| |
| |||||||
Log-Analyse und Auswertung: Avira Fund EXP/2011-3544.CQ.1Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.05.2012, 13:46
| #16 |
 |  Avira Fund EXP/2011-3544.CQ.1 So ich habe mit OTL nochmal runtergeladen und es auf dem Destkop gespeichert. Hier die 2 Logs: Code:
ATTFilter OTL logfile created on: 20.05.2012 14:36:40 - Run 4 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Joel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 63,92% Memory free 8,00 Gb Paging File | 6,01 Gb Available in Paging File | 75,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 54,08 Gb Free Space | 55,37% Space Free | Partition Type: NTFS Drive E: | 247,15 Gb Total Space | 208,63 Gb Free Space | 84,41% Space Free | Partition Type: NTFS Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS Drive G: | 195,31 Gb Total Space | 159,64 Gb Free Space | 81,74% Space Free | Partition Type: NTFS Drive H: | 195,31 Gb Total Space | 6,35 Gb Free Space | 3,25% Space Free | Partition Type: NTFS Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.20 14:34:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe PRC - [2012.05.20 11:50:59 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 PRC - [2012.05.08 21:28:20 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.25 23:42:44 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- E:\Hamachi\hamachi-2-ui.exe PRC - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe PRC - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.07.08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe PRC - [2009.05.04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe PRC - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2012.05.20 11:51:00 | 000,592,896 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0011\~de6248.tmp MOD - [2012.05.20 11:50:59 | 000,697,884 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0011\~df394b.tmp MOD - [2012.05.14 19:29:50 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.14 15:39:26 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.14 15:39:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.06 11:27:39 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012.04.25 23:42:44 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.02.29 14:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.06.16 17:52:21 | 000,008,704 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\GetCoreTempInfoNET.dll MOD - [2011.06.16 17:52:21 | 000,007,680 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\SystemInfo.dll MOD - [2011.06.16 17:52:21 | 000,006,144 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\CoreTempReader.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe MOD - [2009.04.20 11:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Win32 Services (SafeList) ========== SRV - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.25 23:42:45 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.30 12:26:16 | 001,295,416 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.13 18:38:00 | 004,241,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.10.30 17:42:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.10.30 17:41:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2009.08.10 15:19:30 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.17 18:52:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.11.17 18:52:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.11.25 15:06:02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.05 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [2001.08.25 16:44:45 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD A4 04 C7 29 31 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {2922AFAD-0159-43EB-8D35-9DA555BFC30A} IE - HKCU\..\SearchScopes\{2922AFAD-0159-43EB-8D35-9DA555BFC30A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}:5.0.18 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.17 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9 FF - prefs.js..extensions.enabledItems: d2nagent@isaaclw.com:0.4.3 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 23:42:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.14 16:29:46 | 000,000,000 | ---D | M] [2010.10.29 19:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Extensions [2012.05.19 15:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions [2012.02.13 12:07:38 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2012.03.29 22:47:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.05 22:07:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.05.19 15:23:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.05.01 21:11:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\plugin@yontoo.com [2012.05.14 21:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-1.xml [2012.05.14 16:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.14 16:33:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.05.11 18:24:02 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\EXTENSIONS\D2NAGENT@ISAACLW.COM.XPI [2012.04.25 23:42:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.05.14 16:33:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.23 20:15:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Joel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Translator = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\ CHR - Extension: Google Mail = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [ASRockIES] File not found O4 - HKCU..\Run: [ASRockOCTuner] File not found O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [zASRockInstantBoot] File not found O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC940EA-F80F-41D9-B652-128D376145C8}: DhcpNameServer = 192.168.1.1 217.237.151.97 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.20 14:34:04 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe [2012.05.14 19:42:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4 [2012.05.14 16:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.05.14 16:33:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.05.14 16:33:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.05.14 16:33:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.05.14 16:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.05.14 16:07:53 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Secunia PSI (BETA) [2012.05.14 16:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2012.05.14 15:08:25 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012.05.13 23:47:23 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2012.05.13 23:47:21 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2012.05.13 23:47:21 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2012.05.13 23:47:15 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.05.13 23:47:13 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2012.05.13 23:47:13 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2012.05.13 23:47:13 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2012.05.13 23:47:13 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2012.05.13 23:47:13 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2012.05.13 23:47:12 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2012.05.13 23:47:12 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2012.05.13 23:47:12 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2012.05.13 23:47:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2012.05.13 23:47:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2012.05.13 23:47:12 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2012.05.13 23:47:12 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2012.05.13 23:47:12 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2012.05.13 23:47:08 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.05.13 23:47:07 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012.05.13 23:47:07 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2012.05.13 23:47:07 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2012.05.13 23:47:05 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2012.05.13 23:47:05 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2012.05.13 23:46:49 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2012.05.13 23:46:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012.05.13 23:46:46 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2012.05.13 23:46:45 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2012.05.13 23:46:38 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2012.05.13 23:46:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2012.05.13 23:46:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2012.05.13 23:46:37 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2012.05.13 23:46:37 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2012.05.13 23:46:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2012.05.13 23:46:37 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2012.05.13 23:46:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2012.05.13 23:46:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2012.05.13 23:44:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.05.13 23:44:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.05.13 23:24:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.05.13 23:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.13 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.13 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.05.13 11:22:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.05.12 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.05.12 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\SUPERAntiSpyware.com [2012.05.12 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.05.12 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.05.12 12:08:29 | 000,839,112 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.05.12 12:08:28 | 000,955,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.05.12 12:08:28 | 000,268,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.05.12 12:08:22 | 000,189,384 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.05.12 12:08:22 | 000,188,872 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.05.12 12:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.05.12 11:43:07 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.12 02:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.11 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Malwarebytes [2012.05.11 18:31:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.10 06:59:01 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.10 06:58:02 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.10 06:58:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.10 06:58:01 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.20 14:34:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe [2012.05.20 13:53:11 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.20 13:53:11 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.20 11:55:10 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.20 11:55:10 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.20 11:55:10 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.20 11:55:10 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.20 11:55:10 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.20 11:50:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.20 11:50:29 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.05.15 12:56:47 | 000,307,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.14 19:42:40 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.05.14 16:33:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.05.14 16:33:26 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.05.14 16:33:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.05.14 16:33:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.05.14 16:31:29 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk [2012.05.14 16:17:26 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.05.14 16:12:57 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.14 16:12:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.14 15:31:24 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.13 23:30:22 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2012.05.13 23:30:22 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2012.05.13 13:44:23 | 544,077,993 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.12 12:34:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.12 12:22:26 | 000,132,796 | ---- | M] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg [2012.05.12 12:15:31 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.05.12 12:08:04 | 000,955,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.05.12 12:08:04 | 000,839,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.05.12 12:08:04 | 000,268,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.05.12 12:08:04 | 000,189,384 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.05.12 12:08:04 | 000,188,872 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.05.12 02:22:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.11 18:31:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.06 22:27:36 | 000,156,374 | ---- | M] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp [2012.04.29 17:16:42 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.14 19:42:40 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.05.14 16:31:29 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk [2012.05.14 16:17:26 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.05.14 16:07:48 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.05.13 13:44:23 | 544,077,993 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.05.12 12:34:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.12 12:22:18 | 000,132,796 | ---- | C] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg [2012.05.12 12:15:31 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.05.12 12:15:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.05.12 02:22:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.11 18:31:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.06 22:27:36 | 000,156,374 | ---- | C] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp [2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.01.14 01:34:30 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.22 17:41:38 | 105,854,917 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\.minecraft.rar [2011.09.23 19:41:14 | 000,000,807 | ---- | C] () -- C:\Windows\eReg.dat [2011.08.02 19:12:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.05.22 19:08:16 | 000,007,605 | ---- | C] () -- C:\Users\Joel\AppData\Local\Resmon.ResmonCfg [2011.05.02 22:01:15 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.05.02 22:01:15 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.11.10 14:26:13 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.11.03 22:26:04 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.10.30 17:43:02 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2010.10.30 17:43:02 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2010.10.30 17:43:02 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2010.10.30 17:42:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.10.30 17:42:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL ========== LOP Check ========== [2012.05.19 14:21:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft [2011.05.19 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\aaa [2011.02.03 00:26:12 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Ashampoo [2010.12.02 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited [2011.01.28 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FOG Downloader [2011.08.02 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack [2012.05.12 02:06:18 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\go [2012.02.13 19:27:41 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\gtk-2.0 [2012.05.20 14:36:43 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICQ [2012.01.14 01:40:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICSharpCode [2011.12.31 01:54:03 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Leadertech [2010.12.26 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\LolClient [2011.05.17 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Notepad++ [2012.01.14 01:40:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\NuGet [2010.11.02 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\OpenOffice.org [2010.10.30 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Opera [2011.08.16 00:47:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TeamViewer [2012.02.04 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Teeworlds [2012.04.23 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TS3Client [2012.03.18 10:47:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.05.2012 14:36:40 - Run 4
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Joel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 63,92% Memory free
8,00 Gb Paging File | 6,01 Gb Available in Paging File | 75,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 54,08 Gb Free Space | 55,37% Space Free | Partition Type: NTFS
Drive E: | 247,15 Gb Total Space | 208,63 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 159,64 Gb Free Space | 81,74% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 6,35 Gb Free Space | 3,25% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015815D5-4987-4150-9D7A-F49B9F7D5396}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{05EBCCD6-652A-44CA-94E9-E57F8FF52600}" = lport=2869 | protocol=6 | dir=in | app=system |
"{06FA5D42-DFB0-43D1-B7D7-DFBA6422BACF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{088EC2C0-2CEA-4D29-8E3A-5BC6E17937E1}" = rport=138 | protocol=17 | dir=out | app=system |
"{0EDD4EB9-0141-455D-9869-5381630AA28B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11124883-B46D-4855-8250-DD475A4450D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{11A2AE83-0D1A-4044-9EA4-F3FC9A6AF2F9}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{12381292-6D93-4B38-9CAA-EB4B17D2AB73}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{19B708A7-7745-4D63-A51A-751417C1C5E1}" = lport=139 | protocol=6 | dir=in | app=system |
"{2135EF7B-ABE1-4308-A8B5-B1E1D2F362F7}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{245E9322-C745-4F47-B696-F263FAD6BA38}" = lport=6889 | protocol=17 | dir=in | name=teeworlds 6889 |
"{26E18C0F-89A8-40EE-B0E8-74745893CF29}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{2BCA9D23-17DE-40B5-8956-536B7F56943A}" = lport=445 | protocol=6 | dir=in | app=system |
"{2DA99FB8-C4C6-4827-B4EB-134F1BBF2347}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3846C789-5684-43E0-9C11-DDDA5AC2205A}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{3CE6A1A6-8931-4FDA-ACB7-0D68F8946B24}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DD2EBCF-BC0B-46F1-BEB1-CB58F2E65B7F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3FA2AA14-4FF3-41D9-9933-898491A8BD5E}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{4A9E817D-66BF-42F7-BE98-4F37970322BB}" = lport=6983 | protocol=6 | dir=in | name=league of legends launcher |
"{4C7BEE98-F2F3-4C05-84AC-40AF57B7367F}" = lport=8303 | protocol=6 | dir=in | name=teeworlds 8303 |
"{541ADF90-38D5-4693-ACB5-4A564C8085F3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{57B3AD67-C67C-4D4B-81D1-24525953D8ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{712ED346-27E9-411E-A1DB-BB3532EFD6B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{7550083D-8366-456B-B103-512A483711FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FC55C48-E1F7-4431-B5DC-9F9D444A98F0}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{8CA0D869-4A94-4DDF-8AD7-1D6C6ABA9A6F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{90260A72-7C51-4B92-BBA0-C9601E4CFC14}" = lport=137 | protocol=17 | dir=in | app=system |
"{94C425E1-132A-4F32-8420-B01024B7A645}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{AF4B6F89-C56C-4714-AB97-84E206950D7B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFF3AA23-9A5C-4C27-A1A8-C71198CE1C9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{C8D3113E-3008-42E5-8128-862A1139E7E4}" = lport=8303 | protocol=17 | dir=in | name=teeworlds 8303 |
"{C8FF6561-17F4-4395-97DD-A94AC3D92833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CFDEFD51-A904-405A-83E7-B82E240785DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4CB7803-B589-43B8-A12D-6E054869F04F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{D6B45973-2137-4C51-89AF-88D1ED1B86DD}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{DADA2499-EB5D-4D4B-9C25-EB8AE22216D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DDE33CEC-4819-4165-8E5A-FC118D7824B2}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe |
"{E0F2A274-ACD8-4DAE-98E5-F9CB96999C05}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{E860FF78-F313-4A86-A9F6-4A25D60C7C76}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{E9F41EDC-A75F-4CF9-B45C-8B59470A88A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{EBAAA8FB-EE5E-4D9C-B789-DAFAF2302B15}" = lport=6983 | protocol=17 | dir=in | name=league of legends launcher |
"{EC717585-9A40-4B80-822F-B922F7225B6B}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{F7E65764-E8BC-43CD-8379-1B573B36D4F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FA262EBD-ADCA-44BE-8B37-025647D07DB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA8481E5-AF40-4F49-821C-04D8A55A9539}" = rport=137 | protocol=17 | dir=out | app=system |
"{FD9831E4-DDFC-45D7-9D5D-26B7A280F5D6}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{FE14AF1F-F279-4CF9-8D44-436CD5C52E30}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B3B126-5F17-43AC-B5F8-5308CBEBC442}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{0E866DD7-C829-40E7-86BB-7ADE18317CB1}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2editor.exe |
"{1A15FD6B-66CC-4499-95F8-0A4704128839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BD50DC6-91B6-4E81-93C0-D914DE6940BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CAB8500-5FBC-4D0B-AC57-862DF5B4FCAF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D6D9081-B49B-45A3-AD35-38697A98CBC5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{1DD0803B-C9BC-48F4-A29A-B2DFEA15FC3B}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{23C1D74F-982F-48CB-BE6E-179079715A8A}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{2980A7BE-7C96-472E-94E2-1655BFB5ABFC}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{3245222B-3529-4C6D-A44B-4965FD2D4BF2}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{33328ADB-1A55-4554-ADE1-97F6BDF67CB4}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{3CE72F82-D496-44CD-BEE9-59D94F70DA9F}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{42EE1539-3799-4CB6-9280-B99B08FA2E51}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AD08C25-9E9B-46D5-9CA6-F93EFADB2001}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4FE91235-CB14-4A92-9197-76224023C725}" = protocol=58 | dir=in | app=system |
"{5108EEC9-83CD-4EFE-A7B6-45EA62B06744}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{52764308-B504-4B40-934F-42FB2E462B67}" = protocol=17 | dir=in | app=e:\far cry 2\bin\farcry2.exe |
"{57B906E3-9808-4E95-B071-8E9A8546FF35}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{5C244910-F9D9-439B-918F-22807DF574E1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{600EFF9C-C1E7-4214-9C47-1328DFACD1B0}" = protocol=6 | dir=out | app=system |
"{605C8B43-1D1D-4210-944C-326BD8D13605}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61BFECEE-5A94-40F9-8395-3030C378BFCD}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{665EE240-9017-40A5-BC67-7E33C9BF1BA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69078C34-E2F9-4E08-B796-4CB9554E522C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6A1776CA-3594-4245-A668-15FD1BAFEAB0}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2editor.exe |
"{76EF8693-A675-4258-878F-1E8331258C53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{792616E3-4491-4D5E-BF85-699167F5D06E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CEEDD4F-F520-4689-BD77-E863AF242D04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{80902871-5467-415E-8A7F-0FBC14CE5AAF}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe |
"{8132ECDD-BD30-4E30-83FF-DACEA64249B5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{8B718EAC-453F-4770-9A91-B722EDCB5229}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{8BD19A94-2866-4DB0-997C-BA8313179C68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90B29A8C-07D4-4FA8-B437-372618C0E054}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe |
"{95ACD2CD-8FBD-491F-B65E-93F7E61FC6A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A4D77DD2-7F25-4CDB-B66B-C2779EA49D70}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe |
"{A9461706-D7AA-451B-A0F0-35F0D8F86C3B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A9EA04DD-B6D9-49AF-84D0-34A21A9DC884}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{AD9F48D9-D24B-437B-8225-A71D72AB9D01}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{AF98AE5C-1802-4662-AB77-C4EAF0D40CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{BB3FDDCF-593C-4FED-8177-2CEBF9B876F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD89DF75-6603-4B1E-8B3B-18571CE447EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BF72DDE1-60A7-4EC6-9F75-2A09A053835E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C760398A-B8AF-4F00-A259-1CD29D9C6248}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{C8EA45EE-3F6D-4393-8033-EF756008536B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D15DB42D-7FFD-441B-9CEC-FAFBADEC5832}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{DC00E59C-509D-47EE-94E7-8D35DAB582AE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DCAA34C4-8967-42E4-9C78-E9956F3C99B8}" = protocol=6 | dir=in | app=e:\far cry 2\bin\farcry2.exe |
"{DCB87F33-6EC8-4205-8D96-4444FC969B3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E3C22EB4-9D0A-4100-B80F-1720117B69AF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{EE2F26C4-A33E-4F03-9FA8-B391F9652B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEA942E7-DD54-4CE3-9BF6-302536EED318}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{EEFB4877-B4D1-46A2-80CB-68D11A9A95BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F18CDE47-D147-4493-8719-911BC85815F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{F55BAB88-E7B2-4587-83F1-F061E59292E9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{F6B7F342-6C59-467F-93A9-4DD469789FAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7B31CA4-7E0F-4495-B49F-AADAF19AC1A9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FCC5FE58-F9BF-4219-9C75-AF67E4D16254}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{FDB0D687-F909-4780-88F0-871C9B48F49F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{073D0A6D-EA75-4A3D-999C-EFE9F9AE03BE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe |
"TCP Query User{08120891-AC55-4A3F-8B9A-7189CDB31059}E:\runes of magic\launcher.exe" = protocol=6 | dir=in | app=e:\runes of magic\launcher.exe |
"TCP Query User{0F5C36C0-7EE5-4213-BC9E-0A4C7E30463A}E:\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=e:\urbanterror\iourbanterror.exe |
"TCP Query User{1702350D-7D8E-49F4-BD9A-1481CBEC6825}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe |
"TCP Query User{1F5934C3-A05B-469D-A920-C93A55B72337}E:\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\runes of magic\client.exe |
"TCP Query User{2DD4A950-554B-41AC-9BE5-1C9CB737EE03}E:\age of empires 2\empires2.exe" = protocol=6 | dir=in | app=e:\age of empires 2\empires2.exe |
"TCP Query User{33AE62CA-5396-44C9-8DEE-C79E74321E4D}E:\njam\njam.exe" = protocol=6 | dir=in | app=e:\njam\njam.exe |
"TCP Query User{42355D16-A3D8-4F51-867C-4ECD1083F2F4}E:\mirc\mirc.exe" = protocol=6 | dir=in | app=e:\mirc\mirc.exe |
"TCP Query User{60F5A421-F134-494C-9412-D47E063047C9}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe |
"TCP Query User{7D5DB9CE-ABFE-4DDF-A061-08CB79AEB9CF}E:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\tmnationsforever\tmforever.exe |
"TCP Query User{967A166B-39B2-4214-B950-5B99F1604481}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{AC2CE038-B41C-4CFE-822D-AB7FB1D38E39}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C3DDD949-FC0A-434A-9C69-5147C5752836}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe |
"UDP Query User{0A856155-4C77-4DCF-BEC9-D28558A76A27}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{0B31C258-5707-421D-A622-702B6C248E48}E:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\tmnationsforever\tmforever.exe |
"UDP Query User{1EFF81D8-9DA8-4B64-968C-7E8EEC6943DE}E:\runes of magic\launcher.exe" = protocol=17 | dir=in | app=e:\runes of magic\launcher.exe |
"UDP Query User{2BD8ECDB-C61C-41D0-A08E-BB42CBDA032D}E:\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\runes of magic\client.exe |
"UDP Query User{2C29389C-B73A-4E2B-B303-79A30D00295D}E:\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=e:\urbanterror\iourbanterror.exe |
"UDP Query User{34CBF9A0-42B6-4A84-8F3A-CF5C9765C80B}E:\age of empires 2\empires2.exe" = protocol=17 | dir=in | app=e:\age of empires 2\empires2.exe |
"UDP Query User{58AE977F-B7DC-4C39-835D-56EB78482958}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{753EADA8-C870-408E-B86E-DF7B0DA963A7}E:\njam\njam.exe" = protocol=17 | dir=in | app=e:\njam\njam.exe |
"UDP Query User{9CE78EEB-CEBF-4F55-9179-B97C83428D8A}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe |
"UDP Query User{DE0C055B-D2C0-483F-B300-94D2EB7D1586}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe |
"UDP Query User{E0EB627E-59EE-48F3-A037-EDE088A9CFEE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe |
"UDP Query User{FDFE606C-9EA9-48A5-97BA-701C72E61D04}E:\mirc\mirc.exe" = protocol=17 | dir=in | app=e:\mirc\mirc.exe |
"UDP Query User{FEFAD096-12E3-4147-94AB-9DE82B585771}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Explorer Suite_is1" = Explorer Suite III
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05248BF9-6E23-4AF0-A1CB-C378F9D25524}" = SharpDevelop 4.1
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = Die Sims - Megastar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27A48664-BDDF-4AA3-8627-47CB8AC7D8A4}_is1" = Robokill
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"ASRock IES_is1" = ASRock IES v2.0.69
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.91
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Divine Divinity" = Divine Divinity
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"FreePascal_is1" = Free Pascal 2.6.0
"HyperCam 2" = HyperCam 2
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Jagged Alliance 2 Wildfire" = Jagged Alliance 2 Wildfire
"Jagged Alliance 2: Unfinished Business" = Jagged Alliance 2: Unfinished Business
"Little Fighter 2" = Little Fighter 2 1.9c
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"mIRC" = mIRC
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Njam_is1" = Njam 1.21
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.64.1403" = Opera 11.64
"Pangya" = Pangya (Ntreev SG Interactive)
"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood
"Secunia PSI" = Secunia PSI (3.0.0.0006)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"Urban Terror_is1" = Urban Terror 4.1
"VirtualCloneDrive" = VirtualCloneDrive
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 6.1
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
21.05.2012, 08:27
| #17 | |
| /// Helfer-Team    | Avira Fund EXP/2011-3544.CQ.1 1.
__________________Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {2922AFAD-0159-43EB-8D35-9DA555BFC30A}
IE - HKCU\..\SearchScopes\{2922AFAD-0159-43EB-8D35-9DA555BFC30A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. erneut einen Scan mit OTL:
3. kann ich nicht zuordnen, um was handelt es sich dabei ?: Code:
ATTFilter [2011.05.19 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\aaa
__________________ |
|
21.05.2012, 15:00
| #18 |
| | Avira Fund EXP/2011-3544.CQ.1 1. Habe den Fix ausgeführt:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2922AFAD-0159-43EB-8D35-9DA555BFC30A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2922AFAD-0159-43EB-8D35-9DA555BFC30A}\ not found.
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=" removed from keyword.URL
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Joel\Desktop\cmd.bat deleted successfully.
C:\Users\Joel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Joel
->Temp folder emptied: 240232520 bytes
->Temporary Internet Files folder emptied: 134197006 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 962731618 bytes
->Google Chrome cache emptied: 10233460 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 2140 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 233804604 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.508,00 mb
OTL by OldTimer - Version 3.2.43.0 log created on 05212012_154937
Files\Folders moved on Reboot...
C:\Users\Joel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 21.05.2012 15:54:43 - Run 5 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Joel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,10% Memory free 8,00 Gb Paging File | 6,25 Gb Available in Paging File | 78,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 55,58 Gb Free Space | 56,92% Space Free | Partition Type: NTFS Drive E: | 247,15 Gb Total Space | 208,63 Gb Free Space | 84,41% Space Free | Partition Type: NTFS Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS Drive G: | 195,31 Gb Total Space | 159,64 Gb Free Space | 81,74% Space Free | Partition Type: NTFS Drive H: | 195,31 Gb Total Space | 6,35 Gb Free Space | 3,25% Space Free | Partition Type: NTFS Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.21 15:52:12 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 PRC - [2012.05.20 14:34:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe PRC - [2012.05.08 21:28:20 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.25 23:42:44 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- E:\Hamachi\hamachi-2-ui.exe PRC - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe PRC - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.07.08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe PRC - [2009.05.04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe PRC - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2012.05.21 15:52:12 | 000,697,884 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~df394b.tmp MOD - [2012.05.21 15:52:12 | 000,592,896 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~de6248.tmp MOD - [2012.05.14 19:29:50 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.14 15:39:26 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.14 15:39:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.04.25 23:42:44 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.02.29 14:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.06.16 17:52:21 | 000,008,704 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\GetCoreTempInfoNET.dll MOD - [2011.06.16 17:52:21 | 000,007,680 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\SystemInfo.dll MOD - [2011.06.16 17:52:21 | 000,006,144 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\CoreTempReader.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe MOD - [2009.04.20 11:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Win32 Services (SafeList) ========== SRV - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.25 23:42:45 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.30 12:26:16 | 001,295,416 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.13 18:38:00 | 004,241,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.10.30 17:42:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.10.30 17:41:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2009.08.10 15:19:30 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.17 18:52:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.11.17 18:52:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.11.25 15:06:02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.05 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) DRV - [2001.08.25 16:44:45 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD A4 04 C7 29 31 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}:5.0.18 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.17 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9 FF - prefs.js..extensions.enabledItems: d2nagent@isaaclw.com:0.4.3 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 23:42:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.14 16:29:46 | 000,000,000 | ---D | M] [2010.10.29 19:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Extensions [2012.05.19 15:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions [2012.02.13 12:07:38 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2012.03.29 22:47:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.05 22:07:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.05.19 15:23:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.05.01 21:11:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\plugin@yontoo.com [2012.05.14 21:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-1.xml [2012.05.14 16:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.14 16:33:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.05.11 18:24:02 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\EXTENSIONS\D2NAGENT@ISAACLW.COM.XPI [2012.04.25 23:42:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.05.14 16:33:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.23 20:15:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Joel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Translator = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\ CHR - Extension: Google Mail = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [ASRockIES] File not found O4 - HKCU..\Run: [ASRockOCTuner] File not found O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [zASRockInstantBoot] File not found O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC940EA-F80F-41D9-B652-128D376145C8}: DhcpNameServer = 192.168.1.1 217.237.151.97 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.20 14:34:04 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe [2012.05.14 19:42:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4 [2012.05.14 16:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.05.14 16:33:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.05.14 16:33:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.05.14 16:33:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.05.14 16:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.05.14 16:07:53 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Secunia PSI (BETA) [2012.05.14 16:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2012.05.14 15:08:25 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012.05.13 23:47:23 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2012.05.13 23:47:21 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2012.05.13 23:47:21 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2012.05.13 23:47:15 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.05.13 23:47:13 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2012.05.13 23:47:13 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2012.05.13 23:47:13 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2012.05.13 23:47:13 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2012.05.13 23:47:13 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2012.05.13 23:47:12 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2012.05.13 23:47:12 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2012.05.13 23:47:12 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2012.05.13 23:47:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2012.05.13 23:47:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2012.05.13 23:47:12 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2012.05.13 23:47:12 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2012.05.13 23:47:12 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2012.05.13 23:47:08 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.05.13 23:47:07 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012.05.13 23:47:07 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2012.05.13 23:47:07 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2012.05.13 23:47:05 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2012.05.13 23:47:05 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2012.05.13 23:46:49 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2012.05.13 23:46:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012.05.13 23:46:46 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2012.05.13 23:46:45 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2012.05.13 23:46:38 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2012.05.13 23:46:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2012.05.13 23:46:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2012.05.13 23:46:37 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2012.05.13 23:46:37 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2012.05.13 23:46:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2012.05.13 23:46:37 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2012.05.13 23:46:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2012.05.13 23:46:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2012.05.13 23:44:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.05.13 23:44:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.05.13 23:24:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.05.13 23:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.13 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.13 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.05.13 11:22:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.05.12 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.05.12 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\SUPERAntiSpyware.com [2012.05.12 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.05.12 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.05.12 12:08:29 | 000,839,112 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.05.12 12:08:28 | 000,955,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.05.12 12:08:28 | 000,268,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.05.12 12:08:22 | 000,189,384 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.05.12 12:08:22 | 000,188,872 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.05.12 12:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.05.12 11:43:07 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.12 02:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.11 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Malwarebytes [2012.05.11 18:31:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.10 06:59:01 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.10 06:58:02 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.10 06:58:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.10 06:58:01 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.21 15:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.21 15:51:25 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.05.21 15:50:47 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.21 15:50:47 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.21 14:55:09 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.21 14:55:09 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.21 14:55:09 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.21 14:55:09 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.21 14:55:09 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.20 14:34:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe [2012.05.15 12:56:47 | 000,307,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.14 19:42:40 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.05.14 16:33:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.05.14 16:33:26 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.05.14 16:33:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.05.14 16:33:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.05.14 16:31:29 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk [2012.05.14 16:17:26 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.05.14 16:12:57 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.14 16:12:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.14 15:31:24 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.13 23:30:22 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2012.05.13 23:30:22 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2012.05.13 13:44:23 | 544,077,993 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.12 12:34:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.12 12:22:26 | 000,132,796 | ---- | M] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg [2012.05.12 12:15:31 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.05.12 12:08:04 | 000,955,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.05.12 12:08:04 | 000,839,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.05.12 12:08:04 | 000,268,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.05.12 12:08:04 | 000,189,384 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.05.12 12:08:04 | 000,188,872 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.05.12 02:22:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.11 18:31:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.06 22:27:36 | 000,156,374 | ---- | M] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp [2012.04.29 17:16:42 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.14 19:42:40 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.05.14 16:31:29 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk [2012.05.14 16:17:26 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.05.14 16:07:48 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.05.13 13:44:23 | 544,077,993 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.05.12 12:34:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.12 12:22:18 | 000,132,796 | ---- | C] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg [2012.05.12 12:15:31 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.05.12 12:15:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.05.12 02:22:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.11 18:31:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.06 22:27:36 | 000,156,374 | ---- | C] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp [2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.01.14 01:34:30 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.22 17:41:38 | 105,854,917 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\.minecraft.rar [2011.09.23 19:41:14 | 000,000,807 | ---- | C] () -- C:\Windows\eReg.dat [2011.08.02 19:12:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.05.22 19:08:16 | 000,007,605 | ---- | C] () -- C:\Users\Joel\AppData\Local\Resmon.ResmonCfg [2011.05.02 22:01:15 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.05.02 22:01:15 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.11.10 14:26:13 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.11.03 22:26:04 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.10.30 17:43:02 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2010.10.30 17:43:02 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2010.10.30 17:43:02 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2010.10.30 17:42:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.10.30 17:42:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL ========== LOP Check ========== [2012.05.19 14:21:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft [2011.02.03 00:26:12 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Ashampoo [2010.12.02 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited [2011.01.28 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FOG Downloader [2011.08.02 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack [2012.05.12 02:06:18 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\go [2012.02.13 19:27:41 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\gtk-2.0 [2012.05.20 21:41:17 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICQ [2012.01.14 01:40:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICSharpCode [2011.12.31 01:54:03 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Leadertech [2010.12.26 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\LolClient [2011.05.17 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Notepad++ [2012.01.14 01:40:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\NuGet [2010.11.02 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\OpenOffice.org [2010.10.30 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Opera [2011.08.16 00:47:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TeamViewer [2012.02.04 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Teeworlds [2012.04.23 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TS3Client [2012.03.18 10:47:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.05.2012 15:54:43 - Run 5
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Joel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,10% Memory free
8,00 Gb Paging File | 6,25 Gb Available in Paging File | 78,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 55,58 Gb Free Space | 56,92% Space Free | Partition Type: NTFS
Drive E: | 247,15 Gb Total Space | 208,63 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 159,64 Gb Free Space | 81,74% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 6,35 Gb Free Space | 3,25% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015815D5-4987-4150-9D7A-F49B9F7D5396}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{05EBCCD6-652A-44CA-94E9-E57F8FF52600}" = lport=2869 | protocol=6 | dir=in | app=system |
"{06FA5D42-DFB0-43D1-B7D7-DFBA6422BACF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{088EC2C0-2CEA-4D29-8E3A-5BC6E17937E1}" = rport=138 | protocol=17 | dir=out | app=system |
"{0EDD4EB9-0141-455D-9869-5381630AA28B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11124883-B46D-4855-8250-DD475A4450D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{11A2AE83-0D1A-4044-9EA4-F3FC9A6AF2F9}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{12381292-6D93-4B38-9CAA-EB4B17D2AB73}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{19B708A7-7745-4D63-A51A-751417C1C5E1}" = lport=139 | protocol=6 | dir=in | app=system |
"{2135EF7B-ABE1-4308-A8B5-B1E1D2F362F7}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{245E9322-C745-4F47-B696-F263FAD6BA38}" = lport=6889 | protocol=17 | dir=in | name=teeworlds 6889 |
"{26E18C0F-89A8-40EE-B0E8-74745893CF29}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{2BCA9D23-17DE-40B5-8956-536B7F56943A}" = lport=445 | protocol=6 | dir=in | app=system |
"{2DA99FB8-C4C6-4827-B4EB-134F1BBF2347}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3846C789-5684-43E0-9C11-DDDA5AC2205A}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{3CE6A1A6-8931-4FDA-ACB7-0D68F8946B24}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DD2EBCF-BC0B-46F1-BEB1-CB58F2E65B7F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3FA2AA14-4FF3-41D9-9933-898491A8BD5E}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{4A9E817D-66BF-42F7-BE98-4F37970322BB}" = lport=6983 | protocol=6 | dir=in | name=league of legends launcher |
"{4C7BEE98-F2F3-4C05-84AC-40AF57B7367F}" = lport=8303 | protocol=6 | dir=in | name=teeworlds 8303 |
"{541ADF90-38D5-4693-ACB5-4A564C8085F3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{57B3AD67-C67C-4D4B-81D1-24525953D8ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{712ED346-27E9-411E-A1DB-BB3532EFD6B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{7550083D-8366-456B-B103-512A483711FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FC55C48-E1F7-4431-B5DC-9F9D444A98F0}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{8CA0D869-4A94-4DDF-8AD7-1D6C6ABA9A6F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{90260A72-7C51-4B92-BBA0-C9601E4CFC14}" = lport=137 | protocol=17 | dir=in | app=system |
"{94C425E1-132A-4F32-8420-B01024B7A645}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{AF4B6F89-C56C-4714-AB97-84E206950D7B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFF3AA23-9A5C-4C27-A1A8-C71198CE1C9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{C8D3113E-3008-42E5-8128-862A1139E7E4}" = lport=8303 | protocol=17 | dir=in | name=teeworlds 8303 |
"{C8FF6561-17F4-4395-97DD-A94AC3D92833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CFDEFD51-A904-405A-83E7-B82E240785DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4CB7803-B589-43B8-A12D-6E054869F04F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{D6B45973-2137-4C51-89AF-88D1ED1B86DD}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{DADA2499-EB5D-4D4B-9C25-EB8AE22216D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DDE33CEC-4819-4165-8E5A-FC118D7824B2}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe |
"{E0F2A274-ACD8-4DAE-98E5-F9CB96999C05}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{E860FF78-F313-4A86-A9F6-4A25D60C7C76}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{E9F41EDC-A75F-4CF9-B45C-8B59470A88A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{EBAAA8FB-EE5E-4D9C-B789-DAFAF2302B15}" = lport=6983 | protocol=17 | dir=in | name=league of legends launcher |
"{EC717585-9A40-4B80-822F-B922F7225B6B}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{F7E65764-E8BC-43CD-8379-1B573B36D4F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FA262EBD-ADCA-44BE-8B37-025647D07DB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA8481E5-AF40-4F49-821C-04D8A55A9539}" = rport=137 | protocol=17 | dir=out | app=system |
"{FD9831E4-DDFC-45D7-9D5D-26B7A280F5D6}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{FE14AF1F-F279-4CF9-8D44-436CD5C52E30}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B3B126-5F17-43AC-B5F8-5308CBEBC442}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{0E866DD7-C829-40E7-86BB-7ADE18317CB1}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2editor.exe |
"{1A15FD6B-66CC-4499-95F8-0A4704128839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BD50DC6-91B6-4E81-93C0-D914DE6940BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C3CDBD3-2ED0-4107-AE8E-8A4BB26D476D}" = protocol=58 | dir=in | app=system |
"{1CAB8500-5FBC-4D0B-AC57-862DF5B4FCAF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D6D9081-B49B-45A3-AD35-38697A98CBC5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{1DD0803B-C9BC-48F4-A29A-B2DFEA15FC3B}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{23C1D74F-982F-48CB-BE6E-179079715A8A}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{2980A7BE-7C96-472E-94E2-1655BFB5ABFC}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{3245222B-3529-4C6D-A44B-4965FD2D4BF2}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{33328ADB-1A55-4554-ADE1-97F6BDF67CB4}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{3B009646-4C28-4925-9134-435F98D54D15}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{3CE72F82-D496-44CD-BEE9-59D94F70DA9F}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{42EE1539-3799-4CB6-9280-B99B08FA2E51}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AD08C25-9E9B-46D5-9CA6-F93EFADB2001}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5108EEC9-83CD-4EFE-A7B6-45EA62B06744}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{52764308-B504-4B40-934F-42FB2E462B67}" = protocol=17 | dir=in | app=e:\far cry 2\bin\farcry2.exe |
"{57B906E3-9808-4E95-B071-8E9A8546FF35}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{5C244910-F9D9-439B-918F-22807DF574E1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{600EFF9C-C1E7-4214-9C47-1328DFACD1B0}" = protocol=6 | dir=out | app=system |
"{605C8B43-1D1D-4210-944C-326BD8D13605}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61BFECEE-5A94-40F9-8395-3030C378BFCD}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{665EE240-9017-40A5-BC67-7E33C9BF1BA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69078C34-E2F9-4E08-B796-4CB9554E522C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6A1776CA-3594-4245-A668-15FD1BAFEAB0}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2editor.exe |
"{76EF8693-A675-4258-878F-1E8331258C53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{792616E3-4491-4D5E-BF85-699167F5D06E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CEEDD4F-F520-4689-BD77-E863AF242D04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{80902871-5467-415E-8A7F-0FBC14CE5AAF}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe |
"{8132ECDD-BD30-4E30-83FF-DACEA64249B5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{8B718EAC-453F-4770-9A91-B722EDCB5229}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{8BD19A94-2866-4DB0-997C-BA8313179C68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90B29A8C-07D4-4FA8-B437-372618C0E054}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe |
"{95ACD2CD-8FBD-491F-B65E-93F7E61FC6A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A4D77DD2-7F25-4CDB-B66B-C2779EA49D70}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe |
"{A9461706-D7AA-451B-A0F0-35F0D8F86C3B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A9EA04DD-B6D9-49AF-84D0-34A21A9DC884}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{AD9F48D9-D24B-437B-8225-A71D72AB9D01}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{AF98AE5C-1802-4662-AB77-C4EAF0D40CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{BB3FDDCF-593C-4FED-8177-2CEBF9B876F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD89DF75-6603-4B1E-8B3B-18571CE447EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BF72DDE1-60A7-4EC6-9F75-2A09A053835E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C760398A-B8AF-4F00-A259-1CD29D9C6248}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{C8EA45EE-3F6D-4393-8033-EF756008536B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D15DB42D-7FFD-441B-9CEC-FAFBADEC5832}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{DC00E59C-509D-47EE-94E7-8D35DAB582AE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DCAA34C4-8967-42E4-9C78-E9956F3C99B8}" = protocol=6 | dir=in | app=e:\far cry 2\bin\farcry2.exe |
"{DCB87F33-6EC8-4205-8D96-4444FC969B3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E3C22EB4-9D0A-4100-B80F-1720117B69AF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{EE2F26C4-A33E-4F03-9FA8-B391F9652B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEA942E7-DD54-4CE3-9BF6-302536EED318}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{EEFB4877-B4D1-46A2-80CB-68D11A9A95BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F18CDE47-D147-4493-8719-911BC85815F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{F6B7F342-6C59-467F-93A9-4DD469789FAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7B31CA4-7E0F-4495-B49F-AADAF19AC1A9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FCC5FE58-F9BF-4219-9C75-AF67E4D16254}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe |
"{FDB0D687-F909-4780-88F0-871C9B48F49F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{073D0A6D-EA75-4A3D-999C-EFE9F9AE03BE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe |
"TCP Query User{08120891-AC55-4A3F-8B9A-7189CDB31059}E:\runes of magic\launcher.exe" = protocol=6 | dir=in | app=e:\runes of magic\launcher.exe |
"TCP Query User{0F5C36C0-7EE5-4213-BC9E-0A4C7E30463A}E:\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=e:\urbanterror\iourbanterror.exe |
"TCP Query User{1702350D-7D8E-49F4-BD9A-1481CBEC6825}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe |
"TCP Query User{1F5934C3-A05B-469D-A920-C93A55B72337}E:\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\runes of magic\client.exe |
"TCP Query User{2DD4A950-554B-41AC-9BE5-1C9CB737EE03}E:\age of empires 2\empires2.exe" = protocol=6 | dir=in | app=e:\age of empires 2\empires2.exe |
"TCP Query User{33AE62CA-5396-44C9-8DEE-C79E74321E4D}E:\njam\njam.exe" = protocol=6 | dir=in | app=e:\njam\njam.exe |
"TCP Query User{42355D16-A3D8-4F51-867C-4ECD1083F2F4}E:\mirc\mirc.exe" = protocol=6 | dir=in | app=e:\mirc\mirc.exe |
"TCP Query User{60F5A421-F134-494C-9412-D47E063047C9}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe |
"TCP Query User{7D5DB9CE-ABFE-4DDF-A061-08CB79AEB9CF}E:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\tmnationsforever\tmforever.exe |
"TCP Query User{967A166B-39B2-4214-B950-5B99F1604481}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{AC2CE038-B41C-4CFE-822D-AB7FB1D38E39}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C3DDD949-FC0A-434A-9C69-5147C5752836}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe |
"UDP Query User{0A856155-4C77-4DCF-BEC9-D28558A76A27}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{0B31C258-5707-421D-A622-702B6C248E48}E:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\tmnationsforever\tmforever.exe |
"UDP Query User{1EFF81D8-9DA8-4B64-968C-7E8EEC6943DE}E:\runes of magic\launcher.exe" = protocol=17 | dir=in | app=e:\runes of magic\launcher.exe |
"UDP Query User{2BD8ECDB-C61C-41D0-A08E-BB42CBDA032D}E:\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\runes of magic\client.exe |
"UDP Query User{2C29389C-B73A-4E2B-B303-79A30D00295D}E:\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=e:\urbanterror\iourbanterror.exe |
"UDP Query User{34CBF9A0-42B6-4A84-8F3A-CF5C9765C80B}E:\age of empires 2\empires2.exe" = protocol=17 | dir=in | app=e:\age of empires 2\empires2.exe |
"UDP Query User{58AE977F-B7DC-4C39-835D-56EB78482958}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{753EADA8-C870-408E-B86E-DF7B0DA963A7}E:\njam\njam.exe" = protocol=17 | dir=in | app=e:\njam\njam.exe |
"UDP Query User{9CE78EEB-CEBF-4F55-9179-B97C83428D8A}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe |
"UDP Query User{DE0C055B-D2C0-483F-B300-94D2EB7D1586}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe |
"UDP Query User{E0EB627E-59EE-48F3-A037-EDE088A9CFEE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe |
"UDP Query User{FDFE606C-9EA9-48A5-97BA-701C72E61D04}E:\mirc\mirc.exe" = protocol=17 | dir=in | app=e:\mirc\mirc.exe |
"UDP Query User{FEFAD096-12E3-4147-94AB-9DE82B585771}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Explorer Suite_is1" = Explorer Suite III
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05248BF9-6E23-4AF0-A1CB-C378F9D25524}" = SharpDevelop 4.1
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = Die Sims - Megastar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27A48664-BDDF-4AA3-8627-47CB8AC7D8A4}_is1" = Robokill
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"ASRock IES_is1" = ASRock IES v2.0.69
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.91
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Divine Divinity" = Divine Divinity
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"FreePascal_is1" = Free Pascal 2.6.0
"HyperCam 2" = HyperCam 2
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Jagged Alliance 2 Wildfire" = Jagged Alliance 2 Wildfire
"Jagged Alliance 2: Unfinished Business" = Jagged Alliance 2: Unfinished Business
"Little Fighter 2" = Little Fighter 2 1.9c
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"mIRC" = mIRC
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Njam_is1" = Njam 1.21
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.64.1403" = Opera 11.64
"Pangya" = Pangya (Ntreev SG Interactive)
"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood
"Secunia PSI" = Secunia PSI (3.0.0.0006)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"Urban Terror_is1" = Urban Terror 4.1
"VirtualCloneDrive" = VirtualCloneDrive
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 6.1
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
21.05.2012, 21:16
| #19 |
| /// Helfer-Team | Avira Fund EXP/2011-3544.CQ.1 Fixen mit OTL
Code:
ATTFilter :OTL
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - Extension: Babylon Translator = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
► sonst noch Probleme, oder alles im grünen Bereich?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
21.05.2012, 21:59
| #20 |
| | Avira Fund EXP/2011-3544.CQ.1 Hier der Fix Log: Code:
ATTFilter All processes killed
========== OTL ==========
File C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll not found.
C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Joel\Desktop\cmd.bat deleted successfully.
C:\Users\Joel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Joel
->Temp folder emptied: 61499 bytes
->Temporary Internet Files folder emptied: 7502267 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 383539569 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1818 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 373,00 mb
OTL by OldTimer - Version 3.2.43.0 log created on 05212012_225149
Files\Folders moved on Reboot...
C:\Users\Joel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Sollte ich wegen den Bluescreens falls weider welche auftauchen ein neues Thema eröffnen? Dann noch eine Frage, kennst du vielleicht ein Programm (kostenlos wäre gut) das die Aktuallität der Treiber überprüft? Und dann noch eine Frage wegen der Kompromittierung eines Systems, ist es da theoretisch auch möglich, dass man zwar keine Anzeichen hat und Virenscanner auch nichts finden, da das System sozusagen falsche Angaben macht, aber doch ein Virus auf dem PC vorhanden ist? Nochmal vielen Dank für deine Hilfe  |
|
22.05.2012, 11:17
| #21 | ||||
| /// Helfer-Team | Avira Fund EXP/2011-3544.CQ.1Zitat:
Zitat:
Zitat:
** Lass dein System in der nächste Zeit noch unter Beobachtung! 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Lesestoff Nr.1:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ --> Avira Fund EXP/2011-3544.CQ.1 Geändert von kira (22.05.2012 um 11:23 Uhr) |
|
27.05.2012, 11:03
| #22 |
| | Avira Fund EXP/2011-3544.CQ.1 Ich hatte jetzt wieder gesterrn 2 Bluescreens und heute auch einen. Soll ich diesen Thread weiterverwenden oder einen neuen deswegen aufmachen? |
|
27.05.2012, 20:33
| #23 |
| /// Helfer-Team | Avira Fund EXP/2011-3544.CQ.1 habe mal alle Logfiles nochmal angeschaut. Nun ja ...neben dem Hauptproblem Nr.1 (dass Du seit längere Zeit ohne SP1 unterwegs warst), liegt auch auf jeden Fall ein technisches Problem (auch) vor! Ich würde eine komplette Neuinstallation vorschlagen, da es ist eine optimale Lösung für die Fehlerbehebung alle Computer Probleme. Aus der Ferne, über das Internet nach Fehler zu suchen und zu beheben oft nicht möglich. Danach hat den großen Vorteil, wenn dein Rechner ohne Fehler läuft, dass Du auch einen Virenverdacht definitiv ausschließen kannst. Danach das SP1 nicht vergessen gleich aufspielen! Tipps & Hilfe: -> Anleitung: Neuaufsetzen des Systems + Absicherung -> Neuaufsetzen (Windows XP, Vista und Windows 7) - Anleitungen
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Avira Fund EXP/2011-3544.CQ.1 |
| .dll, administrator, appdata, autostart, avg, avira, blaster, datei, dateisystem, desktop, deutsch, entfernen, exp/2011-3544.cq.1, explorer, forum, free, google, heuristiks/extra, heuristiks/shuriken, modul, monitor.exe, namen, nt.dll, problem, programm, prozesse, pup.bundleoffer.downloader.s, pup.offerbundler.st, registry, shutdown, sound, trojan.agent.h, trojan.fakealert, verweise, windows |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen. 
Linear-Darstellung
