| |
| |||||||
Log-Analyse und Auswertung: Windows Security Center - Achtung! Ihr Computer wurde gesperrt!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.03.2012, 17:03
| #16 |
 |  Windows Security Center - Achtung! Ihr Computer wurde gesperrt! Zu 9) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/23/2012 at 04:24 PM
Application Version : 5.0.1146
Core Rules Database Version : 8371
Trace Rules Database Version: 6183
Scan type : Complete Scan
Total Scan Time : 04:09:39
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 746
Memory threats detected : 0
Registry items scanned : 68693
Registry threats detected : 0
File items scanned : 138581
File threats detected : 19
Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\G4QAJZKL.txt [ /doubleclick.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EW6FPLPI.txt [ /revsci.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1MM4XO7W.txt [ /ad1.adfarm1.adition.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\BBDAO8Z1.txt [ /adfarm1.adition.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\RJVXY6W2.txt [ /apmebf.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\7C7KIL7Y.txt [ /2o7.net ]
C:\USERS\***\Cookies\G4QAJZKL.txt [ Cookie:***@doubleclick.net/ ]
C:\USERS\***\Cookies\BBDAO8Z1.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS\***\Cookies\RJVXY6W2.txt [ Cookie:***@apmebf.com/ ]
C:\USERS\***\Cookies\7C7KIL7Y.txt [ Cookie:***@2o7.net/ ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EP1LZ6R2.txt [ /serving-sys.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\4MCO3P5E.txt [ /ad.yieldmanager.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\X5E9X8OB.txt [ /revsci.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\31ESH0K8.txt [ /adform.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9HDFLK3I.txt [ /eas.apm.emediate.eu ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\BSHUMFGT.txt [ /track.adform.net ]
C:\USERS\***\Cookies\EP1LZ6R2.txt [ Cookie:***@serving-sys.com/ ]
C:\USERS\***\Cookies\4MCO3P5E.txt [ Cookie:***@ad.yieldmanager.com/ ]
C:\USERS\***\Cookies\BSHUMFGT.txt [ Cookie:***@track.adform.net/ ]
Code:
ATTFilter C:\Users\***\Desktop\Downloads\Microsoft.Office.Professional.Plus.2010.x86.SP1.VL.German-Madmax\MadmaxO1086SP1.iso Win32/HackKMS.C application deleted - quarantined
C:\_OTL\MovedFiles\03222012_151840\C_Users\***\AppData\Local\6e779b50\U\800000cb.@ Win64/Sirefef.M trojan cleaned by deleting - quarantined
|
|
23.03.2012, 23:40
| #17 |
| | Windows Security Center - Achtung! Ihr Computer wurde gesperrt! Zu 12)
__________________Code:
ATTFilter OTL logfile created on: 23.03.2012 23:28:47 - Run 5 OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,24% Memory free 6,30 Gb Paging File | 4,21 Gb Available in Paging File | 66,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,56 Gb Total Space | 14,21 Gb Free Space | 4,99% Space Free | Partition Type: NTFS Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS Drive E: | 566,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 931,51 Gb Total Space | 0,52 Gb Free Space | 0,06% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.14 04:55:58 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.08 17:26:29 | 005,529,208 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.11.22 13:16:56 | 038,907,216 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\LG_Smart_Scan.exe PRC - [2011.11.22 12:55:04 | 001,782,272 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\System_APP_Monitoring.exe PRC - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011.06.28 13:17:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.28 21:10:16 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.05 13:20:07 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.07.24 18:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009.07.23 11:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.02.17 05:49:50 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll MOD - [2012.02.17 05:48:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.17 05:48:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.17 05:48:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011.11.22 13:16:56 | 038,907,216 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\LG_Smart_Scan.exe MOD - [2011.11.22 12:55:32 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\PasteAsImage\PasteAsImage.dll MOD - [2011.11.22 12:55:24 | 000,681,472 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\PasteAsText\PasteAsText.dll MOD - [2011.11.22 12:55:22 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\Twitter\SharePlugin.dll MOD - [2011.11.22 12:55:22 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\Flickr\SharePlugin.dll MOD - [2011.11.22 12:55:22 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\Facebook\SharePlugin.dll MOD - [2011.11.22 12:55:04 | 001,782,272 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\System_APP_Monitoring.exe MOD - [2011.11.22 12:54:50 | 000,094,720 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\WinMail\WinMail.dll MOD - [2011.11.22 12:54:40 | 001,106,432 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\Ocr_LIB.dll MOD - [2011.11.22 12:53:06 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\App_LIB_ComponentConnection.dll MOD - [2011.11.22 12:49:56 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\App_LIB_XLogger.dll MOD - [2011.10.13 20:21:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.10.04 13:30:50 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\libsvm.dll MOD - [2011.08.30 16:43:18 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\DLL_OvtApi.dll MOD - [2011.08.22 09:01:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011.08.22 09:01:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2011.08.22 09:01:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011.08.22 09:01:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011.08.22 09:01:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011.06.24 14:59:10 | 002,293,248 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtCore4.dll MOD - [2011.06.08 12:25:16 | 001,927,680 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\isam.dll MOD - [2011.06.08 12:25:14 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\OVBaseIF.dll MOD - [2011.06.08 12:25:14 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\DXCore.dll MOD - [2011.06.08 12:25:14 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\SCCBCore.dll MOD - [2011.03.30 11:49:10 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qico4.dll MOD - [2011.03.30 11:49:02 | 000,284,672 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qtiff4.dll MOD - [2011.03.30 11:48:46 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qsvg4.dll MOD - [2011.03.30 11:48:38 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qmng4.dll MOD - [2011.03.30 11:48:22 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qgif4.dll MOD - [2011.03.30 11:48:14 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qjpeg4.dll MOD - [2011.03.30 11:40:12 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtWebKit4.dll MOD - [2011.03.30 08:34:20 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtSvg4.dll MOD - [2011.03.30 08:31:28 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\phonon4.dll MOD - [2011.03.30 08:24:18 | 000,697,856 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtOpenGL4.dll MOD - [2011.03.30 08:16:34 | 008,173,568 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtGui4.dll MOD - [2011.03.30 07:59:26 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtNetwork4.dll MOD - [2011.03.30 07:57:58 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtXml4.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.06.04 20:00:28 | 000,004,608 | ---- | M] () -- C:\Windows\SysWOW64\zipfldra.dll MOD - [2009.07.24 18:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll MOD - [2009.07.24 18:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll MOD - [2009.07.24 18:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll MOD - [2009.07.23 11:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.07.08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2009.07.02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - [2012.02.23 19:52:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.06.28 13:17:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 21:10:16 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.10 14:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2011.06.28 13:17:19 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 13:17:19 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.26 20:49:28 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07) DRV:64bit: - [2011.05.18 19:12:07 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.02.25 16:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.09.22 01:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.07.21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.07.15 00:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2009.07.08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2009.07.02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.05.23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.03.09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus) DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2003.04.18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/ IE - HKCU\..\SearchScopes,DefaultScope = {F8D81E60-73A0-4D9D-A665-238254E226E4} IE - HKCU\..\SearchScopes\{F8D81E60-73A0-4D9D-A665-238254E226E4}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_deDE392 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 21:36:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 21:36:01 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012.03.22 15:19:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (no name) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - No CLSID value found. O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LG Mouse Scanner.lnk = C:\Program Files (x86)\LG Mouse Scanner\LG_Smart_Scan.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1003CBEC-F7D5-466D-B0DF-23B5A3219CAA}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B7970C-4514-485A-9B59-A6C32002E811}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD92F0B3-F6AE-42E5-A2EB-250EB86FA7E6}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20 - AppInit_DLLs: (zipfldra.dll) - C:\Windows\SysWow64\zipfldra.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.07.27 04:38:16 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.23 23:28:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\OTL [2012.03.23 17:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.03.23 16:08:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ringe_31 [2012.03.23 16:03:30 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\hose [2012.03.23 12:13:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2012.03.23 12:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.03.23 12:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.03.23 12:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.03.22 15:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.03.22 15:39:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.03.22 15:39:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.03.22 15:39:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.03.20 16:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.20 16:24:15 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.20 16:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.20 15:47:26 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.19 23:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.03.19 23:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.03.19 21:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2012.03.19 21:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2012.03.16 21:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY [2012.03.16 21:03:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ABBYY [2012.03.16 21:03:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ABBYY [2012.03.16 21:02:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LG Electronics [2012.03.16 21:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Mouse Scanner [2012.03.16 21:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Mouse Scanner [2012.03.15 03:04:02 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.03.15 03:04:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.03.15 03:04:00 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.03.14 13:47:02 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.14 13:38:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.03.14 13:38:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.03.14 13:38:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.03.14 13:38:33 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.14 13:38:32 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.03.14 04:55:55 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.14 02:22:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.03.14 02:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.14 02:16:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2012.03.14 02:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012.03.10 19:23:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ringe_32 [2012.03.08 01:00:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Unsortiert [2012.03.05 19:04:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nero [2012.03.05 18:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.03.05 18:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.03.05 18:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.03.05 18:44:41 | 000,015,920 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVolUp.sys [2012.03.05 18:44:37 | 000,072,240 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVol.sys [2012.03.05 18:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012.03.05 18:43:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2012.03.05 18:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2012.02.27 19:45:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\StreamTransport [2012.02.25 01:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone [2012.02.25 01:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone [2012.02.25 01:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone [2012.02.23 21:21:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\2K Games [2012.02.23 21:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.02.23 21:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.02.23 19:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012.02.23 19:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared ========== Files - Modified Within 30 Days ========== [2012.03.23 23:27:50 | 001,521,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.23 23:27:50 | 000,662,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.23 23:27:50 | 000,623,288 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.23 23:27:50 | 000,133,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.23 23:27:50 | 000,109,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.23 17:00:33 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.23 17:00:33 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.23 16:51:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.23 16:51:34 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys [2012.03.23 14:29:10 | 000,806,930 | ---- | M] () -- C:\Users\***\Desktop\dhl-nachforschungsauftrag-national-01-2011.pdf [2012.03.23 12:14:10 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.23 01:22:32 | 002,328,170 | ---- | M] () -- C:\Users\***\Desktop\strassenauszucker5.pdf [2012.03.23 00:34:37 | 003,033,723 | ---- | M] () -- C:\Users\***\Desktop\strassenauszucker6.pdf [2012.03.22 15:38:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.03.22 15:38:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.03.22 15:38:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.03.22 15:38:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.03.22 15:19:39 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012.03.20 16:24:22 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.20 16:20:07 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.03.20 15:39:34 | 001,058,257 | ---- | M] () -- C:\Users\***\Desktop\Sinnkonstitution_und_Geltungsrechtfertigung._Wibke_Petras.[1].pdf [2012.03.17 20:13:56 | 000,059,469 | ---- | M] () -- C:\Users\***\Desktop\JP-DvL-12-presstext-de.pdf [2012.03.16 21:40:42 | 036,630,016 | ---- | M] () -- C:\Users\***\Desktop\Waldenfels - Sinne und Künste im Wechselspiel.mp3 [2012.03.16 21:11:50 | 000,001,806 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LG Mouse Scanner.lnk [2012.03.15 09:51:30 | 004,996,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.14 04:55:58 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.05 18:30:55 | 000,000,034 | ---- | M] () -- C:\Windows\DTLite.INI ========== Files Created - No Company Name ========== [2012.03.23 14:29:09 | 000,806,930 | ---- | C] () -- C:\Users\***\Desktop\dhl-nachforschungsauftrag-national-01-2011.pdf [2012.03.23 12:13:20 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.23 01:22:29 | 002,328,170 | ---- | C] () -- C:\Users\***\Desktop\strassenauszucker5.pdf [2012.03.23 00:34:35 | 003,033,723 | ---- | C] () -- C:\Users\***\Desktop\strassenauszucker6.pdf [2012.03.20 16:24:22 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.20 16:20:06 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.03.20 15:39:34 | 001,058,257 | ---- | C] () -- C:\Users\***\Desktop\Sinnkonstitution_und_Geltungsrechtfertigung._Wibke_Petras.[1].pdf [2012.03.17 20:13:56 | 000,059,469 | ---- | C] () -- C:\Users\***\Desktop\JP-DvL-12-presstext-de.pdf [2012.03.16 21:40:32 | 036,630,016 | ---- | C] () -- C:\Users\***\Desktop\Waldenfels - Sinne und Künste im Wechselspiel.mp3 [2012.03.16 21:11:50 | 000,001,806 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LG Mouse Scanner.lnk [2012.03.05 18:30:55 | 000,000,034 | ---- | C] () -- C:\Windows\DTLite.INI [2012.02.23 21:23:35 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll [2012.02.16 00:35:20 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.02.16 00:35:20 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.01.17 09:17:32 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{B9A2CC7C-E572-4C7E-9A7C-573B0FF0BEFE} [2012.01.12 23:16:57 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.12.04 13:14:00 | 000,038,432 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR [2011.12.04 13:13:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2011.12.04 13:12:50 | 000,038,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.09.28 22:18:53 | 000,000,055 | ---- | C] () -- C:\Users\***\AppData\Roaming\Win-HaBu.ini [2011.08.04 01:00:59 | 000,218,374 | ---- | C] () -- C:\Windows\hpoins39.dat.temp [2011.08.04 01:00:59 | 000,000,629 | ---- | C] () -- C:\Windows\hpomdl39.dat.temp [2011.08.03 15:25:33 | 000,000,298 | ---- | C] () -- C:\Windows\Clony2.ini [2011.07.15 16:24:52 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys [2011.07.15 16:24:52 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys [2011.05.26 20:35:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll [2011.03.23 02:27:53 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini [2011.02.19 12:19:00 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2011.01.28 05:23:15 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\AVLibrary.dll [2011.01.08 23:44:42 | 000,000,138 | ---- | C] () -- C:\Windows\trsubreader.INI [2010.12.19 17:03:54 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.09.19 14:06:27 | 000,302,592 | ---- | C] () -- C:\Windows\mauninst.exe [2010.07.08 21:18:44 | 000,209,177 | ---- | C] () -- C:\Windows\hpoins39.dat [2010.06.08 12:33:30 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe [2010.06.08 12:26:36 | 000,000,195 | ---- | C] () -- C:\Windows\IfoEdit.INI [2010.06.07 07:59:12 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI [2010.06.04 20:00:28 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\zipfldra.dll [2010.06.02 16:27:59 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.17 15:23:34 | 000,010,752 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.20 18:40:35 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll [2010.04.20 18:40:35 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.04.15 15:35:48 | 003,198,860 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.JPG [2010.04.15 15:35:46 | 003,088,891 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.0 [2010.04.13 15:14:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat ========== LOP Check ========== [2011.12.23 17:06:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2010.04.15 12:36:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2010.11.30 20:57:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.03.22 15:40:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent [2011.07.22 11:23:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\biu software [2011.01.08 21:47:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Boilsoft [2011.05.31 20:03:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2012.03.22 15:40:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.02.23 17:44:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2011.02.16 02:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DL [2010.12.20 14:32:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileMaker [2011.09.24 03:30:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC [2011.04.08 19:16:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2010.06.08 10:34:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImTOO [2011.03.25 04:02:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iSilo [2010.07.28 21:17:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.12.23 17:02:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOVAVI [2011.09.23 13:51:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2011.04.13 19:01:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook [2011.08.14 15:24:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDAppFlex [2011.10.03 17:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pogo [2011.08.03 15:20:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC [2011.01.26 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg [2011.08.05 23:06:13 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Virtual CD v10 [2011.08.13 15:29:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft [2011.10.03 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom [2010.04.13 15:14:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs [2012.03.22 15:06:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.03.2012 23:28:47 - Run 5
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,24% Memory free
6,30 Gb Paging File | 4,21 Gb Available in Paging File | 66,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 14,21 Gb Free Space | 4,99% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS
Drive E: | 566,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 931,51 Gb Total Space | 0,52 Gb Free Space | 0,06% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Proxy1984\Proxy1984.exe" = C:\Program Files (x86)\Proxy1984\Proxy1984.exe:*:Enabled:Inkognito -- (SRWare)
"C:\Program Files (x86)\Proxy1984\Proxy1984.exe" = C:\Program Files (x86)\Proxy1984\Proxy1984.exe:*:Enabled:Inkognito -- (SRWare)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3A634415-DE75-4433-B9AB-5171A2BAFF37}" = Classic Shell
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{79A72AAD-7ED4-49D8-872D-D1465061F9DB}" = HP Photosmart Wireless B109n-z All-in-One Driver 14.0 Rel. 6
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = welcome
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5CB79EE7-301F-4AE7-A76D-D27BF8942E0A}" = Nero 11
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{601F2C04-4E0A-464F-B9FE-4FD140098E21}" = PS_AIO_06_B109n-z_SW_Min
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97821186-7938-4FC5-9171-8B508D6DE35A}" = LG Mouse Scanner
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B132E67C-EEA5-492B-B368-543CD88D8569}" = AnyDVD Registration
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{B66222B3-1D51-412C-80B7-E335C2C78EA3}" = calibre
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F428DC33-C0E4-40A8-BFC3-B59957F86FE0}" = B109n-z
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent
"D - metallbaupraxis 2010.2 (September)_is1" = D - metallbaupraxis 2010.2 (September)
"Digitale Bibliothek 5" = Digitale Bibliothek 5
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 10" = FL Studio 10
"FL Studio 8" = FL Studio 8
"HP Photo Creations" = HP Photo Creations
"IL Download Manager" = IL Download Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Monopoly Deluxe" = Monopoly Deluxe
"Morphine" = Morphine
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9
"ReNamer_is1" = ReNamer
"Soulseek2" = SoulSeek 157 NS 13e
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
23.03.2012, 23:54
| #18 |
| | Windows Security Center - Achtung! Ihr Computer wurde gesperrt! Folgende Probleme treten weiterhin auf: Windows Firewall kann nicht aktiviert werden: "Einige der Einstellungen können von der Windows Firewall nicht geändert werden. Fehlercode 0x80070424. Habe ein Bild angehängt.
__________________Weiteres Problem: Auf meiner Festplatte (auch der externen) sind plötzlich Ordner aufgetaucht mit einem Schloss dran. Diese Ordner können nicht gelöscht werden..? Habe ein Bild angehängt. |
|
24.03.2012, 09:01
| #19 | |||
| /// Helfer-Team    | Windows Security Center - Achtung! Ihr Computer wurde gesperrt! wie soll man Dir helfen, wenn Du "solche Müll" auf dein Rechner hast?!  1. AnyDVD SlySoft - Zur Info:<- "Hacker-Tools" hast Du das Progi AnyDVD aus "unsichere Quelle" installiert? 2. Code:
ATTFilter BitTorrent
Zitat:
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!  Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen! 3. bewußt verwendest? eins muss ich Dir sagen und kannst mir glauben: Anonymität existiert im Internet nicht! Zitat:
Gehe in den abgesicherten Modus ♦ Drücke bevor das Windows-Logo erscheint, mehrmals die F8-Taste. ♦ Wähle in der Liste, die nun erscheint, den abgesicherten Modus aus. 5. Zitat:
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.faz.net/
IE - HKCU\..\SearchScopes,DefaultScope = {F8D81E60-73A0-4D9D-A665-238254E226E4}
IE - HKCU\..\SearchScopes\{F8D81E60-73A0-4D9D-A665-238254E226E4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_deDE392
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O20 - AppInit_DLLs: (zipfldra.dll) - C:\Windows\SysWow64\zipfldra.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.27 04:38:16 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
:Files
C:\Windows\SysWow64\zipfldra.dll
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
6. starte im normalen Modus jetzt auf 7. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
24.03.2012, 12:53
| #20 |
| | Windows Security Center - Achtung! Ihr Computer wurde gesperrt! zu 5) Was meinst du genau damit? "Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!" Sprichst du von dem Logfile bzw. den Logfiles (OTL und Extra), die nach dem Scan erstellt wurden? Was haben die mit dem Fix zu tun? Die werden aber nicht mit in den Kasten kopiert, sondern nur das Script, oder? Das kam bei raus: Code:
ATTFilter All processes killed
Error: Unable to interpret <:OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/ IE - HKCU\..\SearchScopes,DefaultScope = {F8D81E60-73A0-4D9D-A665-238254E226E4} IE - HKCU\..\SearchScopes\{F8D81E60-73A0-4D9D-A665-238254E226E4}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_deDE392 O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - No CLSID value found. O4 - HKCU..\Run: [AdobeBridge] File not found O20 - AppInit_DLLs: (zipfldra.dll) - C:\Windows\SysWow64\zipfldra.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.07.27 04:38:16 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ] :Files C:\Windows\SysWow64\zipfldra.dll ipconfig /flushdns /c :Commands [purity] [emptytemp] > in the current context!
OTL by OldTimer - Version 3.2.36.3 log created on 03242012_124456
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
24.03.2012, 13:03
| #21 |
| | Windows Security Center - Achtung! Ihr Computer wurde gesperrt! zu 7) Code:
ATTFilter OTL logfile created on: 24.03.2012 12:54:37 - Run 6 OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,81% Memory free 7,99 Gb Paging File | 5,73 Gb Available in Paging File | 71,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,56 Gb Total Space | 10,84 Gb Free Space | 3,81% Space Free | Partition Type: NTFS Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 0,52 Gb Free Space | 0,06% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.14 04:55:58 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.08 17:26:29 | 005,529,208 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.11.22 13:16:56 | 038,907,216 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\LG_Smart_Scan.exe PRC - [2011.11.22 12:55:04 | 001,782,272 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\System_APP_Monitoring.exe PRC - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011.06.28 13:17:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.28 21:10:16 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.05 13:20:07 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.07.24 18:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009.07.23 11:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.02.17 05:49:50 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll MOD - [2012.02.17 05:48:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.17 05:48:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.17 05:48:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011.11.22 13:16:56 | 038,907,216 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\LG_Smart_Scan.exe MOD - [2011.11.22 12:55:32 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\PasteAsImage\PasteAsImage.dll MOD - [2011.11.22 12:55:24 | 000,681,472 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\PasteAsText\PasteAsText.dll MOD - [2011.11.22 12:55:22 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\Twitter\SharePlugin.dll MOD - [2011.11.22 12:55:22 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\Flickr\SharePlugin.dll MOD - [2011.11.22 12:55:22 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\Facebook\SharePlugin.dll MOD - [2011.11.22 12:55:04 | 001,782,272 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\System_APP_Monitoring.exe MOD - [2011.11.22 12:54:50 | 000,094,720 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\WinMail\WinMail.dll MOD - [2011.11.22 12:54:40 | 001,106,432 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\Ocr_LIB.dll MOD - [2011.11.22 12:53:06 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\App_LIB_ComponentConnection.dll MOD - [2011.11.22 12:49:56 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\App_LIB_XLogger.dll MOD - [2011.10.13 20:21:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.10.04 13:30:50 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\libsvm.dll MOD - [2011.08.30 16:43:18 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\DLL_OvtApi.dll MOD - [2011.08.22 09:01:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011.08.22 09:01:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2011.08.22 09:01:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011.08.22 09:01:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011.08.22 09:01:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011.06.24 14:59:10 | 002,293,248 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtCore4.dll MOD - [2011.06.08 12:25:16 | 001,927,680 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\isam.dll MOD - [2011.06.08 12:25:14 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\OVBaseIF.dll MOD - [2011.06.08 12:25:14 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\DXCore.dll MOD - [2011.06.08 12:25:14 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\SCCBCore.dll MOD - [2011.03.30 11:49:10 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qico4.dll MOD - [2011.03.30 11:49:02 | 000,284,672 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qtiff4.dll MOD - [2011.03.30 11:48:46 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qsvg4.dll MOD - [2011.03.30 11:48:38 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qmng4.dll MOD - [2011.03.30 11:48:22 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qgif4.dll MOD - [2011.03.30 11:48:14 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\plugins\imageformats\qjpeg4.dll MOD - [2011.03.30 11:40:12 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtWebKit4.dll MOD - [2011.03.30 08:34:20 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtSvg4.dll MOD - [2011.03.30 08:31:28 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\phonon4.dll MOD - [2011.03.30 08:24:18 | 000,697,856 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtOpenGL4.dll MOD - [2011.03.30 08:16:34 | 008,173,568 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtGui4.dll MOD - [2011.03.30 07:59:26 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtNetwork4.dll MOD - [2011.03.30 07:57:58 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\LG Mouse Scanner\QtXml4.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.06.04 20:00:28 | 000,004,608 | ---- | M] () -- C:\Windows\SysWOW64\zipfldra.dll MOD - [2009.07.24 18:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll MOD - [2009.07.24 18:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll MOD - [2009.07.24 18:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll MOD - [2009.07.23 11:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.07.08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2009.07.02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - [2012.02.23 19:52:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.06.28 13:17:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 21:10:16 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.10 14:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2011.06.28 13:17:19 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 13:17:19 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.26 20:49:28 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07) DRV:64bit: - [2011.05.18 19:12:07 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.02.25 16:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.09.22 01:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.07.21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.07.15 00:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2009.07.08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2009.07.02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.05.23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.03.09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus) DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2003.04.18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/ IE - HKCU\..\SearchScopes,DefaultScope = {F8D81E60-73A0-4D9D-A665-238254E226E4} IE - HKCU\..\SearchScopes\{F8D81E60-73A0-4D9D-A665-238254E226E4}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_deDE392 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 21:36:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 21:36:01 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012.03.22 15:19:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (no name) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - No CLSID value found. O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LG Mouse Scanner.lnk = C:\Program Files (x86)\LG Mouse Scanner\LG_Smart_Scan.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1003CBEC-F7D5-466D-B0DF-23B5A3219CAA}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B7970C-4514-485A-9B59-A6C32002E811}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD92F0B3-F6AE-42E5-A2EB-250EB86FA7E6}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20 - AppInit_DLLs: (zipfldra.dll) - C:\Windows\SysWow64\zipfldra.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.23 23:28:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\OTL [2012.03.23 17:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.03.23 16:08:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ringe_31 [2012.03.23 16:03:30 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\hose [2012.03.23 12:13:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2012.03.23 12:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.03.23 12:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.03.23 12:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.03.22 15:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.03.22 15:39:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.03.22 15:39:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.03.22 15:39:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.03.20 16:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.20 16:24:15 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.20 16:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.20 15:47:26 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.19 23:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.03.19 23:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.03.19 21:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2012.03.19 21:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2012.03.16 21:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY [2012.03.16 21:03:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ABBYY [2012.03.16 21:03:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ABBYY [2012.03.16 21:02:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LG Electronics [2012.03.16 21:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Mouse Scanner [2012.03.16 21:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Mouse Scanner [2012.03.15 03:04:02 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.03.15 03:04:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.03.15 03:04:00 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.03.14 13:47:02 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.14 13:38:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.03.14 13:38:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.03.14 13:38:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.03.14 13:38:33 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.14 13:38:32 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.03.14 04:55:55 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.14 02:22:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.03.14 02:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.14 02:16:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2012.03.14 02:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012.03.10 19:23:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ringe_32 [2012.03.08 01:00:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Unsortiert [2012.03.05 19:04:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nero [2012.03.05 18:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.03.05 18:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.03.05 18:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.03.05 18:44:41 | 000,015,920 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVolUp.sys [2012.03.05 18:44:37 | 000,072,240 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVol.sys [2012.03.05 18:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012.03.05 18:43:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2012.03.05 18:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2012.02.27 19:45:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\StreamTransport [2012.02.25 01:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone [2012.02.25 01:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone [2012.02.25 01:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone [2012.02.23 21:21:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\2K Games [2012.02.23 21:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.02.23 21:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.02.23 19:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012.02.23 19:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared ========== Files - Modified Within 30 Days ========== [2012.03.24 12:54:45 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.24 12:54:45 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.24 12:45:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.24 12:45:44 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys [2012.03.24 12:44:30 | 000,000,162 | -H-- | M] () -- C:\Users\***\Desktop\~$kument.rtf [2012.03.24 12:43:59 | 000,000,162 | -H-- | M] () -- C:\Users\***\Desktop\~$kument.odt [2012.03.24 11:48:47 | 000,003,140 | ---- | M] () -- C:\Users\***\Desktop\Dokument.odt [2012.03.24 11:48:42 | 000,001,660 | ---- | M] () -- C:\Users\***\Desktop\Dokument.rtf [2012.03.24 04:17:51 | 000,001,808 | ---- | M] () -- C:\Users\***\Desktop\Liessmann, Phil. der modernen Kunst WS10 - Verknüpfung.lnk [2012.03.24 04:14:46 | 085,929,481 | ---- | M] () -- C:\Users\***\Desktop\Antiakademisches Philosophieren 2.mp3 [2012.03.24 04:14:26 | 084,419,812 | ---- | M] () -- C:\Users\***\Desktop\Antiakademisches Philosophieren 1.mp3 [2012.03.24 04:11:55 | 056,807,783 | ---- | M] () -- C:\Users\***\Desktop\Der Zwang.mp3 [2012.03.24 04:09:57 | 054,775,479 | ---- | M] () -- C:\Users\***\Desktop\Deleuze. Eine Philosophie der Begriffe 2.mp3 [2012.03.24 04:09:10 | 053,688,785 | ---- | M] () -- C:\Users\***\Desktop\Deleuze. Eine Philosophie der Begriffe 1.mp3 [2012.03.24 04:06:17 | 000,001,285 | ---- | M] () -- C:\Users\***\Desktop\Gilles Deleuze - Verknüpfung.lnk [2012.03.24 01:54:09 | 000,030,458 | ---- | M] () -- C:\Users\***\Desktop\Lieber Martin.jpg [2012.03.23 23:27:50 | 001,521,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.23 23:27:50 | 000,662,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.23 23:27:50 | 000,623,288 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.23 23:27:50 | 000,133,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.23 23:27:50 | 000,109,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.23 14:29:10 | 000,806,930 | ---- | M] () -- C:\Users\***\Desktop\dhl-nachforschungsauftrag-national-01-2011.pdf [2012.03.23 12:14:10 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.23 01:22:32 | 002,328,170 | ---- | M] () -- C:\Users\***\Desktop\strassenauszucker5.pdf [2012.03.23 00:34:37 | 003,033,723 | ---- | M] () -- C:\Users\***\Desktop\strassenauszucker6.pdf [2012.03.22 15:38:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.03.22 15:38:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.03.22 15:38:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.03.22 15:38:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.03.22 15:19:39 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012.03.20 16:24:22 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.20 16:20:07 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.03.20 15:39:34 | 001,058,257 | ---- | M] () -- C:\Users\***\Desktop\Sinnkonstitution_und_Geltungsrechtfertigung._Wibke_Petras.[1].pdf [2012.03.17 20:13:56 | 000,059,469 | ---- | M] () -- C:\Users\***\Desktop\JP-DvL-12-presstext-de.pdf [2012.03.16 21:40:42 | 036,630,016 | ---- | M] () -- C:\Users\***\Desktop\Waldenfels - Sinne und Künste im Wechselspiel.mp3 [2012.03.16 21:11:50 | 000,001,806 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LG Mouse Scanner.lnk [2012.03.15 09:51:30 | 004,996,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.14 04:55:58 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.03.05 18:30:55 | 000,000,034 | ---- | M] () -- C:\Windows\DTLite.INI ========== Files Created - No Company Name ========== [2012.03.24 12:44:30 | 000,000,162 | -H-- | C] () -- C:\Users\***\Desktop\~$kument.rtf [2012.03.24 12:43:59 | 000,000,162 | -H-- | C] () -- C:\Users\***\Desktop\~$kument.odt [2012.03.24 11:48:47 | 000,003,140 | ---- | C] () -- C:\Users\***\Desktop\Dokument.odt [2012.03.24 11:48:42 | 000,001,660 | ---- | C] () -- C:\Users\***\Desktop\Dokument.rtf [2012.03.24 04:17:53 | 000,001,808 | ---- | C] () -- C:\Users\***\Desktop\Liessmann, Phil. der modernen Kunst WS10 - Verknüpfung.lnk [2012.03.24 04:14:46 | 085,929,481 | ---- | C] () -- C:\Users\***\Desktop\Antiakademisches Philosophieren 2.mp3 [2012.03.24 04:14:26 | 084,419,812 | ---- | C] () -- C:\Users\***\Desktop\Antiakademisches Philosophieren 1.mp3 [2012.03.24 04:11:55 | 056,807,783 | ---- | C] () -- C:\Users\***\Desktop\Der Zwang.mp3 [2012.03.24 04:09:57 | 054,775,479 | ---- | C] () -- C:\Users\***\Desktop\Deleuze. Eine Philosophie der Begriffe 2.mp3 [2012.03.24 04:09:10 | 053,688,785 | ---- | C] () -- C:\Users\***\Desktop\Deleuze. Eine Philosophie der Begriffe 1.mp3 [2012.03.24 04:06:20 | 000,001,285 | ---- | C] () -- C:\Users\***\Desktop\Gilles Deleuze - Verknüpfung.lnk [2012.03.24 01:59:27 | 000,030,458 | ---- | C] () -- C:\Users\***\Desktop\Lieber Martin.jpg [2012.03.23 14:29:09 | 000,806,930 | ---- | C] () -- C:\Users\***\Desktop\dhl-nachforschungsauftrag-national-01-2011.pdf [2012.03.23 12:13:20 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.03.23 01:22:29 | 002,328,170 | ---- | C] () -- C:\Users\***\Desktop\strassenauszucker5.pdf [2012.03.23 00:34:35 | 003,033,723 | ---- | C] () -- C:\Users\***\Desktop\strassenauszucker6.pdf [2012.03.20 16:24:22 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.20 16:20:06 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.03.20 15:39:34 | 001,058,257 | ---- | C] () -- C:\Users\***\Desktop\Sinnkonstitution_und_Geltungsrechtfertigung._Wibke_Petras.[1].pdf [2012.03.17 20:13:56 | 000,059,469 | ---- | C] () -- C:\Users\***\Desktop\JP-DvL-12-presstext-de.pdf [2012.03.16 21:40:32 | 036,630,016 | ---- | C] () -- C:\Users\***\Desktop\Waldenfels - Sinne und Künste im Wechselspiel.mp3 [2012.03.16 21:11:50 | 000,001,806 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LG Mouse Scanner.lnk [2012.03.05 18:30:55 | 000,000,034 | ---- | C] () -- C:\Windows\DTLite.INI [2012.02.23 21:23:35 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll [2012.02.16 00:35:20 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.02.16 00:35:20 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.01.17 09:17:32 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{B9A2CC7C-E572-4C7E-9A7C-573B0FF0BEFE} [2012.01.12 23:16:57 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.12.04 13:14:00 | 000,038,432 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR [2011.12.04 13:13:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2011.12.04 13:12:50 | 000,038,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.09.28 22:18:53 | 000,000,055 | ---- | C] () -- C:\Users\***\AppData\Roaming\Win-HaBu.ini [2011.08.04 01:00:59 | 000,218,374 | ---- | C] () -- C:\Windows\hpoins39.dat.temp [2011.08.04 01:00:59 | 000,000,629 | ---- | C] () -- C:\Windows\hpomdl39.dat.temp [2011.08.03 15:25:33 | 000,000,298 | ---- | C] () -- C:\Windows\Clony2.ini [2011.07.15 16:24:52 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys [2011.07.15 16:24:52 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys [2011.05.26 20:35:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll [2011.03.23 02:27:53 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini [2011.02.19 12:19:00 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2011.01.28 05:23:15 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\AVLibrary.dll [2011.01.08 23:44:42 | 000,000,138 | ---- | C] () -- C:\Windows\trsubreader.INI [2010.12.19 17:03:54 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.09.19 14:06:27 | 000,302,592 | ---- | C] () -- C:\Windows\mauninst.exe [2010.07.08 21:18:44 | 000,209,177 | ---- | C] () -- C:\Windows\hpoins39.dat [2010.06.08 12:33:30 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe [2010.06.08 12:26:36 | 000,000,195 | ---- | C] () -- C:\Windows\IfoEdit.INI [2010.06.07 07:59:12 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI [2010.06.04 20:00:28 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\zipfldra.dll [2010.06.02 16:27:59 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.17 15:23:34 | 000,010,752 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.20 18:40:35 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll [2010.04.20 18:40:35 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.04.15 15:35:48 | 003,198,860 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.JPG [2010.04.15 15:35:46 | 003,088,891 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.0 [2010.04.13 15:14:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat ========== LOP Check ========== [2011.12.23 17:06:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2010.04.15 12:36:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2010.11.30 20:57:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.03.22 15:40:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent [2011.07.22 11:23:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\biu software [2011.01.08 21:47:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Boilsoft [2011.05.31 20:03:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2012.03.22 15:40:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.02.23 17:44:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2011.02.16 02:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DL [2010.12.20 14:32:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileMaker [2011.09.24 03:30:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC [2011.04.08 19:16:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2010.06.08 10:34:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImTOO [2011.03.25 04:02:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iSilo [2010.07.28 21:17:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.12.23 17:02:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOVAVI [2011.09.23 13:51:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2011.04.13 19:01:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook [2011.08.14 15:24:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDAppFlex [2011.10.03 17:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pogo [2011.08.03 15:20:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC [2011.01.26 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg [2011.08.05 23:06:13 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Virtual CD v10 [2011.08.13 15:29:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft [2011.10.03 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom [2010.04.13 15:14:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs [2012.03.22 15:06:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.03.2012 12:54:37 - Run 6
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,81% Memory free
7,99 Gb Paging File | 5,73 Gb Available in Paging File | 71,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 10,84 Gb Free Space | 3,81% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 0,52 Gb Free Space | 0,06% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Proxy1984\Proxy1984.exe" = C:\Program Files (x86)\Proxy1984\Proxy1984.exe:*:Enabled:Inkognito -- (SRWare)
"C:\Program Files (x86)\Proxy1984\Proxy1984.exe" = C:\Program Files (x86)\Proxy1984\Proxy1984.exe:*:Enabled:Inkognito -- (SRWare)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3A634415-DE75-4433-B9AB-5171A2BAFF37}" = Classic Shell
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{79A72AAD-7ED4-49D8-872D-D1465061F9DB}" = HP Photosmart Wireless B109n-z All-in-One Driver 14.0 Rel. 6
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = welcome
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5CB79EE7-301F-4AE7-A76D-D27BF8942E0A}" = Nero 11
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{601F2C04-4E0A-464F-B9FE-4FD140098E21}" = PS_AIO_06_B109n-z_SW_Min
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97821186-7938-4FC5-9171-8B508D6DE35A}" = LG Mouse Scanner
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B132E67C-EEA5-492B-B368-543CD88D8569}" = AnyDVD Registration
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{B66222B3-1D51-412C-80B7-E335C2C78EA3}" = calibre
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F428DC33-C0E4-40A8-BFC3-B59957F86FE0}" = B109n-z
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent
"D - metallbaupraxis 2010.2 (September)_is1" = D - metallbaupraxis 2010.2 (September)
"Digitale Bibliothek 5" = Digitale Bibliothek 5
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 10" = FL Studio 10
"FL Studio 8" = FL Studio 8
"HP Photo Creations" = HP Photo Creations
"IL Download Manager" = IL Download Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Monopoly Deluxe" = Monopoly Deluxe
"Morphine" = Morphine
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9
"ReNamer_is1" = ReNamer
"Soulseek2" = SoulSeek 157 NS 13e
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Ich danke dir vielmals für deine Hilfe!!! Wie kann ich mich erkenntlich zeigen? Worüber finanziert ihr euch eigentlich? Spenden??? Ich habe großen Respekt vor eurer Arbeit! DANKE |
|
25.03.2012, 06:25
| #22 | |||
| /// Helfer-Team | Windows Security Center - Achtung! Ihr Computer wurde gesperrt!Zitat:
Zitat:
Posting #19 bitte vollständig abarbeiten! Bemerkung zu Punkt 5.: NUR den rot gefärbten Text/Schrift bitte in das OTL-Textfeld reinkopieren Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.faz.net/
IE - HKCU\..\SearchScopes,DefaultScope = {F8D81E60-73A0-4D9D-A665-238254E226E4}
IE - HKCU\..\SearchScopes\{F8D81E60-73A0-4D9D-A665-238254E226E4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_deDE392
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O20 - AppInit_DLLs: (zipfldra.dll) - C:\Windows\SysWow64\zipfldra.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.27 04:38:16 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
:Files
C:\Windows\SysWow64\zipfldra.dll
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (25.03.2012 um 06:40 Uhr) |
|
28.03.2012, 20:49
| #23 |
| | Windows Security Center - Achtung! Ihr Computer wurde gesperrt! zu Post 19) 1) Ja, aus sicherer Quelle installiert 2) und 3) gelöscht 4) Ich frage nochmal und bitte um Antwort: "Achtung wichtig!: Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht! (Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)" ---Was bedeutet das genau? Welchen Logfiles sind genau gemeint? Änderungen habe ich beim ersten Posting vorgenommen, in beiden Logfiles meinen Namen ersetzt. Danach habe ich ja noch mehrere Logfiles erstellt, bei denen habe ich dann nichts mehr geändert wenn ich sie gepostet habe, auch nicht den Namen. Bei letzten Fix habe ich genau den Text kopiert, der im gelben Kasten stand! Ich warte jetzt erstmal bevor ich den nächsten Fix mache, den du im letzten Post geschickt hast!! DANKE!!! |
|
29.03.2012, 08:10
| #24 |
| /// Helfer-Team | Windows Security Center - Achtung! Ihr Computer wurde gesperrt! in der Logdateien, die Du mir gepostet hast: wenn Du dein Name oder sonst was geändert hast (durch "X" oder "*" ersetzt hast, weil ich ja kann es nicht wissen, wie der Originaltext aussieht), musst Du in von mir erstellte Skript dementsprechend andärn, bevor Du das OTL-Fixes startest wenn nichts geändert hast, dann belasse es sowie ist...
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
29.03.2012, 17:53
| #25 |
| | Windows Security Center - Achtung! Ihr Computer wurde gesperrt! Das kam beim Fix raus: Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F8D81E60-73A0-4D9D-A665-238254E226E4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8D81E60-73A0-4D9D-A665-238254E226E4}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:zipfldra.dll deleted successfully.
C:\Windows\SysWOW64\zipfldra.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File E:\autorun.inf not found.
========== FILES ==========
File\Folder C:\Windows\SysWow64\zipfldra.dll not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 132544294 bytes
->Temporary Internet Files folder emptied: 304261833 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2869 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505011 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 167650 bytes
Total Files Cleaned = 417,00 mb
OTL by OldTimer - Version 3.2.36.3 log created on 03292012_184135
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
 |
|
30.03.2012, 13:46
| #26 |
| /// Helfer-Team | Windows Security Center - Achtung! Ihr Computer wurde gesperrt! wie lang hast Du schon installiert?: Proxy1984.exe- (SRWare) 1. Vor dem nächsten Schritt, also bevor wir weitermachen: Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw) ►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks Mache das jetzt bitte! 2. Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment). Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint. Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread. Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop. Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen. Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
.
DU HAST ALLE PROBLEME GELÖST!!! Ich bin dir so dankbar!
Linear-Darstellung
