.03.2012 21:12:56 - Run 5
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\ABC\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,58 Gb Available Physical Memory | 69,94% Memory free
15,95 Gb Paging File | 13,60 Gb Available in Paging File | 85,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 11,38 Gb Free Space | 19,12% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 108,83 Gb Free Space | 46,73% Space Free | Partition Type: NTFS
Drive M: | 976,56 Gb Total Space | 322,32 Gb Free Space | 33,01% Space Free | Partition Type: NTFS
Drive N: | 886,45 Gb Total Space | 166,86 Gb Free Space | 18,82% Space Free | Partition Type: NTFS
Computer Name: **** | User Name: ABC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office 2011\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office 2011\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office 2011\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office 2011\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8BB347A7-68B5-4E46-9FCC-17F6172BA9E1}" = Share64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{AA902C31-B49D-4608-BCCF-2519EB77722D}" = Corel VideoStudio Pro X4
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{04077D50-954B-4365-84BF-02DE4702BA00}" = Pro Gaming Keyboard
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = MOUSE Editor
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{323F7AD9-1F4D-49E1-973B-80E1B6F1623A}" = NSU
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3990E632-42C3-4A25-ADFF-1101E3D6DD47}" = VSClassic
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A567895C-1D23-48ED-BE83-FB3ED7D30442}" = IPM_VS_Pro
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AA902C31-B49D-4608-BCCF-2519EB77722D}" = ICA
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}" = VSPro
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}" = Share
"{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}" = PureHD
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C4778408-3268-45CE-AE15-772D1739A1F1}" = VIO
"{C6017EEA-9E51-4129-84BA-EFA9520E69D8}" = Common
"{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}" = Contents
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}" = DeviceIO
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D68897FC-7E8D-4849-819A-726B2489713C}" = ISCOM
"{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}" = Setup
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F021D637-BBDA-486B-96F0-225B62596C3B}" = Nero 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.0.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"FlatOut 3 (c) Strategy First_is1" = FlatOut 3 (c) Strategy First version 1
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"Garena" = Garena
"InstallShield_{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = Mouse Editor
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"LG PC Suite IV" = LG PC Suite IV
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 11.61.1250" = Opera 11.61
"Origin" = Origin
"Precision" = EVGA Precision 2.0.4
"RouterControl" = RouterControl 2.0
"SpeedFan" = SpeedFan (remove only)
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"Steam App 10" = Counter-Strike
"Steam App 30" = Day of Defeat
"Steam App 40" = Deathmatch Classic
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2345042320-180625349-847000275-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.03.2012 19:13:05 | Computer Name = **** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vstudio.exe, Version: 14.0.0.0, Zeitstempel:
0x4d242e0d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc015000f Fehleroffset: 0x000847db ID des fehlerhaften Prozesses:
0x1198 Startzeit der fehlerhaften Anwendung: 0x01ccfd80d95d80f4 Pfad der fehlerhaften
Anwendung: D:\Corel VideoStudio Pro X4\vstudio.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 421ee01a-6974-11e1-a317-f46d04e5aeee
Error - 08.03.2012 19:44:06 | Computer Name = **** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vstudio.exe, Version: 14.0.0.0, Zeitstempel:
0x4d242e0d Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel:
0x4dace5b9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003afb8 ID des fehlerhaften Prozesses:
0xd78 Startzeit der fehlerhaften Anwendung: 0x01ccfd81069ca7bf Pfad der fehlerhaften
Anwendung: D:\Corel VideoStudio Pro X4\vstudio.exe Pfad des fehlerhaften Moduls:
C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
97924381-6978-11e1-a317-f46d04e5aeee
Error - 09.03.2012 06:31:07 | Computer Name = **** | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 09.03.2012 08:34:29 | Computer Name = **** | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error - 09.03.2012 09:06:57 | Computer Name = **** | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 09.03.2012 10:11:42 | Computer Name = **** | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 09.03.2012 10:14:10 | Computer Name = **** | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 09.03.2012 11:56:36 | Computer Name = **** | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 09.03.2012 18:18:31 | Computer Name = **** | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 10.03.2012 16:06:48 | Computer Name = **** | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
[ System Events ]
Error - 30.01.2012 09:35:45 | Computer Name = **** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 30.01.2012 09:35:53 | Computer Name = **** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 30.01.2012 09:35:58 | Computer Name = **** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 30.01.2012 16:02:17 | Computer Name = **** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.01.2012 16:02:18 | Computer Name = **** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.01.2012 16:02:18 | Computer Name = **** | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist von folgendem
Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 30.01.2012 16:02:18 | Computer Name = **** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ntiomin
Error - 30.01.2012 16:02:20 | Computer Name = **** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 30.01.2012 16:02:28 | Computer Name = **** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 30.01.2012 16:02:35 | Computer Name = **** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
|
|
11.03.2012, 14:40
| #8 |
| | achtung aus sicherheitsgründen wurde ihr windowssystem blockiert SUPER ANtiSpyware Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/10/2012 at 09:52 PM
Application Version : 5.0.1144
Core Rules Database Version : 8302
Trace Rules Database Version: 6114
Scan type : Complete Scan
Total Scan Time : 00:42:58
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 586
Memory threats detected : 0
Registry items scanned : 47556
Registry threats detected : 0
File items scanned : 106171
File threats detected : 158
Adware.Tracking Cookie
track.shop2market.com [ C:\USERS\ABC\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z3RXCBW5 ]
farm1.netxmedia.net [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adxpansion.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.exoclick.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.exoclick.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.syndication.traffichaus.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.syndication.traffichaus.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.syndication.traffichaus.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
track.adcocktail.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
tracking.mlsat02.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.account.frogster-online.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
tracking.gameforge.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.aim4media.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
track.shop2market.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
viewad.exchangecash.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ABC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EVJY7ET5.DEFAULT\COOKIES.SQLITE ]
Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.04.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 ABC :: **** [Administrator] Schutz: Aktiviert 10.03.2012 21:09:04 mbam-log-2012-03-10 (21-09-04).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 554569 Laufzeit: 47 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
12.03.2012, 15:05
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | achtung aus sicherheitsgründen wurde ihr windowssystem blockiert Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu achtung aus sicherheitsgründen wurde ihr windowssystem blockiert |
| 64-bit, bho, blockiert, call of duty, crystaldiskinfo, device driver, document, error, excel, fehler, firefox, flash player, google, help, helper, install.exe, jdownloader, kaspersky, logfile, mbamservice.exe, microsoft office word, microsoft security, mozilla, mp3, nvidia update, object, origin, plug-in, realtek, registry, richtlinie, searchscopes, security, senden, software, super, system, teamspeak, trojaner, usb, usb 3.0, version=1.0, windows |
Linear-Darstellung
