|
Plagegeister aller Art und deren Bekämpfung: Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.04.2012, 02:08 | #1 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Zunächst erstmal: Ich habe nicht sonderlich viele Kentnisse von Windows. Ich beherrsche zwar schon einiges mehr als die Grundlagen, aber mit solchen Dingen wie Logfiles habe ich mich noch nie beschäftigt, es wäre also nett, wenn ihr mir alles relativ genau erklären könntet. Nun zu meinem Problem: Seit vorhin öffnen sich, sobald mein Notebook gebootet hat, so ca. 10-15 Prozesse des Internet Explorers (iexplorer.exe). Ich selbst benutze nur Opera und niemals den IE, alles passiert also automatisch. Wenn ich dann die Prozesse ganz normal im Task-Manager beenden möchte, passiert garnichts, die Prozesse bleiben einfach offen. Mein Virenscanner (McAfee) zeigt auch an, dass er einen Trojaner beseitigt hat, nach dem Neustart des PCs tritt das Problem wieder auf und McAfee kommt mit derselben Meldung. Ich muss noch dazu sagen, dass ich vor kurzem das BKA-Virus auf dem Rechner hatte, vielleicht kommt es ja daher. Es wäre schön, wenn ihr eine Lösung für dieses Problem hättet, da es mir erstens die Rechenleistung stiehlt und zweitens ziemlich an meinem Internet nagt. P.S.: Seit nachsichtig mit mir, wenn ihr mir die Lösung schildert, ich bin eben nicht so bewandert in diesem Gebiet. |
07.04.2012, 12:54 | #2 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Hi,
__________________OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris
__________________ |
07.04.2012, 13:28 | #3 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Ich hab das Problem schon mehr oder weniger gelöst. McAfee hat mir angezeigt, dass es sich um einen Artemis-Trojaner handelt. Ich hab dan einfach zwei .exe-Dateien aus C:\ProgramData gelöscht. Jetzt tritt das Problem nicht mehr auf.
__________________Muss ich jetzt noch weitere Maßnahmen gegen den Trojaner unternehmen, um mein PC vollständig sauber zu bekommen? |
07.04.2012, 22:04 | #4 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Hi, erstelle und poste das OTL-Log... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
07.04.2012, 22:57 | #5 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Hier die Logfiles:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.04.2012 23:47:19 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Konrad\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,68 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 74,83% Memory free 15,36 Gb Paging File | 13,19 Gb Available in Paging File | 85,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,66 Gb Total Space | 42,18 Gb Free Space | 9,34% Space Free | Partition Type: NTFS Computer Name: KONRADBEUTNER | User Name: Konrad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Konrad\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Users\Konrad\AppData\Roaming\Nekuru\pokiky.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\OnlineControl\ocontrol.exe (T-Com Bereich Endgeräte) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e940e77e2e8cfd51f723acc172afeeef\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Users\Konrad\AppData\Roaming\Nekuru\pokiky.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\PROGRA~2\MICROS~3\Office14\1033\GrooveIntlResource.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (McODS) -- C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite (Testversion) 2012\WNt500x64\Sandra.sys File not found DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.2\iobitToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{DA134B43-34E6-4EF3-B31C-28F876E6E061}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.08 14:49:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.01 20:12:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.29 00:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konrad\AppData\Roaming\mozilla\Extensions [2012.04.05 21:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konrad\AppData\Roaming\mozilla\Firefox\Profiles\fpzp62mj.default\extensions [2012.03.29 00:15:32 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Konrad\AppData\Roaming\mozilla\Firefox\Profiles\fpzp62mj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.04.03 03:22:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Konrad\AppData\Roaming\mozilla\Firefox\Profiles\fpzp62mj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 00:16:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Konrad\AppData\Roaming\mozilla\Firefox\Profiles\fpzp62mj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.22 20:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.05 21:29:53 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2012.04.05 21:29:53 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES (X86)\IOBIT TOOLBAR\FF () (No name found) -- C:\USERS\KONRAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPZP62MJ.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI [2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: SiteAdvisor = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20110616184056.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.2\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111030174251.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.2\iobitToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [{64DD221D-7864-6C07-BD8F-E75A20002E18}] C:\Users\Konrad\AppData\Roaming\Nekuru\pokiky.exe () O4 - HKCU..\Run: [PC Health Status] C:\Users\Konrad\AppData\Roaming\kknrppji.exe File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Konrad\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Konrad\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Konrad\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Konrad\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E70310C-8B59-461E-AE70-50E29EC01F2A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{58ce6ce0-7996-11e1-b11f-1c7508cd9bb6}\Shell - "" = AutoRun O33 - MountPoints2\{58ce6ce0-7996-11e1-b11f-1c7508cd9bb6}\Shell\AutoRun\command - "" = E:\CMADownloader.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.07 23:46:40 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Konrad\Desktop\OTL.exe [2012.04.07 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Wui [2012.04.07 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Nekuru [2012.04.07 14:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.04.07 01:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.04.06 21:19:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Users\Konrad\AppData\Roaming\6F80F85A.exe [2012.04.05 21:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.04.05 21:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Toolbar [2012.04.05 21:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.04.03 03:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2012.03.29 23:19:08 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Sony Corporation [2012.03.29 23:19:07 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Documents\PS Vita [2012.03.29 23:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012.03.27 23:23:27 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Documents\LEGO Creations [2012.03.27 23:23:27 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\LEGO Company [2012.03.27 23:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company [2012.03.27 23:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company [2012.03.18 14:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.18 14:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.18 14:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.03.18 14:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.14 17:51:25 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.03.14 17:51:25 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.03.14 17:51:24 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.03.14 15:24:20 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.14 15:22:55 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.14 15:22:54 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.03.14 15:22:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.03.14 15:22:50 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.03.14 15:22:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.07 23:46:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Konrad\Desktop\OTL.exe [2012.04.07 23:40:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.07 18:40:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.07 14:19:48 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.07 14:19:48 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.07 14:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.07 14:12:07 | 1888,518,143 | -HS- | M] () -- C:\hiberfil.sys [2012.04.07 02:23:15 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.07 02:23:15 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.07 02:23:15 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.07 02:23:15 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.07 02:23:15 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.07 01:04:53 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.06 21:53:34 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Users\Konrad\AppData\Roaming\6F80F85A.exe [2012.04.06 21:19:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\f27jLU.dat [2012.04.06 14:36:24 | 000,001,243 | ---- | M] () -- C:\Users\Konrad\Desktop\DVDVideoSoft Free Studio.lnk [2012.04.02 23:58:26 | 000,001,152 | ---- | M] () -- C:\Users\Konrad\Desktop\Torchlight Spielen!.lnk [2012.04.01 00:25:36 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.03.31 22:14:09 | 000,139,264 | ---- | M] () -- C:\Users\Konrad\AppData\Roaming\ch8l0.exe [2012.03.29 23:18:55 | 000,002,154 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk [2012.03.18 14:01:17 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.16 20:08:29 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.16 20:08:29 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.14 20:32:28 | 000,487,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.14 00:44:52 | 001,592,786 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.11 12:49:37 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Users\Konrad\AppData\Local\sYI52T517.exe [2012.04.07 01:04:53 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.06 21:19:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\f27jLU.dat [2012.04.02 23:58:26 | 000,001,152 | ---- | C] () -- C:\Users\Konrad\Desktop\Torchlight Spielen!.lnk [2012.04.01 00:25:36 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.04.01 00:25:36 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.03.31 22:14:10 | 000,139,264 | ---- | C] () -- C:\Users\Konrad\AppData\Roaming\ch8l0.exe [2012.03.29 23:18:55 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk [2012.03.29 23:18:55 | 000,002,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inhaltsmanager-Assistent für PlayStation(R).lnk [2012.03.18 14:01:17 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.05 12:44:05 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.10.21 19:24:58 | 000,198,509 | ---- | C] () -- C:\Windows\Kino Mogul Uninstaller.exe [2011.10.18 17:28:37 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.12 21:18:46 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011.09.12 21:18:46 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.08.05 13:52:10 | 000,004,352 | ---- | C] () -- C:\Windows\SysWow64\drivers\TF0801.sys [2011.07.26 14:52:21 | 000,674,600 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.07.04 18:36:37 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.06.27 15:28:21 | 000,065,586 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp [2011.06.02 00:55:55 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.06.02 00:55:54 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.29 21:04:50 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011.05.28 22:28:00 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.16 21:56:12 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.03.16 21:56:12 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe [2011.03.16 21:56:12 | 000,000,321 | ---- | C] () -- C:\Windows\PidList_C.ini [2010.11.17 15:30:01 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.11.17 14:56:27 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010.11.17 14:55:51 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2010.11.17 14:48:15 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.11.17 14:48:15 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.11.17 14:48:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.11.17 14:48:14 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.11.17 14:48:11 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.04.2012 23:47:19 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Konrad\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,68 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 74,83% Memory free 15,36 Gb Paging File | 13,19 Gb Available in Paging File | 85,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,66 Gb Total Space | 42,18 Gb Free Space | 9,34% Space Free | Partition Type: NTFS Computer Name: KONRADBEUTNER | User Name: Konrad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8 "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FC1593-0BA0-4334-8786-E634FC011B69}_is1" = Underhell version 1.5 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2C38C251-DE7B-40DC-9D26-C54044348DE5}" = BBI USB WIRELESS CONTROLLER "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{46F45BBF-0516-495E-8230-0C301FA54D2B}" = Goin Downtown "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX "{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight "{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™ "{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™ "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5D5509EA-B85A-411E-AB75-59069A411876}" = COMPUTERBILD App-Center "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F33360D-E0FA-4691-8D67-76CD5061D621}_is1" = Mercedes CLC Dream Test Drive "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{75E5C9C3-FE78-4A97-AFB1-D96FEE8F6FF8}" = JoypadConnect "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C37FCE0-C8BE-4EAC-82C1-809F1E6A0E8E}" = MAGIX Speed burnR (MSI) "{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones "{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1" = Nitronic Rush (2011-12-25) version 20111225.0 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DF163C0-7019-4d01-ADCF-0E1D386C7141}" = IObit Toolbar v5.2 "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{BE841724-78F0-44D6-B6C4-C3D53708293B}" = Inhaltsmanager-Assistent für PlayStation(R) "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.199.107 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Civitas3" = Grand Ages Rome 1.11 "CSINYUbisoft" = CSI NY "FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009 "Fraps" = Fraps (remove only) "Free Studio_is1" = Free Studio version 5.1.6 "Free YouTube Download_is1" = Free YouTube Download version 3.1.22.319 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221 "GamersFirst LIVE!" = GamersFirst LIVE! "GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™ "Identity Card" = Identity Card "ImgBurn" = ImgBurn "Incadia" = Incadia "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "Jack Keane" = Jack Keane "Kino Mogul" = Kino Mogul "LManager" = Launch Manager "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "MSC" = McAfee SecurityCenter "MTA:SA" = MTA:SA v1.0.5 "Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OnlineControl_is1" = OnlineControl 1.1 "OpenAL" = OpenAL "Opera 11.62.1347" = Opera 11.62 "Origin" = Origin "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "RACE_is1" = RACE "Rockstar Games Social Club" = Rockstar Games Social Club "RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3 "Sam and Max - Season One" = Sam and Max - Season One 1.0 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 105400" = Fable III "Steam App 105600" = Terraria "Steam App 11020" = TrackMania Nations Forever "Steam App 110800" = L.A. Noire: The Complete Edition "Steam App 12120" = Grand Theft Auto: San Andreas "Steam App 12200" = Bully: Scholarship Edition "Steam App 13520" = Far Cry "Steam App 13540" = Tom Clancy's Rainbow Six: Vegas "Steam App 1500" = Darwinia "Steam App 1510" = Uplink "Steam App 1520" = DEFCON "Steam App 1530" = Multiwinia "Steam App 18700" = And Yet It Moves "Steam App 19900" = Far Cry 2 "Steam App 200900" = Cave Story+ "Steam App 202480" = Creation Kit "Steam App 204120" = LEGO Harry Potter: Years 5-7 "Steam App 20500" = Red Faction: Guerrilla "Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky "Steam App 215" = Source SDK Base 2006 "Steam App 220" = Half-Life 2 "Steam App 22380" = Fallout: New Vegas "Steam App 22480" = GECK - New Vegas Edition "Steam App 240" = Counter-Strike: Source "Steam App 24420" = Aquaria "Steam App 24960" = Battlefield: Bad Company 2 "Steam App 24980" = Mass Effect 2 "Steam App 260" = Counter-Strike: Source Beta "Steam App 26500" = Cogs "Steam App 26900" = Crayon Physics Deluxe "Steam App 28000" = Kane & Lynch 2: Dog Days "Steam App 28050" = Deus Ex: Human Revolution "Steam App 32380" = Star Wars Jedi Knight: Dark Forces II "Steam App 32390" = Star Wars - Jedi Knight: Mysteries of the Sith "Steam App 32400" = Star Wars: Dark Forces "Steam App 33230" = Assassin's Creed II "Steam App 340" = Half-Life 2: Lost Coast "Steam App 35140" = Batman: Arkham Asylum GOTY Edition "Steam App 35700" = Trine "Steam App 3590" = Plants vs. Zombies: Game of the Year "Steam App 400" = Portal "Steam App 4000" = Garry's Mod "Steam App 40700" = Machinarium "Steam App 40800" = Super Meat Boy "Steam App 40810" = Super Meat Boy Editor "Steam App 40990" = Mafia "Steam App 41100" = Hammerfight "Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat "Steam App 41800" = Gratuitous Space Battles "Steam App 42670" = Singularity "Steam App 42910" = Magicka "Steam App 43000" = Front Mission Evolved "Steam App 48720" = Mount & Blade: With Fire and Sword "Steam App 50130" = Mafia II "Steam App 55230" = Saints Row: The Third "Steam App 57900" = Duke Nukem Forever "Steam App 6020" = Star Wars Jedi Knight: Jedi Academy "Steam App 6030" = Star Wars - Jedi Knight II: Jedi Outcast "Steam App 6060" = Star Wars - Battlefront II "Steam App 6120" = Shank "Steam App 620" = Portal 2 "Steam App 62000" = Flight Control HD "Steam App 63710" = BIT.TRIP RUNNER "Steam App 6850" = Hitman 2: Silent Assassin "Steam App 6860" = Hitman: Blood Money "Steam App 6880" = Just Cause "Steam App 6900" = Hitman: Codename 47 "Steam App 70300" = VVVVVV "Steam App 71340" = Sonic Generations "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 7940" = Call of Duty 4: Modern Warfare "Steam App 8190" = Just Cause 2 "Steam App 8980" = Borderlands "Steam App 92000" = Hydrophobia: Prophecy "Steam App 94200" = Jamestown "Steam App 98800" = Dungeons of Dredmor "Steam App 99700" = NightSky "WinGimp-2.0_is1" = GIMP 2.6.12 "WinLiveSuite" = Windows Live Essentials "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich. ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.04.2012 20:36:57 | Computer Name = KonradBeutner | Source = Windows Search Service | ID = 9000 Description = Error - 06.04.2012 20:36:57 | Computer Name = KonradBeutner | Source = Windows Search Service | ID = 7040 Description = Error - 06.04.2012 20:36:57 | Computer Name = KonradBeutner | Source = Windows Search Service | ID = 7042 Description = Error - 06.04.2012 20:36:57 | Computer Name = KonradBeutner | Source = Windows Search Service | ID = 9002 Description = Error - 06.04.2012 20:36:57 | Computer Name = KonradBeutner | Source = Windows Search Service | ID = 3029 Description = Error - 06.04.2012 20:37:03 | Computer Name = KonradBeutner | Source = Windows Search Service | ID = 3029 Description = Error - 06.04.2012 20:37:03 | Computer Name = KonradBeutner | Source = Windows Search Service | ID = 3028 Description = Error - 06.04.2012 20:37:03 | Computer Name = KonradBeutner | Source = Windows Search Service | ID = 3058 Description = Error - 06.04.2012 20:37:03 | Computer Name = KonradBeutner | Source = Windows Search Service | ID = 7010 Description = Error - 07.04.2012 13:45:01 | Computer Name = KonradBeutner | Source = MsiInstaller | ID = 1013 Description = [ System Events ] Error - 06.04.2012 18:50:35 | Computer Name = KonradBeutner | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 40. Error - 06.04.2012 18:50:35 | Computer Name = KonradBeutner | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 40. Error - 06.04.2012 18:50:35 | Computer Name = KonradBeutner | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 40. Error - 06.04.2012 18:50:35 | Computer Name = KonradBeutner | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 40. Error - 06.04.2012 19:03:17 | Computer Name = KonradBeutner | Source = DCOM | ID = 10010 Description = Error - 06.04.2012 19:20:13 | Computer Name = KonradBeutner | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 06.04.2012 19:20:13 | Computer Name = KonradBeutner | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 06.04.2012 19:20:43 | Computer Name = KonradBeutner | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 06.04.2012 20:37:03 | Computer Name = KonradBeutner | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 06.04.2012 20:37:03 | Computer Name = KonradBeutner | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. < End of report > |
08.04.2012, 22:13 | #6 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Hi, hmm, das gefällt mir nicht... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Users\Konrad\AppData\Roaming\Nekuru\pokiky.exe C:\Users\Konrad\AppData\Roaming\ch8l0.exe
Achtung, ich lasse von OTL beide Files entsorgen... OTL:
Code:
ATTFilter :OTL O4 - HKCU..\Run: [{64DD221D-7864-6C07-BD8F-E75A20002E18}] C:\Users\Konrad\AppData\Roaming\Nekuru\pokiky.exe () O4 - HKCU..\Run: [PC Health Status] C:\Users\Konrad\AppData\Roaming\kknrppji.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 [2012.04.07 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Wui [2012.03.31 22:14:09 | 000,139,264 | ---- | M] () -- C:\Users\Konrad\AppData\Roaming\ch8l0.exe @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 :Commands [purity] [emptytemp] [CREATERESTOREPOINT] [Reboot]
Cureit Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ --> Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. |
08.04.2012, 22:38 | #7 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. So das wären jetzt die Ergebnisse von Virustotal: SHA256: e5be6af482ea00dd8cf477950b092df7e0fba35a1b5606661e9aa95c90844c2e SHA1: 0ddec45060a464e297b07200ebf063cafecee204 MD5: 5dfeb393aa444fab534782371edb1ae9 File size: 291.0 KB ( 297984 bytes ) File name: pokiky.exe File type: Win32 EXE Detection ratio: 6 / 42 Analysis date: 2012-04-08 21:35:46 UTC ( 1 Minute ago ) 0 0Antivirus Result Update AhnLab-V3 - 20120408 AntiVir - 20120408 Antiy-AVL - 20120408 Avast - 20120408 AVG - 20120408 BitDefender - 20120408 ByteHero - 20120407 CAT-QuickHeal (Suspicious) - DNAScan 20120408 ClamAV PUA.Packed.ASPack 20120408 Commtouch - 20120408 Comodo Packed.Win32.MNSP.Gen 20120408 DrWeb - 20120408 Emsisoft - 20120408 eSafe - 20120408 eTrust-Vet - 20120406 F-Prot - 20120408 F-Secure - 20120408 Fortinet - 20120408 GData - 20120408 Ikarus - 20120408 Jiangmin - 20120331 K7AntiVirus - 20120407 Kaspersky Trojan-Spy.Win32.Zbot.dpqm 20120408 McAfee - 20120408 McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C 20120408 Microsoft - 20120408 NOD32 - 20120408 Norman - 20120408 nProtect - 20120408 Panda - 20120408 PCTools - 20120408 Rising - 20120406 Sophos - 20120408 SUPERAntiSpyware - 20120402 Symantec Suspicious.Cloud.5 20120408 TheHacker - 20120408 TrendMicro - 20120408 TrendMicro-HouseCall - 20120408 VBA32 - 20120405 VIPRE - 20120408 ViRobot - 20120408 VirusBuster - 20120407 SHA256: 0aebefdf66afd8cfd32b9ea3cec3f93f24edd8cea4d22fee796c7f6148d7c54a SHA1: 2b923b93c5ab406136d11307d9f3d6e5a509a281 MD5: 6f5ab7aba40b7861ba2dc335b23a10bf File size: 136.0 KB ( 139264 bytes ) File name: 6f5ab7aba40b7861ba2dc335b23a10bf File type: Win32 EXE Detection ratio: 26 / 42 Analysis date: 2012-04-04 17:26:43 UTC ( 4 Tage, 4 Stunden ago ) 0 0Antivirus Result Update AhnLab-V3 - 20120404 AntiVir TR/Dldr.Cbeplay.P.28 20120404 Antiy-AVL Trojan/Win32.Injector 20120403 Avast Win32:Kryptik-IGL [Trj] 20120404 AVG Dropper.Generic5.BWLA 20120404 BitDefender Trojan.Generic.KDV.585013 20120404 ByteHero - 20120404 CAT-QuickHeal - 20120404 ClamAV - 20120404 Commtouch - 20120404 Comodo TrojWare.Win32.Trojan.Agent.Gen 20120404 DrWeb Trojan.DownLoad2.47162 20120404 Emsisoft Win32.Kryptik!IK 20120404 eSafe Win32.Kryptik.Adkc 20120404 eTrust-Vet - 20120404 F-Prot - 20120404 F-Secure Trojan.Generic.KDV.585013 20120404 Fortinet W32/Injector.DZEA!tr 20120404 GData Trojan.Generic.KDV.585013 20120404 Ikarus Win32.Kryptik 20120404 Jiangmin - 20120331 K7AntiVirus Trojan 20120404 Kaspersky Trojan-Dropper.Win32.Injector.dzea 20120404 McAfee PWS-Zbot.gen.ug 20120404 McAfee-GW-Edition PWS-Zbot.gen.ug 20120404 Microsoft TrojanDownloader:Win32/Cbeplay.P 20120404 NOD32 a variant of Win32/Kryptik.ADMI 20120404 Norman W32/Suspicious_Gen4.YOSK 20120404 nProtect Trojan.Generic.KDV.585013 20120404 Panda Suspicious file 20120404 PCTools - 20120404 Rising - 20120401 Sophos - 20120404 SUPERAntiSpyware - 20120402 Symantec - 20120404 TheHacker Trojan/Dropper.Injector.dzea 20120403 TrendMicro - 20120404 TrendMicro-HouseCall TROJ_GEN.R3ECDD4 20120404 VBA32 - 20120404 VIPRE Trojan.Win32.Generic!BT 20120404 ViRobot - 20120404 VirusBuster Trojan.DR.Injector!+7YMHbzV5ZI 20120404 Geändert von thegamecast1 (08.04.2012 um 22:44 Uhr) |
08.04.2012, 22:51 | #8 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Hi, ok, beide files packen und zu uns hochladen wie folgt: Datei hochladen: http://www.trojaner-board.de/54791-a...ner-board.html Folge den Anweisungen dort ... Danach das OTL-Script abfahren und über Nacht CureIT scannen lassen... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
08.04.2012, 22:55 | #9 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Ich kann die Dateien nicht mehr hochladen, da ich sie jetzt wie von dir beschrieben mit OTL entfernt hab. Hier das Logfile: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{64DD221D-7864-6C07-BD8F-E75A20002E18} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64DD221D-7864-6C07-BD8F-E75A20002E18}\ not found. C:\Users\Konrad\AppData\Roaming\Nekuru\pokiky.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PC Health Status deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. C:\Users\Konrad\AppData\Roaming\Wui folder moved successfully. C:\Users\Konrad\AppData\Roaming\ch8l0.exe moved successfully. ADS C:\ProgramData\Temp:CDFF58FE deleted successfully. ADS C:\ProgramData\Temp:93EB7685 deleted successfully. ADS C:\ProgramData\Temp:4D066AD2 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Konrad ->Temp folder emptied: 55950234 bytes ->Temporary Internet Files folder emptied: 36112055 bytes ->Java cache emptied: 5374458 bytes ->FireFox cache emptied: 11270445 bytes ->Google Chrome cache emptied: 26557156 bytes ->Opera cache emptied: 15930857 bytes ->Flash cache emptied: 16374211 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 557056 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6080 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 161,00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.39.2 log created on 04082012_234723 Files\Folders moved on Reboot... C:\Users\Konrad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot... |
08.04.2012, 23:18 | #10 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Hi, packe das Verzeichnis c:\_OTL\MovedFiles und lade es hoch... Dann Cureit... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
08.04.2012, 23:24 | #11 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Was meinst du mit "packen"? |
09.04.2012, 00:19 | #12 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Hi, wie in der Anweisung zum hochladen beschrieben mit z.b. 7zip die files packen... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
14.04.2012, 15:26 | #13 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Ich habe das Problem schon wieder. Der Trojaner ist zurück. Ich lasse OTL nochmal drüberlaufen. Es wäre schön, wenn du dir das nochmal angucken könntest und mir sagen könntest, wie ich diesen Trojaner mit OTL beseitigen könnte. Ich würde auch sofort danach den Upload-Channel und CureIT verwenden. Danke Hier die OTL-Logfiles:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.04.2012 16:13:16 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Konrad\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,68 Gb Total Physical Memory | 5,76 Gb Available Physical Memory | 75,07% Memory free 15,36 Gb Paging File | 13,32 Gb Available in Paging File | 86,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,66 Gb Total Space | 34,61 Gb Free Space | 7,66% Space Free | Partition Type: NTFS Computer Name: KONRADBEUTNER | User Name: Konrad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Users\Konrad\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\OnlineControl\ocontrol.exe (T-Com Bereich Endgeräte) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e940e77e2e8cfd51f723acc172afeeef\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (McODS) -- C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite (Testversion) 2012\WNt500x64\Sandra.sys File not found DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.3\iobitToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{DA134B43-34E6-4EF3-B31C-28F876E6E061}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.08 14:49:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.01 20:12:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.29 00:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konrad\AppData\Roaming\mozilla\Extensions [2012.04.11 22:21:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konrad\AppData\Roaming\mozilla\Firefox\Profiles\fpzp62mj.default\extensions [2012.03.29 00:15:32 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Konrad\AppData\Roaming\mozilla\Firefox\Profiles\fpzp62mj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.04.03 03:22:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Konrad\AppData\Roaming\mozilla\Firefox\Profiles\fpzp62mj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 00:16:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Konrad\AppData\Roaming\mozilla\Firefox\Profiles\fpzp62mj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.22 20:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.11 22:21:21 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2012.04.11 22:21:21 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES (X86)\IOBIT TOOLBAR\FF () (No name found) -- C:\USERS\KONRAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPZP62MJ.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI [2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: SiteAdvisor = C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20110616184056.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.3\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111030174251.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.3\iobitToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Konrad\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Konrad\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Konrad\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Konrad\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E70310C-8B59-461E-AE70-50E29EC01F2A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{58ce6ce0-7996-11e1-b11f-1c7508cd9bb6}\Shell - "" = AutoRun O33 - MountPoints2\{58ce6ce0-7996-11e1-b11f-1c7508cd9bb6}\Shell\AutoRun\command - "" = E:\CMADownloader.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.14 16:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.04.14 15:50:28 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\dPElrpbs.exe_ [2012.04.14 15:50:28 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\dPElrpbs.exe [2012.04.14 14:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.04.14 14:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.04.13 00:20:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.04.13 00:20:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.04.13 00:20:34 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.04.13 00:20:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.04.13 00:20:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.04.13 00:20:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.04.13 00:20:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.04.13 00:20:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.04.13 00:20:32 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.04.13 00:20:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.04.13 00:20:32 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.04.13 00:20:16 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.04.13 00:20:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.04.13 00:20:16 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.04.13 00:16:43 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012.04.13 00:16:42 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.04.13 00:16:42 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012.04.11 22:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.04.11 22:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Toolbar [2012.04.11 22:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.04.10 22:26:17 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Documents\Spartan [2012.04.10 15:04:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2012.04.10 15:04:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2012.04.10 15:01:41 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.04.10 15:01:41 | 000,858,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll [2012.04.10 15:01:41 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.04.10 15:01:41 | 000,055,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll [2012.04.10 15:01:40 | 006,122,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.04.10 15:01:40 | 002,561,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.04.10 15:01:40 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.04.10 15:01:09 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.04.10 15:01:09 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.04.10 15:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.04.10 14:52:31 | 010,102,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.04.10 14:52:31 | 008,029,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.04.10 14:52:31 | 000,948,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012.04.10 14:52:31 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.04.10 14:52:31 | 000,028,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys [2012.04.10 14:52:30 | 025,720,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.04.10 14:52:30 | 019,584,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.04.10 14:52:29 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.04.10 14:52:29 | 001,466,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll [2012.04.10 14:52:29 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2012.04.10 14:52:29 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2012.04.10 14:52:29 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.04.10 14:52:29 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.04.10 14:52:28 | 017,984,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.04.10 14:52:28 | 015,279,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.04.10 14:52:28 | 005,981,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.04.10 14:52:28 | 002,881,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.04.10 14:52:28 | 002,681,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.04.10 14:52:28 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.04.10 14:52:28 | 002,444,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.04.10 14:52:27 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.04.10 14:52:27 | 008,138,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.04.10 14:52:26 | 025,246,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.04.10 14:52:26 | 002,740,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.04.10 14:52:26 | 002,367,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.04.08 23:47:23 | 000,000,000 | ---D | C] -- C:\_OTL [2012.04.08 22:23:15 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Daedalic [2012.04.08 22:20:36 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment [2012.04.08 22:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daedalic Entertainment [2012.04.07 23:46:40 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Konrad\Desktop\OTL.exe [2012.04.07 18:00:59 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Nekuru [2012.04.07 01:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.04.03 03:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2012.03.29 23:19:08 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\Sony Corporation [2012.03.29 23:19:07 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Documents\PS Vita [2012.03.29 23:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012.03.27 23:23:27 | 000,000,000 | ---D | C] -- C:\Users\Konrad\Documents\LEGO Creations [2012.03.27 23:23:27 | 000,000,000 | ---D | C] -- C:\Users\Konrad\AppData\Roaming\LEGO Company [2012.03.27 23:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company [2012.03.27 23:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company [2012.03.18 14:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.18 14:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.18 14:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.03.18 14:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod ========== Files - Modified Within 30 Days ========== [2012.04.14 16:18:05 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.14 16:18:05 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.14 16:08:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.14 16:08:06 | 1888,518,143 | -HS- | M] () -- C:\hiberfil.sys [2012.04.14 15:50:26 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\dPElrpbs.exe_ [2012.04.14 15:50:26 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\dPElrpbs.exe [2012.04.14 15:40:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.14 14:30:09 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.04.14 14:29:03 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.04.14 14:19:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.13 00:23:03 | 001,636,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.13 00:23:03 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.13 00:23:03 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.13 00:23:03 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.13 00:23:03 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.10 15:16:13 | 000,000,222 | ---- | M] () -- C:\Users\Konrad\Desktop\Age of Empires Online.url [2012.04.08 22:20:36 | 000,002,195 | ---- | M] () -- C:\Users\Konrad\Desktop\Edna Bricht Aus.lnk [2012.04.08 19:34:44 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.04.08 19:34:43 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.04.08 19:34:43 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2012.04.08 19:34:43 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2012.04.07 23:46:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Konrad\Desktop\OTL.exe [2012.04.07 01:04:53 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.06 21:19:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\f27jLU.dat [2012.04.06 14:36:24 | 000,001,243 | ---- | M] () -- C:\Users\Konrad\Desktop\DVDVideoSoft Free Studio.lnk [2012.04.03 19:18:00 | 025,720,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.04.03 19:18:00 | 025,246,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.04.03 19:18:00 | 019,584,320 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.04.03 19:18:00 | 017,984,320 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.04.03 19:18:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.04.03 19:18:00 | 015,279,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.04.03 19:18:00 | 010,102,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.04.03 19:18:00 | 008,138,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.04.03 19:18:00 | 008,029,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.04.03 19:18:00 | 005,981,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.04.03 19:18:00 | 002,881,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.04.03 19:18:00 | 002,740,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.04.03 19:18:00 | 002,681,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.04.03 19:18:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.04.03 19:18:00 | 002,444,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.04.03 19:18:00 | 002,367,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.04.03 19:18:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.04.03 19:18:00 | 001,466,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll [2012.04.03 19:18:00 | 000,948,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012.04.03 19:18:00 | 000,818,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.04.03 19:18:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2012.04.03 19:18:00 | 000,301,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2012.04.03 19:18:00 | 000,246,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.04.03 19:18:00 | 000,202,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.04.03 19:18:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.04.03 19:18:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.04.03 19:18:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys [2012.04.03 19:18:00 | 000,014,252 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.04.03 15:19:14 | 000,858,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll [2012.04.03 15:19:14 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.04.03 15:19:13 | 002,561,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.04.03 15:19:12 | 002,553,991 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.04.03 15:19:12 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.04.03 15:19:12 | 000,055,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll [2012.04.03 15:19:00 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.04.03 15:15:00 | 006,122,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.04.02 23:58:26 | 000,001,152 | ---- | M] () -- C:\Users\Konrad\Desktop\Torchlight Spielen!.lnk [2012.04.01 00:25:36 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.03.29 23:18:55 | 000,002,154 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk [2012.03.18 14:01:17 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.16 20:08:29 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.16 20:08:29 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe ========== Files Created - No Company Name ========== [2012.04.10 15:16:13 | 000,000,222 | ---- | C] () -- C:\Users\Konrad\Desktop\Age of Empires Online.url [2012.04.10 15:01:40 | 002,553,991 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.04.10 14:52:29 | 000,014,252 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.04.08 22:20:36 | 000,002,195 | ---- | C] () -- C:\Users\Konrad\Desktop\Edna Bricht Aus.lnk [2012.04.07 01:04:53 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.04.06 21:19:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\f27jLU.dat [2012.04.02 23:58:26 | 000,001,152 | ---- | C] () -- C:\Users\Konrad\Desktop\Torchlight Spielen!.lnk [2012.04.01 00:25:36 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.04.01 00:25:36 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.03.29 23:18:55 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk [2012.03.29 23:18:55 | 000,002,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inhaltsmanager-Assistent für PlayStation(R).lnk [2012.03.18 14:01:17 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.05 12:44:05 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.10.21 19:24:58 | 000,198,509 | ---- | C] () -- C:\Windows\Kino Mogul Uninstaller.exe [2011.10.18 17:28:37 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.12 21:18:46 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011.09.12 21:18:46 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.08.05 13:52:10 | 000,004,352 | ---- | C] () -- C:\Windows\SysWow64\drivers\TF0801.sys [2011.07.26 14:52:21 | 000,674,600 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.07.04 18:36:37 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.06.27 15:28:21 | 000,065,586 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp [2011.06.02 00:55:55 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.06.02 00:55:54 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.29 21:04:50 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011.05.28 22:28:00 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.16 21:56:12 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.03.16 21:56:12 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe [2011.03.16 21:56:12 | 000,000,321 | ---- | C] () -- C:\Windows\PidList_C.ini [2010.11.17 15:30:01 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.11.17 14:56:27 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010.11.17 14:55:51 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2010.11.17 14:48:15 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.11.17 14:48:15 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.11.17 14:48:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.11.17 14:48:14 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.11.17 14:48:11 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.04.2012 16:13:16 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Konrad\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,68 Gb Total Physical Memory | 5,76 Gb Available Physical Memory | 75,07% Memory free 15,36 Gb Paging File | 13,32 Gb Available in Paging File | 86,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,66 Gb Total Space | 34,61 Gb Free Space | 7,66% Space Free | Partition Type: NTFS Computer Name: KONRADBEUTNER | User Name: Konrad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8 "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.8.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FC1593-0BA0-4334-8786-E634FC011B69}_is1" = Underhell version 1.5 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2C38C251-DE7B-40DC-9D26-C54044348DE5}" = BBI USB WIRELESS CONTROLLER "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{3082E921-811D-4E9E-B991-3B65C6EA09FF}" = IObit Toolbar v5.3 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{46F45BBF-0516-495E-8230-0C301FA54D2B}" = Goin Downtown "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight "{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™ "{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™ "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5D5509EA-B85A-411E-AB75-59069A411876}" = COMPUTERBILD App-Center "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F33360D-E0FA-4691-8D67-76CD5061D621}_is1" = Mercedes CLC Dream Test Drive "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{75E5C9C3-FE78-4A97-AFB1-D96FEE8F6FF8}" = JoypadConnect "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C37FCE0-C8BE-4EAC-82C1-809F1E6A0E8E}" = MAGIX Speed burnR (MSI) "{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones "{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1" = Nitronic Rush (2011-12-25) version 20111225.0 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{BE841724-78F0-44D6-B6C4-C3D53708293B}" = Inhaltsmanager-Assistent für PlayStation(R) "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.199.107 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Civitas3" = Grand Ages Rome 1.11 "CSINYUbisoft" = CSI NY "EdnaSE" = Edna Bricht Aus "FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009 "Fraps" = Fraps (remove only) "Free Studio_is1" = Free Studio version 5.1.6 "Free YouTube Download_is1" = Free YouTube Download version 3.1.22.319 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221 "GamersFirst LIVE!" = GamersFirst LIVE! "GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™ "Identity Card" = Identity Card "ImgBurn" = ImgBurn "Incadia" = Incadia "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "Jack Keane" = Jack Keane "Kino Mogul" = Kino Mogul "LManager" = Launch Manager "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "MSC" = McAfee SecurityCenter "MTA:SA" = MTA:SA v1.0.5 "Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OnlineControl_is1" = OnlineControl 1.1 "OpenAL" = OpenAL "Opera 11.62.1347" = Opera 11.62 "Origin" = Origin "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "RACE_is1" = RACE "Rockstar Games Social Club" = Rockstar Games Social Club "RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3 "Sam and Max - Season One" = Sam and Max - Season One 1.0 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 102700" = Alliance of Valiant Arms "Steam App 105400" = Fable III "Steam App 105430" = Age of Empires Online "Steam App 105600" = Terraria "Steam App 11020" = TrackMania Nations Forever "Steam App 110800" = L.A. Noire: The Complete Edition "Steam App 12120" = Grand Theft Auto: San Andreas "Steam App 12200" = Bully: Scholarship Edition "Steam App 13520" = Far Cry "Steam App 13540" = Tom Clancy's Rainbow Six: Vegas "Steam App 1500" = Darwinia "Steam App 1510" = Uplink "Steam App 1520" = DEFCON "Steam App 1530" = Multiwinia "Steam App 18700" = And Yet It Moves "Steam App 19900" = Far Cry 2 "Steam App 200900" = Cave Story+ "Steam App 202480" = Creation Kit "Steam App 204120" = LEGO Harry Potter: Years 5-7 "Steam App 20500" = Red Faction: Guerrilla "Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky "Steam App 215" = Source SDK Base 2006 "Steam App 220" = Half-Life 2 "Steam App 22380" = Fallout: New Vegas "Steam App 22480" = GECK - New Vegas Edition "Steam App 240" = Counter-Strike: Source "Steam App 24420" = Aquaria "Steam App 24960" = Battlefield: Bad Company 2 "Steam App 24980" = Mass Effect 2 "Steam App 260" = Counter-Strike: Source Beta "Steam App 26500" = Cogs "Steam App 26900" = Crayon Physics Deluxe "Steam App 28000" = Kane & Lynch 2: Dog Days "Steam App 28050" = Deus Ex: Human Revolution "Steam App 32380" = Star Wars Jedi Knight: Dark Forces II "Steam App 32390" = Star Wars - Jedi Knight: Mysteries of the Sith "Steam App 32400" = Star Wars: Dark Forces "Steam App 33230" = Assassin's Creed II "Steam App 340" = Half-Life 2: Lost Coast "Steam App 35140" = Batman: Arkham Asylum GOTY Edition "Steam App 35700" = Trine "Steam App 3590" = Plants vs. Zombies: Game of the Year "Steam App 400" = Portal "Steam App 4000" = Garry's Mod "Steam App 40700" = Machinarium "Steam App 40800" = Super Meat Boy "Steam App 40810" = Super Meat Boy Editor "Steam App 40990" = Mafia "Steam App 41100" = Hammerfight "Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat "Steam App 41800" = Gratuitous Space Battles "Steam App 42670" = Singularity "Steam App 42910" = Magicka "Steam App 43000" = Front Mission Evolved "Steam App 48720" = Mount & Blade: With Fire and Sword "Steam App 50130" = Mafia II "Steam App 55230" = Saints Row: The Third "Steam App 57900" = Duke Nukem Forever "Steam App 6020" = Star Wars Jedi Knight: Jedi Academy "Steam App 6030" = Star Wars - Jedi Knight II: Jedi Outcast "Steam App 6060" = Star Wars - Battlefront II "Steam App 6120" = Shank "Steam App 620" = Portal 2 "Steam App 62000" = Flight Control HD "Steam App 63710" = BIT.TRIP RUNNER "Steam App 6850" = Hitman 2: Silent Assassin "Steam App 6860" = Hitman: Blood Money "Steam App 6880" = Just Cause "Steam App 6900" = Hitman: Codename 47 "Steam App 70300" = VVVVVV "Steam App 71340" = Sonic Generations "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 7940" = Call of Duty 4: Modern Warfare "Steam App 8190" = Just Cause 2 "Steam App 8980" = Borderlands "Steam App 92000" = Hydrophobia: Prophecy "Steam App 94200" = Jamestown "Steam App 98800" = Dungeons of Dredmor "Steam App 99700" = NightSky "WinGimp-2.0_is1" = GIMP 2.6.12 "WinLiveSuite" = Windows Live Essentials "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich. ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09.04.2012 09:56:13 | Computer Name = KonradBeutner | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4041 Error - 09.04.2012 09:56:13 | Computer Name = KonradBeutner | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4041 Error - 09.04.2012 09:56:14 | Computer Name = KonradBeutner | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 09.04.2012 09:56:14 | Computer Name = KonradBeutner | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5055 Error - 09.04.2012 09:56:14 | Computer Name = KonradBeutner | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5055 Error - 09.04.2012 09:56:15 | Computer Name = KonradBeutner | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 09.04.2012 09:56:15 | Computer Name = KonradBeutner | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6053 Error - 09.04.2012 09:56:15 | Computer Name = KonradBeutner | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6053 Error - 12.04.2012 13:17:58 | Computer Name = KonradBeutner | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x4ea78f27 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4f28cccc Ausnahmecode: 0xc0000005 Fehleroffset: 0x746bf1c9 ID des fehlerhaften Prozesses: 0x1de8 Startzeit der fehlerhaften Anwendung: 0x01cd18ce8f3d5339 Pfad der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\konradbeutner97\counter-strike source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung: 72baeed9-84c3-11e1-ba1c-1c7508cd9bb6 Error - 12.04.2012 13:27:13 | Computer Name = KonradBeutner | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x4ea78f27 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4f28cccc Ausnahmecode: 0xc0000005 Fehleroffset: 0x7465f1c9 ID des fehlerhaften Prozesses: 0x1b48 Startzeit der fehlerhaften Anwendung: 0x01cd18d089f5f443 Pfad der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\konradbeutner97\counter-strike source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung: bd3539db-84c4-11e1-ba1c-1c7508cd9bb6 [ System Events ] Error - 09.04.2012 08:42:07 | Computer Name = KonradBeutner | Source = bowser | ID = 8003 Description = Error - 09.04.2012 09:44:43 | Computer Name = KonradBeutner | Source = BROWSER | ID = 8032 Description = Error - 09.04.2012 15:07:32 | Computer Name = KonradBeutner | Source = BROWSER | ID = 8032 Description = Error - 10.04.2012 09:22:31 | Computer Name = KonradBeutner | Source = BROWSER | ID = 8032 Description = Error - 12.04.2012 10:24:28 | Computer Name = KonradBeutner | Source = BROWSER | ID = 8032 Description = Error - 12.04.2012 14:16:00 | Computer Name = KonradBeutner | Source = BROWSER | ID = 8032 Description = Error - 12.04.2012 15:35:20 | Computer Name = KonradBeutner | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?12.?04.?2012 um 21:34:29 unerwartet heruntergefahren. Error - 14.04.2012 10:08:12 | Computer Name = KonradBeutner | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?14.?04.?2012 um 16:06:47 unerwartet heruntergefahren. Error - 14.04.2012 10:09:15 | Computer Name = KonradBeutner | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Client Virtualization Handler erreicht. Error - 14.04.2012 10:09:15 | Computer Name = KonradBeutner | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Client Virtualization Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > |
14.04.2012, 21:40 | #14 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Hi, Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\ProgramData\dPElrpbs.exe C:\ProgramData\FullRemove.exe
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
14.04.2012, 22:06 | #15 |
| Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. Hier ist der VirusTotal Scan von FullRemove: SHA256: 6dba4d3942c1d8896c0f992ccdd0d27c0ac5a9ee4b4a3a4b5c8950609c62ca5c File name: FullRemove.exe Detection ratio: 0 / 42 Analysis date: 2012-04-14 21:03:04 UTC ( 0 Minuten ago ) 2 0 More detailsAntivirus Result Update AhnLab-V3 - 20120414 AntiVir - 20120414 Antiy-AVL - 20120414 Avast - 20120414 AVG - 20120414 BitDefender - 20120414 ByteHero - 20120413 CAT-QuickHeal - 20120414 ClamAV - 20120414 Commtouch - 20120414 Comodo - 20120413 DrWeb - 20120414 Emsisoft - 20120414 eSafe - 20120412 eTrust-Vet - 20120413 F-Prot - 20120413 F-Secure - 20120414 Fortinet - 20120414 GData - 20120414 Ikarus - 20120414 Jiangmin - 20120414 K7AntiVirus - 20120414 Kaspersky - 20120414 McAfee - 20120414 McAfee-GW-Edition - 20120414 Microsoft - 20120414 NOD32 - 20120414 Norman - 20120414 nProtect - 20120414 Panda - 20120414 PCTools - 20120414 Rising - 20120413 Sophos - 20120414 SUPERAntiSpyware - 20120402 Symantec - 20120414 TheHacker - 20120414 TrendMicro - 20120414 TrendMicro-HouseCall - 20120414 VBA32 - 20120413 VIPRE - 20120414 ViRobot - 20120414 VirusBuster - 20120413 Die andere Datei kann ich nicht scannen, da sie schon von meinem Virenschutz entfernt wurde. |
Themen zu Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen. |
automatisch, beenden, explorer, iexplorer.exe, internet, internet explorer, internet explorer startet automatisch, logfiles, lösung, mcafee, mehrere prozesse, neustart, notebook, opera, pcs, problem, prozesse, rechner, relativ, scan, scanner, schließen, startet, task-manager, trojaner, virenscanner, virenschutz, öffnen |