![]() |
Log-Analyse und Auswertung: Windows Security Center RechnersperrungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() Windows Security Center Rechnersperrung Hallo und bitte vergebt mir wenn ich hier jetzt was falsch poste!! ich bin zum erstenmal hier und muss gestehn das ich in der sache eher der noob bin! Ich hab auf einmal keinen zugriff mehr auf meinen rechner das dieser durch das (sogenannte) Windows Security Center Gesperrt wurde. Ich habe jetzt meine beiden LogFiles von OTL OTL logfile created on: 30.03.2012 05:16:15 - Run 3 OTL by OldTimer - Version Folder = C:\Users\Arestor\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,00% Memory free 8,00 Gb Paging File | 6,93 Gb Available in Paging File | 86,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 66,67 Gb Free Space | 14,31% Space Free | Partition Type: NTFS Drive D: | 465,66 Gb Total Space | 139,61 Gb Free Space | 29,98% Space Free | Partition Type: NTFS Computer Name: ARESTOR-PC | User Name: Arestor | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Arestor\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Live_Access) -- C:\Program Files (x86)\InkBook\LiveAccessService.exe (CMJ Designs Inc.) SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (DroidCam) -- C:\Windows\SysNative\drivers\droidcam.sys (Dev47Apps) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (bbcap) -- C:\Windows\SysNative\drivers\bbcap.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LVUVC64) Logitech Webcam C160(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools) DRV:64bit: - (PCTSD) -- C:\Windows\SysNative\drivers\PCTSD64.sys (PC Tools) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools) DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Alpham1) -- C:\Windows\SysNative\drivers\Alpham164.sys (Ideazon Corporation) DRV:64bit: - (Alpham2) -- C:\Windows\SysNative\drivers\Alpham264.sys (Ideazon Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=102869&gct=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 B3 55 1D 88 9D CC 01 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{043467EC-9857-4EDD-87ED-CDD8D2CF814A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=8bc96305-b6ac-4799-8198-88558f971116&apn_sauid=416E6D00-443F-44B6-83C8-6CBDE9A73935 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version= C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Arestor\AppData\Roaming\Mozilla\Firefox\Profiles\4zzda792.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Arestor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2012.01.28 02:56:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.27 18:51:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.13 16:34:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.12 13:58:48 | 000,000,000 | ---D | M] [2011.11.07 22:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arestor\AppData\Roaming\mozilla\Extensions [2012.03.30 02:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arestor\AppData\Roaming\mozilla\Firefox\Profiles\4zzda792.default\extensions [2011.11.08 14:11:59 | 000,000,000 | ---D | M] () -- C:\Users\Arestor\AppData\Roaming\mozilla\Firefox\Profiles\4zzda792.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2012.02.19 13:04:38 | 000,000,000 | ---D | M] (FT SleekDark) -- C:\Users\Arestor\AppData\Roaming\mozilla\Firefox\Profiles\4zzda792.default\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012.01.14 12:32:42 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Arestor\AppData\Roaming\mozilla\Firefox\Profiles\4zzda792.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.30 02:24:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Arestor\AppData\Roaming\mozilla\Firefox\Profiles\4zzda792.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.13 21:50:19 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\Arestor\AppData\Roaming\mozilla\Firefox\Profiles\4zzda792.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2011.11.08 04:40:02 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Arestor\AppData\Roaming\mozilla\Firefox\Profiles\4zzda792.default\extensions\DeviceDetection@logitech.com [2012.01.03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Arestor\AppData\Roaming\Mozilla\Firefox\Profiles\4zzda792.default\searchplugins\askcom.xml [2012.01.11 17:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.24 01:13:39 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru [2011.12.24 01:13:37 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru () (No name found) -- C:\USERS\ARESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZZDA792.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\ARESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZZDA792.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI () (No name found) -- C:\USERS\ARESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZZDA792.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\ARESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZZDA792.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI () (No name found) -- C:\USERS\ARESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZZDA792.DEFAULT\EXTENSIONS\ANKPIXIV@SNCA.NET.XPI () (No name found) -- C:\USERS\ARESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZZDA792.DEFAULT\EXTENSIONS\KILLJASMIN@PIERROS14.COM.XPI () (No name found) -- C:\USERS\ARESTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZZDA792.DEFAULT\EXTENSIONS\SILVERMELXT@PARDAL.DE.XPI [2012.03.27 18:51:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.24 02:07:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.24 02:07:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.24 02:07:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.24 02:07:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.24 02:07:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.24 02:07:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.) O4 - HKCU..\Run: [{EE7A5BBC-5616-2F4E-9AC1-8F7AAEFD7A32}] C:\Users\Arestor\AppData\Roaming\Ihihf\koavoz.exe () O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [Microsoft® Windows® Operating System] C:\Users\Arestor\AppData\Local\Temp\System\nvxdsinc.exe (NVIDIA Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [vasja] C:\Users\Arestor\AppData\Local\Temp\mor.exe (fbnF) O4 - HKCU..\Run: [Windows Defender] C:\Users\Arestor\AppData\Roaming\DinDir.exe (Microsoft Corporation) F3:64bit: - HKCU WinNT: Load - (C:\Users\Arestor\Local Settings\Temp\msewrlasf.exe) - C:\Users\Arestor\Local Settings\Temp\msewrlasf.exe () F3 - HKCU WinNT: Load - (C:\Users\Arestor\Local Settings\Temp\msewrlasf.exe) - C:\Users\Arestor\Local Settings\Temp\msewrlasf.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Arestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\Microsoft Office\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Arestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\Microsoft Office\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C3A408C-0A48-4940-98E7-5DF197B9D8E4}: DhcpNameServer = O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20 - AppInit_DLLs: (C:\PROGRA~3\AVP11\mzvkbd3.dll) - C:\ProgramData\AVP11\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~3\AVP11\sbhook.dll) - C:\ProgramData\AVP11\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.30 02:28:12 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\Martin Fuchs [2012.03.30 02:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Manager [2012.03.30 02:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Martin Fuchs [2012.03.29 14:16:02 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{667B7689-B55C-4D7F-BF97-FDCEB18FCAEF} [2012.03.17 03:55:38 | 000,503,352 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2012.03.16 16:03:00 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{9F419DEA-5216-4732-BBF7-0CF89AECAEF2} [2012.03.16 16:02:37 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{3C96202B-20C2-4576-8D65-B961F4B85811} [2012.03.15 17:34:28 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Roaming\kodak [2012.03.15 17:34:19 | 000,000,000 | ---D | C] -- C:\Users\Arestor\Local Settings [2012.03.15 02:16:21 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{13070407-9AC6-4CE5-85AC-65501B4230DF} [2012.03.15 02:16:00 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{98558143-4751-4B1A-B88D-42BFCAF6FA9F} [2012.03.13 23:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.03.13 23:50:53 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.03.13 23:50:53 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.03.13 23:50:53 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.03.13 23:50:53 | 017,642,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.03.13 23:50:53 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.03.13 23:50:53 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.03.13 23:50:53 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.03.13 23:50:53 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.03.13 23:50:53 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.03.13 23:50:53 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.03.13 23:50:53 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.03.13 23:50:53 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.03.13 23:50:53 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.03.13 18:11:57 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{840FEC22-BFE6-471B-8F8D-D446EA78558F} [2012.03.13 18:11:30 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{9F61147D-38CA-4D9E-B6D9-9E762C149C3E} [2012.03.11 05:30:50 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{CA3B90C8-2D3E-482D-8B83-8100F5B97194} [2012.03.11 05:30:34 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{04C3AD4F-DCFA-4ED9-B6B9-3B0890239F2C} [2012.03.10 11:01:43 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\Daedalic Entertainment [2012.03.10 09:57:25 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{6BE7A07C-5E46-409C-9F64-1330DE260AA8} [2012.03.10 09:57:01 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{D52B6082-8AD3-4B18-9D9B-95D41D34710D} [2012.03.09 19:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect 3 [2012.03.09 16:11:34 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{C45C8299-5716-42C2-88ED-E42ECC82F84E} [2012.03.09 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{E953D5DB-2222-496D-9887-710864A57245} [2012.03.05 19:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment [2012.03.05 19:24:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daedalic Entertainment [2012.03.04 04:45:20 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Roaming\Ihihf [2012.03.04 04:45:20 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Roaming\Eqkecu [2012.03.04 04:34:41 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{EF035D3B-62E2-4B1A-B986-2D136421DAA9} [2012.03.04 04:34:22 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{090107F2-5BE2-473C-BB4F-7F4992CA4D88} [2012.03.03 06:24:38 | 000,000,000 | ---D | C] -- C:\Users\Arestor\Documents\LucasArts [2012.03.03 06:24:38 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\LucasArts [2012.03.03 00:55:40 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{DA606097-1657-415E-BD8B-3781B4AFC56F} [2012.03.03 00:55:18 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{DEA85AC5-B7BB-4E9A-BC8D-B18B5CDACB51} [2012.03.02 07:15:16 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\Risen2 [2012.03.02 01:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment [2012.03.02 01:15:42 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment [2012.03.01 23:00:08 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{AA7CA376-617C-47AF-A288-981EF7DFDC41} [2012.03.01 22:59:54 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{1C5BAC8C-26EE-4B5D-8CF2-7969A2AA2F16} [2012.02.29 13:17:33 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{DFC81EC7-A9F3-4605-B867-03F9B2CDC776} [2012.02.29 13:17:18 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Local\{8F5CF690-3680-457B-A56D-4D7DAC10DC25} [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Arestor\AppData\Roaming\*.tmp files -> C:\Users\Arestor\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.30 04:45:23 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.30 04:45:23 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.30 04:45:23 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.30 04:45:23 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.30 04:45:23 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.30 04:45:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Arestor\Desktop\OTL.exe [2012.03.30 04:40:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.30 04:40:33 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012.03.30 04:37:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2012.03.30 04:34:22 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err [2012.03.30 04:34:03 | 002,075,697 | -H-- | M] () -- C:\Users\Arestor\AppData\Roaming\Arestorv1.21.1Cyberlog.dat [2012.03.29 22:05:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.03.29 22:01:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.03.27 18:55:52 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.27 18:55:52 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.17 03:55:38 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2012.03.13 23:54:33 | 001,618,892 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.03.11 06:15:03 | 000,001,117 | ---- | M] () -- C:\Users\Arestor\.swfinfo [2012.03.05 19:26:15 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\Deponia.lnk [2012.03.02 14:05:42 | 000,014,336 | ---- | M] () -- C:\Users\Arestor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.02 01:31:29 | 000,281,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.02 01:31:29 | 000,281,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.02 01:15:42 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Launch Blacklight Retribution.lnk [2012.03.02 01:05:55 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.03.02 01:05:47 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.01 02:02:00 | 025,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.03.01 02:02:00 | 025,222,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.03.01 02:02:00 | 019,444,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.03.01 02:02:00 | 017,642,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.03.01 02:02:00 | 017,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.03.01 02:02:00 | 015,009,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.03.01 02:02:00 | 009,717,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.03.01 02:02:00 | 008,008,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.03.01 02:02:00 | 007,713,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.03.01 02:02:00 | 005,892,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.03.01 02:02:00 | 002,872,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.03.01 02:02:00 | 002,672,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.03.01 02:02:00 | 002,660,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.03.01 02:02:00 | 002,517,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.03.01 02:02:00 | 002,437,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.03.01 02:02:00 | 002,301,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.03.01 02:02:00 | 001,737,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.03.01 02:02:00 | 001,466,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll [2012.03.01 02:02:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.03.01 02:02:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.03.01 02:02:00 | 000,011,770 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.02.29 23:00:22 | 003,089,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.02.29 23:00:09 | 006,074,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.02.29 22:59:47 | 002,561,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.02.29 22:59:47 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.02.29 22:59:47 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.02.29 14:26:56 | 000,416,064 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Arestor\AppData\Roaming\*.tmp files -> C:\Users\Arestor\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.05 19:26:15 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\Deponia.lnk [2012.03.02 01:15:42 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Launch Blacklight Retribution.lnk [2012.03.02 01:05:46 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.01.29 05:00:25 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.01.29 05:00:25 | 000,000,088 | RHS- | C] () -- C:\ProgramData\85BBF90994.sys [2012.01.29 04:47:08 | 000,017,408 | ---- | C] () -- C:\Users\Arestor\AppData\Local\WebpageIcons.db [2012.01.28 02:56:11 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2012.01.27 15:07:07 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2012.01.27 15:07:07 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.01.27 15:07:07 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2012.01.27 15:07:07 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.01.27 14:39:57 | 000,000,226 | ---- | C] () -- C:\Windows\wininit.ini [2012.01.27 14:30:08 | 000,560,128 | ---- | C] () -- C:\Users\Arestor\AppData\Roaming\WV7NB0VQ88H75install.exe [2012.01.27 12:31:46 | 000,000,034 | ---- | C] () -- C:\ProgramData\droidcam-settings [2012.01.27 10:16:52 | 000,003,258 | ---- | C] () -- C:\Users\Arestor\AppData\Roaming\default [2012.01.24 13:42:15 | 000,154,283 | -H-- | C] () -- C:\Users\Arestor\AppData\Roaming\Arestorv1.21.1.dll [2011.12.16 19:26:27 | 073,049,125 | ---- | C] () -- C:\Users\Arestor\AppData\Roaming\unl-1lim.exe [2011.12.13 04:21:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.12.09 15:56:38 | 000,000,095 | ---- | C] () -- C:\Users\Arestor\AppData\Local\fusioncache.dat [2011.12.09 15:55:47 | 001,619,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.29 14:28:37 | 000,014,336 | ---- | C] () -- C:\Users\Arestor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.24 18:02:28 | 000,227,000 | ---- | C] () -- C:\Users\Arestor\AppData\Roaming\subseven-remotetool.rar [2011.11.16 21:08:43 | 000,000,023 | -HS- | C] () -- C:\Windows\SysWow64\Userdata.ini [2011.11.15 18:54:39 | 000,281,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.15 18:54:38 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.11.15 18:54:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.11.09 12:24:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.09 04:18:58 | 001,601,487 | ---- | C] () -- C:\Windows\DarkSteam Uninstaller.exe.bak [2011.11.09 03:55:08 | 000,000,000 | ---- | C] () -- C:\Users\Arestor\AppData\Roaming\chrtmp [2011.11.08 09:22:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.11.08 00:25:18 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== LOP Check ========== [2011.12.15 16:35:09 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\.minecraft [2011.12.03 00:09:11 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\BHV [2011.11.30 00:57:39 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Blueberry [2011.12.09 01:19:50 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\calibre [2012.01.27 04:58:12 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\DAEMON Tools Pro [2012.01.29 05:35:48 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\DarkWave Studio [2011.11.08 10:16:22 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Day 1 Studios [2012.01.14 12:32:48 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\DVDVideoSoft [2012.01.14 12:32:41 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.04 04:46:03 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Eqkecu [2011.12.09 00:00:55 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\gamigoGr [2011.12.08 23:45:04 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\GetRightToGo [2012.01.12 13:43:22 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\HamsterSoft [2011.11.24 18:18:50 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Ideazon [2012.03.04 04:45:20 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Ihihf [2011.12.08 23:47:57 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\launcher [2011.11.08 04:49:21 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Leadertech [2011.11.30 00:53:09 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\LogSys [2011.12.15 18:36:07 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\MAGIX [2012.01.27 05:37:42 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\ManyCam [2011.12.08 23:47:57 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Martial Empires Launcher [2011.12.08 21:03:22 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\MobMapUpdater [2011.11.07 23:08:24 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Origin [2011.11.20 10:36:33 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\PunkBuster [2011.12.10 00:07:52 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\runic games [2011.11.30 07:23:42 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Samsung [2012.01.27 15:07:06 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Simply Super Software [2011.11.11 18:55:50 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Smith Micro [2011.11.29 14:28:37 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Solveig Multimedia [2011.12.13 16:33:25 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Spider Player [2011.12.01 06:44:25 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Temp [2012.01.12 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Thunderbird [2011.12.13 02:03:52 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Trine2 [2012.01.27 09:58:09 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\TuneUp Software [2011.11.29 23:31:42 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Tunngle [2011.11.24 18:07:55 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Ubisoft [2012.01.09 00:53:21 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Ulead Systems [2012.03.30 04:47:10 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\WinDir [2012.01.30 00:40:03 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\Windows SideBar [2011.12.11 19:00:26 | 000,000,000 | ---D | M] -- C:\Users\Arestor\AppData\Roaming\WindSolutions [2009.07.14 07:08:49 | 000,007,182 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp ![]() @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:054B9966 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > OTL Extras logfile created on: 30.03.2012 05:16:15 - Run 3 OTL by OldTimer - Version Folder = C:\Users\Arestor\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,00% Memory free 8,00 Gb Paging File | 6,93 Gb Available in Paging File | 86,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 66,67 Gb Free Space | 14,31% Space Free | Partition Type: NTFS Drive D: | 465,66 Gb Total Space | 139,61 Gb Free Space | 29,98% Space Free | Partition Type: NTFS Computer Name: ARESTOR-PC | User Name: Arestor | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5 "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{45BFB5F0-19B7-4564-B787-A3BAAA0E5AA1}_is1" = Uninstall Manager 5.3 "{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{7C764157-9B18-45D3-B0EB-E0BE3D1D4876}" = C3D64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8BB347A7-68B5-4E46-9FCC-17F6172BA9E1}" = Share64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "sp6" = Logitech SetPoint 6.32 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0}" = Corel Painter Essentials 4 "_{AA902C31-B49D-4608-BCCF-2519EB77722D}" = Corel VideoStudio Pro X4 "_{CC9512A6-8BF7-4FD5-BCCF-05F6FCD19961}" = Corel MotionStudio 3D 1.0 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{17DD30CE-F0AF-4E46-97EE-DEDD59BD6FA0}" = MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 1) "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22D74608-54B2-4711-9A9C-F8F593FEEC00}_is1" = Kingdoms of Amalur Reckoning Version 1.0 "{25A3AFB2-BED8-477E-95C0-28ECDEE1D630}" = MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 2) "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{2AE2EFF4-A14B-42AB-B364-F04DB651180F}" = Z Engine "{31D888B7-9DA0-4219-9371-9A0037A097C6}" = MAGIX Screenshare "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34560654-E7ED-4D0C-B75B-C2DD243A3860}" = Corel VideoStudio Pro Title Pack "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3990E632-42C3-4A25-ADFF-1101E3D6DD47}" = VSClassic "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46ADAC53-F1D2-41B4-B57C-DF43C70904FB}" = Toon Boom Animate Pro 2 "{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A61ACAF-29F5-4939-88DE-E2EF0647A4E7}" = MAGIX Music Maker MX Premium Download-Version (Instrumenten-Paket 3) "{4B7IL77L-LKS1-75B1-BF321-18CD6E6334R1}_is1" = Battlefield 3 version 1.0 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C19F599-20AD-4A27-8EB4-1B7121D4F603}" = MAGIX Music Maker MX Premium Download-Version (Soundpaket) "{5E6EC4DD-7B1F-4E10-82B9-EA1B90791031}" = Nero 8 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{652CD1F7-23C6-462D-963C-60F92C3BF332}" = BB FlashBack Pro "{66084315-F659-4ED9-9050-DD23F6C2B964}" = PowerArchiver 2011 "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{735AA36F-9A9E-477B-BC74-9E6AF1A8A6D8}" = MAGIX Music Maker MX Premium Download-Version "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2 "{777705B9-E6F6-44B4-BAA1-48E70ACE1740}" = C3D "{7777A2E0-3F99-4F4A-8BF1-507C04C45CD6}" = IPM_C3D "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{83D6C933-0C42-4448-8A21-625AEE5B9FCB}" = MAGIX Music Maker MX Premium Download-Version (Synthesizer und Effekte) "{8492C20C-BE20-40E5-A65C-C797DCE17107}_is1" = Minecraft Beta 1.8.1 Version v2.4 "{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0}" = Corel Painter Essentials 4 "{A5182E71-DC63-4DD3-AE01-8C2E8E8417DC}" = MAGIX Audio Cleaning Lab MX Download-Version "{A567895C-1D23-48ED-BE83-FB3ED7D30442}" = IPM_VS_Pro "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6 "{AA902C31-B49D-4608-BCCF-2519EB77722D}" = ICA "{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}" = AKVIS Sketch "{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}" = VSPro "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE "{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable "{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}" = Share "{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}" = PureHD "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{BBEB33B4-4F84-460E-9441-A18104F01C68}" = C3DHelp "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C4778408-3268-45CE-AE15-772D1739A1F1}" = VIO "{C500336C-6EEA-49BF-8614-CCFF12E5628F}" = Setup "{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution "{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 6.0.475.1 "{C6017EEA-9E51-4129-84BA-EFA9520E69D8}" = Common "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}" = Contents "{CC9512A6-8BF7-4FD5-BCCF-05F6FCD19961}" = ICA "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}" = DeviceIO "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D68897FC-7E8D-4849-819A-726B2489713C}" = ISCOM "{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}" = Setup "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E7AD6FEA-33F6-4BA2-A9FC-9A4F46406A8A}" = InkBook "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F8F9302E-27C2-45FA-A2D3-3880616A2BD1}" = MAGIX Speed burnR (MSI) "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Alan Wake_is1" = Alan Wake "ASP700_is1" = Anime Studio Pro 7.0 "BB FlashBack Pro" = BB FlashBack Pro "Browser Defender_is1" = Browser Defender 3.0 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DAEMON Tools Pro" = DAEMON Tools Pro "Deponia" = Deponia "Diablo III Beta" = Diablo III Beta "EAX Unified" = EAX Unified "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "FormatFactory" = FormatFactory 2.70 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "HyperCam 3" = HyperCam 3 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11 "MAGIX_MSI_mclab_mx" = MAGIX Audio Cleaning Lab MX Download-Version "MAGIX_MSI_mm18dlx" = MAGIX Music Maker MX Premium Download-Version "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de) "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5 "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor" = Native Instruments Traktor "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "PatchBeam" = PatchBeam "PowerArchiver 2011 12.10.05" = PowerArchiver 2011 "PunkBusterSvc" = PunkBuster Services "Rockstar Games Social Club" = Rockstar Games Social Club "Spyware Doctor" = Spyware Doctor 8.0 "Star Wars The Force Unleashed_is1" = Star Wars The Force Unleashed(CREATED BY XEONKING©) "Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2 "Star Wars: The Force Unleashed II DLC Unlocker_is1" = Star Wars: The Force Unleashed II DLC "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server "Steam App 440" = Team Fortress 2 "Steam App 9900" = Star Trek Online "Syndicate Deutsch Patch" = Syndicate Deutsch Patch "The KMPlayer" = The KMPlayer (remove only) "Trojan Remover_is1" = Trojan Remover 6.8.2 "Tunngle beta_is1" = Tunngle beta "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Seven Themes 100" = Windows Seven Themes 100 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR Archivierer "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BandzPro" = BandzPro "CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich "FoxTab FLV Player" = FoxTab FLV Player "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ System Events ] Error - 29.03.2012 22:40:58 | Computer Name = Arestor-PC | Source = DCOM | ID = 10005 Description = Error - 29.03.2012 22:41:38 | Computer Name = Arestor-PC | Source = DCOM | ID = 10005 Description = Error - 29.03.2012 22:43:07 | Computer Name = Arestor-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 29.03.2012 22:43:11 | Computer Name = Arestor-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 29.03.2012 22:43:11 | Computer Name = Arestor-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 29.03.2012 22:43:11 | Computer Name = Arestor-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 29.03.2012 22:43:11 | Computer Name = Arestor-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 29.03.2012 22:43:11 | Computer Name = Arestor-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 29.03.2012 22:43:11 | Computer Name = Arestor-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 29.03.2012 22:44:44 | Computer Name = Arestor-PC | Source = DCOM | ID = 10005 Description = < End of report > sorry wenn ich was falsch gemacht habe |
![]() | #2 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Windows Security Center Rechnersperrung hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL F3:64bit: - HKCU WinNT: Load - (C:\Users\Arestor\Local Settings\Temp\msewrlasf.exe) - C:\Users\Arestor\Local Settings\Temp\msewrlasf.exe () F3 - HKCU WinNT: Load - (C:\Users\Arestor\Local Settings\Temp\msewrlasf.exe) - C:\Users\Arestor\Local Settings\Temp\msewrlasf.exe () O4 - HKCU..\Run: [Windows Defender] C:\Users\Arestor\AppData\Roaming\DinDir.exe (Microsoft Corporation) O4 - HKCU..\Run: [vasja] C:\Users\Arestor\AppData\Local\Temp\mor.exe (fbnF) O4 - HKCU..\Run: [{EE7A5BBC-5616-2F4E-9AC1-8F7AAEFD7A32}] C:\Users\Arestor\AppData\Roaming\Ihihf\koavoz.exe () [2012.03.04 04:45:20 | 000,000,000 | ---D | C] -- C:\Users\Arestor\AppData\Roaming\Eqkecu :Files C:\Users\Arestor\Local Settings\Temp\msewrlasf.exe C:\Users\Arestor\AppData\Roaming\DinDir.exe C:\Users\Arestor\AppData\Local\Temp\mor.exe C:\Users\Arestor\AppData\Roaming\Ihihf :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die ![]()
__________________ |
![]() |
Themen zu Windows Security Center Rechnersperrung |
0x00000001, 7-zip, alternate, anime, application/pdf, application/pdf:, avp, avp.exe, bho, bonjour, browser, call of duty, converter, device driver, entfernen, error, excel, firefox, flash player, google, hijack, iexplore.exe, jdownloader, kaspersky, langs, launch, locker, mor.exe, mozilla, mozilla thunderbird, mp3, nvidia update, object, plug-in, realtek, registry, scan, searchscopes, security, software, super, tastatur, tracker, usb, version=1.0, windows |