|
Log-Analyse und Auswertung: Aus sicherheitsgründen wurde ihr windowssystem blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.05.2012, 17:22 | #1 |
| Aus sicherheitsgründen wurde ihr windowssystem blockiert Ich öffnete heute eine angeblichen Auftragsbestättigung per e-mail. Leider funktionierte seither der PC nicht mehr! Hab schon etwas von OTL gelesen, habe aber wenig Ahnung! Bin jetzt im abgesicherten Modus und bitte um Eure Hilfe! Benutze Incredimail falls das intressant ist! Danke Euch im Voraus Bernhard Winkler .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 Run by Andrea&Berni at 20:05:08 on 2012-05-17 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.43.1031.18.4095.3422 [GMT 2:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=52f3f09900000000000000215d99bb44&tlver=1.4.19.19&affID=17160 uURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll uURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll mURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll mURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll mWinlogon: Userinit=userinit.exe, BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll TB: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll uRun: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c uRun: [<NO NAME>] uRun: [52F3F099] C:\Users\Andrea&Berni\AppData\Roaming\Ranlpo\4A47DF7A52F3F099E2E5.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Free YouTube Download - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to Mp3 Converter - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab TCP: DhcpNameServer = 10.0.0.138 TCP: Interfaces\{4E1D4AD8-C498-433B-9510-98736ACA0888} : DhcpNameServer = 10.0.0.138 TCP: Interfaces\{4E1D4AD8-C498-433B-9510-98736ACA0888}\052435D2833373235453 : DhcpNameServer = 10.0.0.138 TCP: Interfaces\{4E1D4AD8-C498-433B-9510-98736ACA0888}\14E64627F696461405 : DhcpNameServer = 192.168.43.1 TCP: Interfaces\{4E1D4AD8-C498-433B-9510-98736ACA0888}\4586F6D637F6E6033433837393 : DhcpNameServer = 10.0.0.138 10.0.0.138 TCP: Interfaces\{4E1D4AD8-C498-433B-9510-98736ACA0888}\465667F6C6F6D2030303243324445373037334 : DhcpNameServer = 10.0.0.138 TCP: Interfaces\{4E1D4AD8-C498-433B-9510-98736ACA0888}\6777073756D696E61627 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{ECB685C8-9C63-440C-AD9F-3DEB1F4B8D11} : DhcpNameServer = 10.0.0.138 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {0974BA1E-64EC-11DE-B2A5-E43756D89593} {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {2EECD738-5844-4a99-B4B6-146BF802613B} {64182481-4F71-486b-A045-B233BD0DA8FC} {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} {DBC80044-A445-435b-BC74-9C25C1C588A9} {0974BA1E-64EC-11DE-B2A5-E43756D89593} {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} {98889811-442D-49dd-99D7-DC866BE87DBC} mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ============= SERVICES / DRIVERS =============== . R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R3 MTsensor64;PU ACPI UTILITY;C:\Windows\system32\DRIVERS\PuAcpi64.sys --> C:\Windows\system32\DRIVERS\PuAcpi64.sys [?] R3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-12 661504] S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-8 86224] S2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-8 110032] S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-13 135952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DevoloNetworkService;devolo Network Service;C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-5 136176] S2 lxea_device;lxea_device;C:\Windows\system32\lxeacoms.exe -service --> C:\Windows\system32\lxeacoms.exe -service [?] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-17 654408] S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-9 2214504] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 257696] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?] S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?] S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-5 136176] S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-1-4 340240] S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\system32\DRIVERS\s1018bus.sys --> C:\Windows\system32\DRIVERS\s1018bus.sys [?] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1018mdfl.sys --> C:\Windows\system32\DRIVERS\s1018mdfl.sys [?] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1018mdm.sys --> C:\Windows\system32\DRIVERS\s1018mdm.sys [?] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1018mgmt.sys --> C:\Windows\system32\DRIVERS\s1018mgmt.sys [?] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1018nd5.sys --> C:\Windows\system32\DRIVERS\s1018nd5.sys [?] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1018obex.sys --> C:\Windows\system32\DRIVERS\s1018obex.sys [?] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1018unic.sys --> C:\Windows\system32\DRIVERS\s1018unic.sys [?] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-7-17 152064] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] . =============== Created Last 30 ================ . 2012-05-17 15:07:30 -------- d-----w- C:\Users\Andrea&Berni\AppData\Roaming\Malwarebytes 2012-05-17 15:07:23 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-17 15:07:23 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-17 15:07:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-17 09:57:22 -------- d-----w- C:\Users\Andrea&Berni\AppData\Roaming\Ranlpo 2012-05-11 18:54:39 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-11 18:54:38 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-11 18:54:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-11 18:54:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-11 18:54:34 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-11 18:54:34 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-11 18:53:18 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-11 18:53:17 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-11 18:53:11 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-11 18:53:11 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 18:53:10 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 18:53:10 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-11 18:53:10 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-08 07:53:36 -------- d-----w- C:\Users\Andrea&Berni\AppData\Roaming\Avira 2012-05-08 07:50:14 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2012-05-08 07:50:14 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys 2012-05-08 07:50:08 -------- d-----w- C:\ProgramData\Avira 2012-05-08 07:50:08 -------- d-----w- C:\Program Files (x86)\Avira 2012-05-08 07:41:02 -------- d-----w- C:\Users\Andrea&Berni\AppData\Local\Logishrd 2012-05-08 07:32:03 -------- d-----w- C:\Users\Andrea&Berni\AppData\Roaming\Logishrd 2012-05-08 07:29:48 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll 2012-05-08 07:29:48 676968 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2012-05-07 20:28:20 19572 ----a-w- C:\Windows\SysWow64\drivers\FNETDEVI.SYS 2012-05-07 20:28:20 -------- d-----w- C:\Program Files (x86)\FAT32 Format 2012-05-06 22:09:12 -------- d-----w- C:\Windows\SysWow64\RTCOM 2012-05-06 22:07:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-05-06 22:07:21 -------- d-----w- C:\Users\Andrea&Berni\AppData\Local\Hewlett-Packard 2012-05-06 21:59:56 -------- d-----w- C:\Users\Andrea&Berni\AppData\Roaming\Intel 2012-05-06 21:59:44 -------- d-----w- C:\Users\Andrea&Berni\Roaming 2012-05-06 21:59:36 15880 ----a-w- C:\Windows\System32\drivers\PuAcpi64.sys 2012-05-06 21:57:18 -------- d-----w- C:\Program Files\Common Files\Intel 2012-05-06 21:57:18 -------- d-----w- C:\Program Files (x86)\Cisco 2012-05-06 21:56:59 -------- d-----w- C:\ProgramData\Sony Corporation 2012-05-06 21:56:27 21504 ----a-w- C:\Windows\System32\drivers\PS2.sys 2012-05-06 21:55:01 67072 ----a-w- C:\Windows\System32\drivers\rimmpx64.sys 2012-05-06 21:55:01 57856 ----a-w- C:\Windows\System32\drivers\rixdpx64.sys 2012-05-06 21:55:01 54784 ----a-w- C:\Windows\System32\drivers\rimspx64.sys 2012-05-06 21:54:32 -------- d-----w- C:\DRIVERS 2012-05-05 15:31:14 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 17:30:23 -------- d-----w- C:\ProgramData\mquadr.at 2012-05-04 16:01:34 -------- d-----w- C:\Users\Andrea&Berni\AppData\Roaming\XLink Kai 2012-05-04 16:00:45 -------- d-----w- C:\Program Files (x86)\XLink Kai 2012-05-03 17:11:54 -------- d-----w- C:\games 2012-05-03 16:38:19 15920 ----a-w- C:\Windows\System32\drivers\NBVolUp.sys 2012-05-03 16:38:12 72240 ----a-w- C:\Windows\System32\drivers\NBVol.sys 2012-04-26 15:25:50 -------- d-----w- C:\Program Files (x86)\devolo 2012-04-25 07:09:09 -------- d-----w- C:\ProgramData\Lexmark S300-S400 Series 2012-04-22 10:46:56 -------- d-----w- C:\Program Files (x86)\Microsoft . ==================== Find3M ==================== . 2012-05-05 15:31:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 15:31:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-03-27 15:03:36 4015592 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys 2012-03-21 13:55:16 2886656 ----a-w- C:\Windows\System32\RCoRes64.dat 2012-03-20 08:47:20 3608680 ----a-w- C:\Windows\System32\RtkAPO64.dll 2012-03-19 17:01:20 102504 ----a-w- C:\Windows\System32\RCoInstII64.dll 2012-03-16 14:25:58 2670696 ----a-w- C:\Windows\System32\RtPgEx64.dll 2012-03-13 09:21:10 1251432 ----a-w- C:\Windows\System32\RTCOM64.dll 2012-03-08 09:47:24 108640 ----a-w- C:\Windows\System32\AERTAR64.dll 2012-03-08 09:47:08 202336 ----a-w- C:\Windows\System32\AERTAC64.dll 2012-03-07 09:09:28 824424 ----a-w- C:\Windows\System32\RtkApi64.dll 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-21 17:45:40 2605400 ----a-w- C:\Windows\System32\WavesGUILib.dll 2012-02-21 12:26:00 2528832 ----a-w- C:\Windows\System32\FMAPO64.dll . ============= FINISH: 20:06:22,95 =============== Code:
ATTFilter OTL Extras logfile created on: 17.05.2012 20:10:57 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Andrea&Berni\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 71,92% Memory free 8,00 Gb Paging File | 6,88 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,11 Gb Total Space | 19,79 Gb Free Space | 17,05% Space Free | Partition Type: NTFS Drive D: | 115,70 Gb Total Space | 64,76 Gb Free Space | 55,97% Space Free | Partition Type: NTFS Drive E: | 117,19 Gb Total Space | 41,04 Gb Free Space | 35,02% Space Free | Partition Type: NTFS Drive F: | 116,67 Gb Total Space | 105,54 Gb Free Space | 90,46% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Andrea&Berni | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [BIPA FotoShop] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [BIPA FotoShop] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{155011CC-2887-47D7-B82A-E82725C29D4D}" = lport=10243 | protocol=6 | dir=in | app=system | "{1930EBDA-91BB-4BDB-A1A4-4ED23E6315D8}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1D587989-CE9B-4EAB-80C4-CB0DEEA0BDCF}" = lport=2869 | protocol=6 | dir=in | app=system | "{1EF55C76-A79E-4134-9F55-8A21C743CBA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{293A1673-E91B-48D6-A7B3-01500F30BA29}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2BC47FB4-989B-4A1B-9954-D2E92E7CC281}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2CCDD46D-9DBC-4A0D-B5FF-6809A906EDDA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3243873A-B9CC-46AD-B20C-EDBBFABA28EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{336655F9-A805-4985-9E91-BDBDAC1F01D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{338E6891-78A2-47C5-9DCB-FEE0A2E1E07D}" = lport=2869 | protocol=6 | dir=in | app=system | "{3B986E31-1FB2-47C6-925B-B840D0E0F49D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3FEAA475-15A0-4EEF-A38D-1D37E117300C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{46BBE506-A44D-415D-BBB0-80CF5B7DE9DD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{48A53B49-340C-4C3B-8F59-BAD7CFDF2B20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4CC8C2C7-C987-421C-B794-3490B69EC94F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4E01786F-2FAE-4199-AB9C-49C98B568260}" = rport=139 | protocol=6 | dir=out | app=system | "{50156754-759B-4381-9E19-BF44E20620D6}" = lport=137 | protocol=17 | dir=in | app=system | "{566933D0-B880-4BB5-8FFD-6482856A6D40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{62C77B54-A342-49D4-AB7F-1CAB6CDE8F14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{646DEDA9-759D-4438-A2D6-42C6286B6C1C}" = lport=19376 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{71CF9747-C9C7-4FB5-9FE5-092E8D1D5D86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{73EB1C44-C3B7-4E99-98B3-B299CFDC63E6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{752D1340-A949-420C-8B5D-1A009CDE8FF2}" = lport=445 | protocol=6 | dir=in | app=system | "{8B1EB835-6A3D-477A-ACC8-42843B78FC0C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{92C0CCDB-AB30-4344-8291-900C51159C8A}" = rport=445 | protocol=6 | dir=out | app=system | "{945113BE-E881-466F-A7EC-9095E76D835E}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{A7294437-CEEB-4599-9D2A-DA1720CBA8B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B4CE6BC4-D51E-46A1-B8A8-5C1B7CB58040}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B99954CD-420C-4FA2-ACE4-360A1527213A}" = rport=2869 | protocol=6 | dir=out | app=system | "{BDD8B3B2-7FD7-4C5D-A272-C506F850A474}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C054589A-00B5-4969-954A-392C1AE40C1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C53481CB-F694-4070-AC94-1330A275F1F9}" = lport=139 | protocol=6 | dir=in | app=system | "{D3F7FDCA-98D8-4913-96D0-9E85109F87AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D4C50ED1-ADB6-4F2B-BD0A-CE1EC20F9ADF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D4E7E02C-86FD-4DB3-ACC7-6084C07D13C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D53FAE67-4B25-4C18-8027-F9C1079684C6}" = lport=138 | protocol=17 | dir=in | app=system | "{D5FB7222-997E-4EB9-B14C-3FF522C6C0BD}" = rport=10243 | protocol=6 | dir=out | app=system | "{E59DFB2A-1A26-4C4C-B39E-06F18DE0BBD2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{EB29C5F6-7B06-4F04-A9D5-59C9DC636B3D}" = rport=137 | protocol=17 | dir=out | app=system | "{ECEB22AF-0151-45CD-96A8-D90355E7AF4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ED279D7F-D699-4DB0-AFC3-C9D75C30DCD7}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CC6CDF-2FA8-4004-B20B-1C697F459D62}" = protocol=17 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "{028A9EA2-899A-4534-8353-1C2C84A6B6EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{028C396B-0274-4542-834A-2D6A9F567727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{02DE59B1-4CAD-47AE-8729-B1112668F1B5}" = dir=in | app=c:\windows\system32\lxeacoms.exe | "{039A663F-7E35-4655-8A3B-E21A0F050558}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0454CFA3-5AE2-4061-BEF3-AECFA9A24A72}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{059DF861-DAF8-4397-97F9-45633B71152F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0631A06E-0C2C-4BB3-8E00-B432821C3657}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0E3461C6-B8DF-4DF4-AEF7-FD4304C6FEC0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{1876B6E1-BF21-4811-92EE-26AE8DAE45B3}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{195764E3-6010-4F60-9779-25FDBD5D56E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1AB6A2FB-05B5-4E94-97B2-015177007BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{1FECC8AE-EEB8-4618-9519-228738E7A0A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{2115B39A-B3F8-4E49-A23C-92544BDFF9E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{2632BCD6-2365-4D72-9BC8-ECADC39C290C}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{264DD277-0875-4456-9A67-91587D2344E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{35367EB0-47BE-41FC-8DE8-CD0169A0F71C}" = protocol=6 | dir=in | app=f:\anno 2070 demo exe\initengine.exe | "{358AC1DC-B220-45EB-B0B5-8578611707A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{412C9D39-FCA5-41D7-8BCF-6C68DC655CEE}" = protocol=17 | dir=in | app=f:\anno 2070 demo exe\anno5.exe | "{46F43629-3CFE-4EA9-9996-8AC5D0FDE058}" = protocol=6 | dir=in | app=f:\anno 2070 demo exe\anno5.exe | "{4AEB1B55-E024-4A2A-BCE3-F6C82A9A659B}" = protocol=17 | dir=in | app=f:\anno 2070 demo exe\initengine.exe | "{501EA6F7-842F-4705-9E5E-57F611F6382D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{51ECBECB-2ACE-4889-AD0F-CF70DB85E398}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{529854F3-2AAF-4443-87E6-CFE0006F5583}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{549B7F1A-AC81-4CE4-83D9-83D89E726367}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5A86FBDE-74B1-4820-B2C2-F34203440959}" = dir=in | app=c:\windows\system32\lxeacoms.exe | "{5F5DFB41-6141-4F49-A207-A498989BF842}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{607B68D3-4138-41A2-A4F0-5B5A52CC3CBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{61621A2D-54B0-46ED-B004-0D0204CAEC30}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6DF071B0-1763-4FF4-88B0-266BBA041FBB}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{741BF52B-6453-43A7-A913-73C890AB4917}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{7B4AA296-4826-41ED-9F33-331D8343A3D9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{7C638378-1108-40FC-9BD6-779A0EB49DCD}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{87E013BE-694E-4B4D-9937-A67DE7FEE9BB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{88E0C3B3-5E77-4509-B0E8-EC9EE7089DA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8A7414BA-4870-4B54-BF0D-A5CFF5055BCC}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{8B64EB42-D62A-4312-8CE4-56897878C290}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{91C73D1B-6F1C-4157-87D4-99FCD8807D4A}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{95ECB32F-30D7-4247-A9FE-7082AC751D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{99476265-69B4-4545-9B6F-36CEC4DDF4BD}" = protocol=6 | dir=out | app=system | "{9BF047CD-F146-44FC-9DC0-6FE82CB01343}" = protocol=17 | dir=in | app=c:\users\andrea&berni\desktop\a1modemkonfigurator.exe | "{9E36EA5C-52F9-4C5F-A7D7-6BB6A6BA0071}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{9FD43A6E-A3D6-4BC1-A0F0-B7C152194B94}" = protocol=6 | dir=in | app=c:\users\andrea&berni\desktop\a1modemkonfigurator.exe | "{A1443541-10CA-4A88-BA0E-A81AB4164826}" = protocol=6 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "{A319FFCB-6A11-4FC4-A52D-C3AB2D77FC49}" = dir=in | app=c:\windows\system32\lxeacoms.exe | "{A461DD17-1ECC-4DAE-8C06-94648C959C1A}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{A53572E0-409C-4EC9-8793-B2A4BE8BE7B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A6796CDB-107D-4011-B150-4F30C3D46209}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A84ABC1B-353B-404F-9D36-D8E117B55345}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{AFD42B3F-9309-40FB-8A71-49003F8413CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B0404E99-2F03-405D-98A0-9452CFABBD46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B33DDF92-E163-44A4-B98C-C15D691BC782}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B689FE4F-A197-470B-A8C5-3BE71F0BE0BD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B6F9323A-1353-4648-984F-28E1DC75C9CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B9A33761-AD86-45D7-A1B6-3AD4B77A22E7}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{BBC829B1-7F2A-426E-B9F5-C8E477041664}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{CECCE5E2-159E-47DD-AA29-FB666269D48A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D7DBD1CD-3BC5-4F70-9751-3A9215DBCBA4}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{DB5A2273-C3D5-4CD9-86BA-A066C2D9EDAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DD5208F1-9F9A-4006-99AC-EAE6A2B624A1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{F4D189DE-0740-458C-851F-249851AF1C8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FB25DB24-F0D4-45A2-9A89-0CA9515184B1}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "TCP Query User{1C43E418-A58F-4F8B-8C90-C36C8E2F7746}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{655D9CD5-5163-4BA6-A70C-DBA05B2E7518}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{72BC0BA7-0691-4009-AF46-FDA624F90BD0}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{AB12B776-500C-4D35-AE02-973C1D08767E}E:\anno 2070\files\targetdir\autopatcher.exe" = protocol=6 | dir=in | app=e:\anno 2070\files\targetdir\autopatcher.exe | "TCP Query User{BA3DBDC0-92EB-48A1-B581-E5E8ECA1C488}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "TCP Query User{C5B25185-B515-468A-BE52-6BD705D90DD3}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{D6FAC446-C82D-483C-B20C-C215D7282E59}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{F69FEE2D-FB5A-4641-9E36-48170508C80D}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "UDP Query User{345239C9-3903-4AD9-894C-E8358F81CEB0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{34831F3A-B001-49D0-9A83-B378D89F0547}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "UDP Query User{3F1C4C57-CCA4-47D1-B63D-7ACCACDF70D0}E:\anno 2070\files\targetdir\autopatcher.exe" = protocol=17 | dir=in | app=e:\anno 2070\files\targetdir\autopatcher.exe | "UDP Query User{89F71698-6CDA-40E5-865D-1AC7D7ABC87A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "UDP Query User{A5DE0216-3D39-43E6-82A5-709C525C56BD}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{A7A5A27B-AA34-48DC-A1C8-CA686F49963E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{C67D5DEA-3F73-4646-959E-CE7654CF06C2}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "UDP Query User{FF7A6B2D-EBC9-4939-9B37-8A5A1D5BA7CF}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{399C855A-6384-4C5D-A2C4-8C55B2C36E33}" = AuthenTec TrueSuite "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud "{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{E7DC06A3-8516-4929-B712-80987AFFFB57}" = Intel(R) PROSet/Wireless WiFi-Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Lexmark S300-S400 Series" = Lexmark S300-S400 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "ProInst" = Intel PROSet Wireless "sp6" = Logitech SetPoint 6.32 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11 "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20F5F93B-9A27-4508-87B0-BFD7494FBEC4}" = AuthenTec WinBio FingerPrint Software "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29 "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04 "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3D035310-3D86-4537-93B5-D390A6CF1778}" = ANNO 2070 DEMO "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3ec366ce-424e-481e-a960-162c8fdce12f}" = Nero 9 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Ultra Edition "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = welcome "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57BC1FEB-421D-469C-B07B-C8095596A224}" = XLink Kai "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02 "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5CB79EE7-301F-4AE7-A76D-D27BF8942E0A}" = Nero 11 "{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D85149E-D7A0-4920-BEBF-B6CEDFED8D1E}" = MAGIX USB-Videowandler 2 "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C4E03BC-974B-45ED-A0FB-E369E83C45DA}" = MAGIX Video easy Retten Sie Ihre Videokassetten! Edition "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{D5B46D30-F054-4C64-9C0F-97C8451E7D04}" = BtwMfcMM "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.192 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "1917 - Der Aufstand_is1" = 1917 - Der Aufstand 1.04 "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe AIR" = Adobe AIR "Avira AntiVir Desktop" = Avira Free Antivirus "AVS Media Player_is1" = AVS Media Player 3.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "BabylonToolbar" = Babylon toolbar "BearShare" = BearShare "BearShare MediaBar" = MediaBar "BIPA FotoShop" = BIPA FotoShop "BitTorrent" = BitTorrent "Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit "dlancockpit" = devolo dLAN Cockpit "DriverFinder" = DriverFinder "ETKA" = ETKA "facemoods" = Facemoods Toolbar "FAT32 Format" = FAT32 Format "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Audio Dub_is1" = Free Audio Dub version 1.7 "Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221 "IncrediMail" = IncrediMail 2.0 "IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IsoBuster_is1" = IsoBuster 1.9 "MAGIX_MSI_Video_easy_3_RYVT" = MAGIX Video easy Retten Sie Ihre Videokassetten! Edition "MainApp.exe_is1" = CloneDVD 4.1.0.23 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MyTomTom" = MyTomTom 3.1.0.530 "Nokia PC Suite" = Nokia PC Suite "Nokia Suite" = Nokia Suite "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OnlineFotoservice" = OnlineFotoservice "PhotoMail" = PhotoMail Maker "ProInst" = Intel PROSet Wireless "softonic-de3 Toolbar" = softonic-de3 Toolbar "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.7 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "FoxTab Video Converter" = FoxTab Video Converter "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.05.2012 14:34:33 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1311 Error - 15.05.2012 05:39:55 | Computer Name = Laptop | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1784 Startzeit: 01cd327e1d66e09e Endzeit: 220 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 17.05.2012 06:33:28 | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ctfmon.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc292 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002eb57 ID des fehlerhaften Prozesses: 0x2e2c Startzeit der fehlerhaften Anwendung: 0x01cd34137122c327 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\ctfmon.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: bce7a078-a00b-11e1-815e-002243c51624 Error - 17.05.2012 06:44:49 | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: IncMail.exe, Version: 6.2.9.5006, Zeitstempel: 0x4df9a500 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc015000f Fehleroffset: 0x00084621 ID des fehlerhaften Prozesses: 0xebc Startzeit der fehlerhaften Anwendung: 0x01cd3419bcdf3a74 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 52b96c03-a00d-11e1-af2a-002243c51624 Error - 17.05.2012 08:48:43 | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ctfmon.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc292 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002deef ID des fehlerhaften Prozesses: 0xcf0 Startzeit der fehlerhaften Anwendung: 0x01cd342a9b50a58a Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\ctfmon.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: a2226eab-a01e-11e1-aa86-002243c51624 Error - 17.05.2012 09:35:47 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 17.05.2012 09:35:47 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 10281 Error - 17.05.2012 09:35:47 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10281 Error - 17.05.2012 12:03:22 | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ctfmon.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc292 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002deeb ID des fehlerhaften Prozesses: 0xe68 Startzeit der fehlerhaften Anwendung: 0x01cd34465b7cc6e3 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\ctfmon.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d32add04-a039-11e1-a1b6-002243c51624 Error - 17.05.2012 13:48:09 | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ctfmon.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc292 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002dee0 ID des fehlerhaften Prozesses: 0x5a0 Startzeit der fehlerhaften Anwendung: 0x01cd3454f8de16c4 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\ctfmon.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 76a51756-a048-11e1-801d-002243c51624 [ Media Center Events ] Error - 24.08.2011 05:41:35 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 11:41:35 - Fehler beim Herstellen der Internetverbindung. 11:41:35 - Serververbindung konnte nicht hergestellt werden.. Error - 24.08.2011 05:41:41 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 11:41:40 - Fehler beim Herstellen der Internetverbindung. 11:41:40 - Serververbindung konnte nicht hergestellt werden.. Error - 26.08.2011 22:57:50 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 04:57:50 - Fehler beim Herstellen der Internetverbindung. 04:57:50 - Serververbindung konnte nicht hergestellt werden.. Error - 26.08.2011 22:58:23 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 04:57:55 - Fehler beim Herstellen der Internetverbindung. 04:57:55 - Serververbindung konnte nicht hergestellt werden.. Error - 10.10.2011 00:44:10 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 06:44:07 - Fehler beim Herstellen der Internetverbindung. 06:44:08 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2011 21:57:09 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 03:57:08 - Fehler beim Herstellen der Internetverbindung. 03:57:08 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2011 22:57:14 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 04:57:13 - Fehler beim Herstellen der Internetverbindung. 04:57:13 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2011 23:57:18 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 05:57:18 - Fehler beim Herstellen der Internetverbindung. 05:57:18 - Serververbindung konnte nicht hergestellt werden.. Error - 20.10.2011 00:57:23 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 06:57:23 - Fehler beim Herstellen der Internetverbindung. 06:57:23 - Serververbindung konnte nicht hergestellt werden.. Error - 24.10.2011 21:48:48 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 03:48:47 - Fehler beim Herstellen der Internetverbindung. 03:48:47 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 06.11.2011 12:00:18 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 06.11.2011 12:00:19 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 06.11.2011 12:00:20 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 07.11.2011 15:42:25 | Computer Name = Laptop | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 09.11.2011 12:23:43 | Computer Name = Laptop | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.1 mit dem Computer mit der Netzwerkhardwareadresse 00-30-05-2D-86-92 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error - 09.11.2011 15:06:51 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 09.11.2011 15:06:51 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 09.11.2011 15:06:52 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 09.11.2011 15:06:52 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 12.11.2011 11:36:25 | Computer Name = Laptop | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. < End of report > |
18.05.2012, 07:39 | #2 | ||||
/// Helfer-Team | Aus sicherheitsgründen wurde ihr windowssystem blockiert Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Falls Du mit dem PC im "normalen Modus" nichts arbeiten kannst (wie z.B Programme herunterladen etc), versuche es bitte im abgesicherten Modus: ➔ Drücke beim Hochfahren des Rechners mehrfach die Taste [F8] solange, bis Du eine Auswahlmöglichkeit hast und versuche die hier empfohlenen Programme herunterladen erscheint ein schwarzer "Auswahlbildschirm", wo Du hier Abgesicherter Modus mit Netzwerktreibern auswählen sollst! 2. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
3. Boote neu und schaue nach, ob Du schon im normalen Modus arbeiten kannst? wenn ja, so geht es weiter: 4. das Malwarebytes nochmal updaten-> erneut einen Vollscan machen-> Ergebnis posten 5. Hast Du OTL falsch installiert: OTL muss auf dem Desktop gespechert werden! Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll! also entfernen und erneut herunterladen: -> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Nach installation in der Log-Datei soll etwa so aussehen: Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
7. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
18.05.2012, 21:12 | #3 |
| Aus sicherheitsgründen wurde ihr windowssystem blockiert Sorry hatt ein bisschen gedauert, musste ins Krankenhaus....
__________________Danke für deine Hilfe Gruß Bernhard Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.18.01 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Andrea&Berni :: LAPTOP [Administrator] Schutz: Deaktiviert 18.05.2012 09:27:16 mbam-log-2012-05-18 (09-27-16).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 504678 Laufzeit: 1 Stunde(n), 22 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|52F3F099 (Trojan.Agent.RNSGen) -> Daten: C:\Users\Andrea&Berni\AppData\Roaming\Ranlpo\4A47DF7A52F3F099E2E5.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\WGASetup.exe (Hacktool.WPA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\cmdow.exe (PUP.Tool) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Andrea&Berni\AppData\Roaming\Ranlpo\4A47DF7A52F3F099E2E5.exe (Trojan.Agent.RNSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 18.05.2012 22:21:58 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Andrea&Berni\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,46% Memory free 8,00 Gb Paging File | 6,17 Gb Available in Paging File | 77,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,11 Gb Total Space | 18,93 Gb Free Space | 16,30% Space Free | Partition Type: NTFS Drive D: | 115,70 Gb Total Space | 64,76 Gb Free Space | 55,97% Space Free | Partition Type: NTFS Drive E: | 117,19 Gb Total Space | 41,04 Gb Free Space | 35,02% Space Free | Partition Type: NTFS Drive F: | 116,67 Gb Total Space | 105,54 Gb Free Space | 90,46% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Andrea&Berni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andrea&Berni\Desktop\OTL.exe (OldTimer Tools) PRC - C:\program files (x86)\avira\antivir desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll () MOD - C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll () MOD - C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll () MOD - C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll () MOD - C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll () MOD - C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll () MOD - C:\Users\ANDREA~1\AppData\Local\Google\Chrome\APPLIC~1\190108~1.46\gcswf32.dll () MOD - C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll () MOD - C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\pmc.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( ) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (DevoloNetworkService) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG) SRV - (lxea_device) -- C:\Windows\SysWOW64\lxeacoms.exe ( ) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.) DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor64) -- C:\Windows\SysNative\drivers\PuAcpi64.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\drivers\s1018mdm.sys (MCCI Corporation) DRV:64bit: - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1018unic.sys (MCCI Corporation) DRV:64bit: - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1018mgmt.sys (MCCI Corporation) DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\drivers\s1018obex.sys (MCCI Corporation) DRV:64bit: - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\SysNative\drivers\s1018bus.sys (MCCI Corporation) DRV:64bit: - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1018nd5.sys (MCCI Corporation) DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\drivers\s1018mdfl.sys (MCCI Corporation) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (FNETDEVI) -- C:\Windows\SysWOW64\drivers\FNETDEVI.SYS (FNet Co., Ltd.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=52f3f09900000000000000215d99bb44&tlver=1.4.19.19&affID=17160 IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 64 26 A1 EC 5F CB 01 [binary data] IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=52f3f09900000000000000215d99bb44&tlver=1.4.19.19&affID=17160 IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKCU\..\SearchScopes\{A9C9B17F-9CE9-4E85-BCB2-B25579A01B0E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=4E9DB2F7-5503-4CF6-A116-A085A60EC650&apn_sauid=BE6A04A3-BC1C-4F13-9CA4-D81DF9F836E8 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box&a=6R7MGeu975 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrea&Berni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrea&Berni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andrea&Berni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.21 18:32:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.21 18:32:06 | 000,000,000 | ---D | M] [2011.06.19 16:56:36 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.03.24 20:45:06 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Babylon Translator = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\ CHR - Extension: Facemoods = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E1D4AD8-C498-433B-9510-98736ACA0888}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECB685C8-9C63-440C-AD9F-3DEB1F4B8D11}: DhcpNameServer = 169.254.0.1 169.254.0.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c2d5c9a2-e42a-11e0-8ce8-002243c51624}\Shell - "" = AutoRun O33 - MountPoints2\{c2d5c9a2-e42a-11e0-8ce8-002243c51624}\Shell\AutoRun\command - "" = H:\PcOptions.exe O33 - MountPoints2\{da524262-234d-11e0-8660-00248c7314ef}\Shell - "" = AutoRun O33 - MountPoints2\{da524262-234d-11e0-8660-00248c7314ef}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.18 09:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.05.18 09:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.18 09:30:23 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Andrea&Berni\Desktop\OTL.exe [2012.05.18 09:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.18 09:22:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.18 07:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.17 17:07:30 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Malwarebytes [2012.05.17 17:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.17 17:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.17 11:57:22 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Ranlpo [2012.05.11 20:54:39 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.11 20:54:37 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.11 20:54:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.11 20:54:34 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.08 10:05:07 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Desktop\FANTEC LD-H35NU2-2 Upgrade Firmware-v48 [2012.05.08 09:53:36 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Avira [2012.05.08 09:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.08 09:50:14 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.08 09:50:14 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.08 09:50:14 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.05.08 09:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.08 09:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.05.08 09:41:02 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Local\Logishrd [2012.05.08 09:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2012.05.08 09:33:23 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Leadertech [2012.05.08 09:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2012.05.08 09:32:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2012.05.08 09:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.05.08 09:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2012.05.08 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2012.05.08 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Logitech [2012.05.08 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Logishrd [2012.05.08 09:29:48 | 000,676,968 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2012.05.08 09:29:48 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll [2012.05.07 22:28:20 | 000,019,572 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysWow64\drivers\FNETDEVI.SYS [2012.05.07 22:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FAT32 Format [2012.05.07 22:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FAT32 Format [2012.05.07 00:09:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.05.07 00:08:38 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.05.07 00:08:38 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll [2012.05.07 00:08:38 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll [2012.05.07 00:08:38 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.05.07 00:08:38 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.05.07 00:08:38 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.05.07 00:08:38 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.05.07 00:08:38 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll [2012.05.07 00:08:38 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll [2012.05.07 00:08:36 | 002,670,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2012.05.07 00:08:36 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2012.05.07 00:08:36 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2012.05.07 00:08:36 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2012.05.07 00:08:36 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2012.05.07 00:08:36 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2012.05.07 00:08:36 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2012.05.07 00:08:36 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.05.07 00:08:34 | 003,608,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2012.05.07 00:08:34 | 000,824,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2012.05.07 00:08:34 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.05.07 00:08:34 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.05.07 00:08:34 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2012.05.07 00:08:34 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.05.07 00:08:34 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.05.07 00:08:34 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2012.05.07 00:08:33 | 002,886,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2012.05.07 00:08:33 | 001,251,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2012.05.07 00:08:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.05.07 00:08:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.05.07 00:08:33 | 000,102,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2012.05.07 00:08:31 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012.05.07 00:08:31 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012.05.07 00:08:31 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012.05.07 00:08:30 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012.05.07 00:08:30 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012.05.07 00:08:30 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012.05.07 00:08:29 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2012.05.07 00:08:28 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012.05.07 00:08:28 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.05.07 00:08:27 | 000,978,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2012.05.07 00:08:27 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012.05.07 00:08:26 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2012.05.07 00:08:26 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.05.07 00:08:15 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.05.07 00:08:14 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.05.07 00:08:14 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2012.05.07 00:08:14 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2012.05.07 00:08:14 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2012.05.07 00:08:13 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012.05.07 00:08:12 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.05.07 00:08:12 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.05.07 00:08:12 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.05.07 00:08:12 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.05.07 00:08:11 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.05.07 00:08:11 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.05.07 00:08:11 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.05.07 00:08:11 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.05.07 00:08:11 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012.05.07 00:08:10 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.05.07 00:08:08 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2012.05.07 00:08:08 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2012.05.07 00:07:21 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Local\Hewlett-Packard [2012.05.06 23:59:56 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Intel [2012.05.06 23:59:44 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Roaming [2012.05.06 23:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2012.05.06 23:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2012.05.06 23:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2012.05.06 23:55:01 | 000,067,072 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimmpx64.sys [2012.05.06 23:55:01 | 000,057,856 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rixdpx64.sys [2012.05.06 23:55:01 | 000,054,784 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimspx64.sys [2012.05.06 23:54:32 | 000,000,000 | ---D | C] -- C:\DRIVERS [2012.05.05 17:31:14 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.05.04 19:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at [2012.05.04 18:01:34 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\XLink Kai [2012.05.04 18:00:46 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLink Kai [2012.05.04 18:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XLink Kai [2012.05.04 17:17:18 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Desktop\Xbox [2012.05.03 19:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1917 - Der Aufstand [2012.05.03 19:11:54 | 000,000,000 | ---D | C] -- C:\games [2012.05.03 18:38:19 | 000,015,920 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVolUp.sys [2012.05.03 18:38:12 | 000,072,240 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVol.sys [2012.04.30 09:59:31 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Desktop\Einladungen Gutscheine [2012.04.26 17:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo [2012.04.26 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.04.26 17:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\devolo [2012.04.25 09:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark S300-S400 Series [2012.04.22 12:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.04.22 12:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2011.08.09 16:28:08 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\Andrea&Berni\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.18 22:21:50 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.18 22:21:50 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.18 22:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.18 22:20:40 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.18 22:20:40 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.18 22:20:40 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.18 22:20:40 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.18 22:20:39 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.18 22:14:31 | 000,000,430 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.05.18 22:14:27 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.18 22:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.18 09:50:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.18 09:30:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea&Berni\Desktop\OTL.exe [2012.05.18 09:22:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.17 20:04:15 | 000,000,000 | ---- | M] () -- C:\Users\Andrea&Berni\defogger_reenable [2012.05.17 14:57:06 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.17 14:43:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183819916-2779571043-2576572107-1001UA.job [2012.05.17 10:43:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183819916-2779571043-2576572107-1001Core.job [2012.05.17 09:12:15 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk [2012.05.13 14:10:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.05.13 11:04:16 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.05.12 08:38:58 | 000,288,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.11 20:56:03 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.11 20:56:02 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.08 13:17:29 | 000,222,291 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf [2012.05.08 12:55:08 | 000,004,759 | ---- | M] () -- C:\WirelessDiagLog.csv [2012.05.08 09:50:35 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.07 22:28:27 | 000,019,572 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysWow64\drivers\FNETDEVI.SYS [2012.05.07 22:21:02 | 000,000,000 | -H-- | M] () -- C:\Users\Andrea&Berni\Documents\jyoEjQuOQQOttUssdseT [2012.05.06 23:59:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf [2012.05.06 23:57:23 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2012.05.05 17:31:21 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.05 17:31:21 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.05 17:31:14 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.05.03 19:16:45 | 000,000,734 | ---- | M] () -- C:\Users\Andrea&Berni\Desktop\1917 - Der Aufstand.lnk [2012.05.03 18:50:07 | 000,002,797 | ---- | M] () -- C:\Users\Public\Desktop\Nero Video 11.lnk [2012.05.03 18:49:04 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012.05.03 18:47:23 | 000,002,783 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk [2012.05.03 18:47:03 | 000,002,881 | ---- | M] () -- C:\Users\Public\Desktop\Nero 11.lnk [2012.05.03 18:46:19 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.18 09:50:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.18 09:22:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.17 20:04:15 | 000,000,000 | ---- | C] () -- C:\Users\Andrea&Berni\defogger_reenable [2012.05.17 09:12:15 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk [2012.05.13 14:10:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.05.08 12:54:37 | 000,004,759 | ---- | C] () -- C:\WirelessDiagLog.csv [2012.05.08 09:50:35 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.07 22:21:02 | 000,000,000 | -H-- | C] () -- C:\Users\Andrea&Berni\Documents\jyoEjQuOQQOttUssdseT [2012.05.07 00:08:33 | 000,272,629 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.05.06 23:59:36 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\drivers\PuAcpi64.sys [2012.05.06 23:59:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf [2012.05.06 23:57:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.06 23:56:27 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\drivers\PS2.sys [2012.05.03 19:16:45 | 000,000,734 | ---- | C] () -- C:\Users\Andrea&Berni\Desktop\1917 - Der Aufstand.lnk [2012.05.03 18:50:07 | 000,002,797 | ---- | C] () -- C:\Users\Public\Desktop\Nero Video 11.lnk [2012.05.03 18:49:04 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012.05.03 18:47:23 | 000,002,783 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk [2012.05.03 18:47:03 | 000,002,881 | ---- | C] () -- C:\Users\Public\Desktop\Nero 11.lnk [2012.05.03 18:46:19 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk [2012.04.11 13:24:24 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll [2012.04.11 13:24:24 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll [2012.04.11 13:24:24 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll [2012.04.11 13:24:24 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll [2012.04.11 13:24:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll [2012.04.11 13:24:24 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe [2012.04.11 13:24:24 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll [2012.04.11 13:24:24 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe [2012.04.11 13:24:24 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll [2012.04.11 13:24:24 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll [2012.04.11 13:24:24 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll [2012.04.11 13:24:24 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll [2012.04.11 13:24:24 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll [2012.04.11 13:24:24 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe [2012.04.11 13:24:24 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll [2012.04.11 13:24:24 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll [2012.04.11 13:24:24 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll [2012.04.11 13:24:24 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll [2012.04.11 13:24:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll [2012.04.11 13:24:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll [2012.04.11 13:24:24 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.08.10 14:24:10 | 000,000,000 | ---- | C] () -- C:\Users\Andrea&Berni\AppData\Roaming\GdsrvvgQrNJjooqLAAEsX [2011.08.10 14:24:10 | 000,000,000 | ---- | C] () -- C:\Users\Andrea&Berni\AppData\Roaming\fdvExujsgqTNjp [2011.08.09 16:28:57 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll [2011.08.09 16:28:08 | 000,001,167 | ---- | C] () -- C:\Users\Andrea&Berni\AppData\Roaming\pcouffin.inf [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.05.05 20:32:27 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.02.28 23:30:53 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe [2011.02.28 23:29:05 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini [2010.10.08 22:18:03 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.10.08 22:18:03 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.10.05 17:56:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.03 19:57:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.29 19:09:04 | 000,029,696 | ---- | C] () -- C:\Users\Andrea&Berni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini < End of report > Install Datei vom CCleaner als Anhang... Geändert von Winkitdi (18.05.2012 um 21:30 Uhr) |
18.05.2012, 21:36 | #4 |
| Aus sicherheitsgründen wurde ihr windowssystem blockiert Musste leider neu posten hatte zuviel zeichensätze..... Code:
ATTFilter OTL Extras logfile created on: 18.05.2012 22:21:58 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Andrea&Berni\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,46% Memory free 8,00 Gb Paging File | 6,17 Gb Available in Paging File | 77,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,11 Gb Total Space | 18,93 Gb Free Space | 16,30% Space Free | Partition Type: NTFS Drive D: | 115,70 Gb Total Space | 64,76 Gb Free Space | 55,97% Space Free | Partition Type: NTFS Drive E: | 117,19 Gb Total Space | 41,04 Gb Free Space | 35,02% Space Free | Partition Type: NTFS Drive F: | 116,67 Gb Total Space | 105,54 Gb Free Space | 90,46% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Andrea&Berni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [BIPA FotoShop] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [BIPA FotoShop] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{155011CC-2887-47D7-B82A-E82725C29D4D}" = lport=10243 | protocol=6 | dir=in | app=system | "{1930EBDA-91BB-4BDB-A1A4-4ED23E6315D8}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1D587989-CE9B-4EAB-80C4-CB0DEEA0BDCF}" = lport=2869 | protocol=6 | dir=in | app=system | "{1EF55C76-A79E-4134-9F55-8A21C743CBA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{293A1673-E91B-48D6-A7B3-01500F30BA29}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2BC47FB4-989B-4A1B-9954-D2E92E7CC281}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2CCDD46D-9DBC-4A0D-B5FF-6809A906EDDA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3243873A-B9CC-46AD-B20C-EDBBFABA28EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{336655F9-A805-4985-9E91-BDBDAC1F01D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{338E6891-78A2-47C5-9DCB-FEE0A2E1E07D}" = lport=2869 | protocol=6 | dir=in | app=system | "{3B986E31-1FB2-47C6-925B-B840D0E0F49D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3FEAA475-15A0-4EEF-A38D-1D37E117300C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{46BBE506-A44D-415D-BBB0-80CF5B7DE9DD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{48A53B49-340C-4C3B-8F59-BAD7CFDF2B20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4CC8C2C7-C987-421C-B794-3490B69EC94F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4E01786F-2FAE-4199-AB9C-49C98B568260}" = rport=139 | protocol=6 | dir=out | app=system | "{50156754-759B-4381-9E19-BF44E20620D6}" = lport=137 | protocol=17 | dir=in | app=system | "{566933D0-B880-4BB5-8FFD-6482856A6D40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{62C77B54-A342-49D4-AB7F-1CAB6CDE8F14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{646DEDA9-759D-4438-A2D6-42C6286B6C1C}" = lport=19376 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{71CF9747-C9C7-4FB5-9FE5-092E8D1D5D86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{73EB1C44-C3B7-4E99-98B3-B299CFDC63E6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{752D1340-A949-420C-8B5D-1A009CDE8FF2}" = lport=445 | protocol=6 | dir=in | app=system | "{8B1EB835-6A3D-477A-ACC8-42843B78FC0C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{92C0CCDB-AB30-4344-8291-900C51159C8A}" = rport=445 | protocol=6 | dir=out | app=system | "{945113BE-E881-466F-A7EC-9095E76D835E}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{A7294437-CEEB-4599-9D2A-DA1720CBA8B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B4CE6BC4-D51E-46A1-B8A8-5C1B7CB58040}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B99954CD-420C-4FA2-ACE4-360A1527213A}" = rport=2869 | protocol=6 | dir=out | app=system | "{BDD8B3B2-7FD7-4C5D-A272-C506F850A474}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C054589A-00B5-4969-954A-392C1AE40C1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C53481CB-F694-4070-AC94-1330A275F1F9}" = lport=139 | protocol=6 | dir=in | app=system | "{D3F7FDCA-98D8-4913-96D0-9E85109F87AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D4C50ED1-ADB6-4F2B-BD0A-CE1EC20F9ADF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D4E7E02C-86FD-4DB3-ACC7-6084C07D13C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D53FAE67-4B25-4C18-8027-F9C1079684C6}" = lport=138 | protocol=17 | dir=in | app=system | "{D5FB7222-997E-4EB9-B14C-3FF522C6C0BD}" = rport=10243 | protocol=6 | dir=out | app=system | "{E59DFB2A-1A26-4C4C-B39E-06F18DE0BBD2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{EB29C5F6-7B06-4F04-A9D5-59C9DC636B3D}" = rport=137 | protocol=17 | dir=out | app=system | "{ECEB22AF-0151-45CD-96A8-D90355E7AF4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ED279D7F-D699-4DB0-AFC3-C9D75C30DCD7}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CC6CDF-2FA8-4004-B20B-1C697F459D62}" = protocol=17 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "{028A9EA2-899A-4534-8353-1C2C84A6B6EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{028C396B-0274-4542-834A-2D6A9F567727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{02DE59B1-4CAD-47AE-8729-B1112668F1B5}" = dir=in | app=c:\windows\system32\lxeacoms.exe | "{039A663F-7E35-4655-8A3B-E21A0F050558}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0454CFA3-5AE2-4061-BEF3-AECFA9A24A72}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{059DF861-DAF8-4397-97F9-45633B71152F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0631A06E-0C2C-4BB3-8E00-B432821C3657}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0E3461C6-B8DF-4DF4-AEF7-FD4304C6FEC0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{1876B6E1-BF21-4811-92EE-26AE8DAE45B3}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{195764E3-6010-4F60-9779-25FDBD5D56E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1AB6A2FB-05B5-4E94-97B2-015177007BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{1FECC8AE-EEB8-4618-9519-228738E7A0A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{2115B39A-B3F8-4E49-A23C-92544BDFF9E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{2632BCD6-2365-4D72-9BC8-ECADC39C290C}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{264DD277-0875-4456-9A67-91587D2344E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{35367EB0-47BE-41FC-8DE8-CD0169A0F71C}" = protocol=6 | dir=in | app=f:\anno 2070 demo exe\initengine.exe | "{358AC1DC-B220-45EB-B0B5-8578611707A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{412C9D39-FCA5-41D7-8BCF-6C68DC655CEE}" = protocol=17 | dir=in | app=f:\anno 2070 demo exe\anno5.exe | "{46F43629-3CFE-4EA9-9996-8AC5D0FDE058}" = protocol=6 | dir=in | app=f:\anno 2070 demo exe\anno5.exe | "{4AEB1B55-E024-4A2A-BCE3-F6C82A9A659B}" = protocol=17 | dir=in | app=f:\anno 2070 demo exe\initengine.exe | "{501EA6F7-842F-4705-9E5E-57F611F6382D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{51ECBECB-2ACE-4889-AD0F-CF70DB85E398}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{529854F3-2AAF-4443-87E6-CFE0006F5583}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{549B7F1A-AC81-4CE4-83D9-83D89E726367}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5A86FBDE-74B1-4820-B2C2-F34203440959}" = dir=in | app=c:\windows\system32\lxeacoms.exe | "{5F5DFB41-6141-4F49-A207-A498989BF842}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{607B68D3-4138-41A2-A4F0-5B5A52CC3CBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{61621A2D-54B0-46ED-B004-0D0204CAEC30}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6DF071B0-1763-4FF4-88B0-266BBA041FBB}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{741BF52B-6453-43A7-A913-73C890AB4917}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{7B4AA296-4826-41ED-9F33-331D8343A3D9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{7C638378-1108-40FC-9BD6-779A0EB49DCD}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{87E013BE-694E-4B4D-9937-A67DE7FEE9BB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{88E0C3B3-5E77-4509-B0E8-EC9EE7089DA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8A7414BA-4870-4B54-BF0D-A5CFF5055BCC}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{8B64EB42-D62A-4312-8CE4-56897878C290}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{91C73D1B-6F1C-4157-87D4-99FCD8807D4A}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{95ECB32F-30D7-4247-A9FE-7082AC751D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{99476265-69B4-4545-9B6F-36CEC4DDF4BD}" = protocol=6 | dir=out | app=system | "{9BF047CD-F146-44FC-9DC0-6FE82CB01343}" = protocol=17 | dir=in | app=c:\users\andrea&berni\desktop\a1modemkonfigurator.exe | "{9E36EA5C-52F9-4C5F-A7D7-6BB6A6BA0071}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{9FD43A6E-A3D6-4BC1-A0F0-B7C152194B94}" = protocol=6 | dir=in | app=c:\users\andrea&berni\desktop\a1modemkonfigurator.exe | "{A1443541-10CA-4A88-BA0E-A81AB4164826}" = protocol=6 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "{A319FFCB-6A11-4FC4-A52D-C3AB2D77FC49}" = dir=in | app=c:\windows\system32\lxeacoms.exe | "{A461DD17-1ECC-4DAE-8C06-94648C959C1A}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{A53572E0-409C-4EC9-8793-B2A4BE8BE7B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A6796CDB-107D-4011-B150-4F30C3D46209}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A84ABC1B-353B-404F-9D36-D8E117B55345}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{AFD42B3F-9309-40FB-8A71-49003F8413CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B0404E99-2F03-405D-98A0-9452CFABBD46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B33DDF92-E163-44A4-B98C-C15D691BC782}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B689FE4F-A197-470B-A8C5-3BE71F0BE0BD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B6F9323A-1353-4648-984F-28E1DC75C9CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B9A33761-AD86-45D7-A1B6-3AD4B77A22E7}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{BBC829B1-7F2A-426E-B9F5-C8E477041664}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{CECCE5E2-159E-47DD-AA29-FB666269D48A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D7DBD1CD-3BC5-4F70-9751-3A9215DBCBA4}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{DB5A2273-C3D5-4CD9-86BA-A066C2D9EDAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DD5208F1-9F9A-4006-99AC-EAE6A2B624A1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{F4D189DE-0740-458C-851F-249851AF1C8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FB25DB24-F0D4-45A2-9A89-0CA9515184B1}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "TCP Query User{1C43E418-A58F-4F8B-8C90-C36C8E2F7746}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{655D9CD5-5163-4BA6-A70C-DBA05B2E7518}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{72BC0BA7-0691-4009-AF46-FDA624F90BD0}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{AB12B776-500C-4D35-AE02-973C1D08767E}E:\anno 2070\files\targetdir\autopatcher.exe" = protocol=6 | dir=in | app=e:\anno 2070\files\targetdir\autopatcher.exe | "TCP Query User{BA3DBDC0-92EB-48A1-B581-E5E8ECA1C488}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "TCP Query User{C5B25185-B515-468A-BE52-6BD705D90DD3}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{D6FAC446-C82D-483C-B20C-C215D7282E59}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{F69FEE2D-FB5A-4641-9E36-48170508C80D}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "UDP Query User{345239C9-3903-4AD9-894C-E8358F81CEB0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{34831F3A-B001-49D0-9A83-B378D89F0547}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "UDP Query User{3F1C4C57-CCA4-47D1-B63D-7ACCACDF70D0}E:\anno 2070\files\targetdir\autopatcher.exe" = protocol=17 | dir=in | app=e:\anno 2070\files\targetdir\autopatcher.exe | "UDP Query User{89F71698-6CDA-40E5-865D-1AC7D7ABC87A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "UDP Query User{A5DE0216-3D39-43E6-82A5-709C525C56BD}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{A7A5A27B-AA34-48DC-A1C8-CA686F49963E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{C67D5DEA-3F73-4646-959E-CE7654CF06C2}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "UDP Query User{FF7A6B2D-EBC9-4939-9B37-8A5A1D5BA7CF}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{399C855A-6384-4C5D-A2C4-8C55B2C36E33}" = AuthenTec TrueSuite "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud "{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{E7DC06A3-8516-4929-B712-80987AFFFB57}" = Intel(R) PROSet/Wireless WiFi-Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Lexmark S300-S400 Series" = Lexmark S300-S400 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "ProInst" = Intel PROSet Wireless "sp6" = Logitech SetPoint 6.32 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11 "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20F5F93B-9A27-4508-87B0-BFD7494FBEC4}" = AuthenTec WinBio FingerPrint Software "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29 "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04 "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3D035310-3D86-4537-93B5-D390A6CF1778}" = ANNO 2070 DEMO "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3ec366ce-424e-481e-a960-162c8fdce12f}" = Nero 9 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Ultra Edition "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = welcome "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57BC1FEB-421D-469C-B07B-C8095596A224}" = XLink Kai "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02 "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5CB79EE7-301F-4AE7-A76D-D27BF8942E0A}" = Nero 11 "{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D85149E-D7A0-4920-BEBF-B6CEDFED8D1E}" = MAGIX USB-Videowandler 2 "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C4E03BC-974B-45ED-A0FB-E369E83C45DA}" = MAGIX Video easy Retten Sie Ihre Videokassetten! Edition "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{D5B46D30-F054-4C64-9C0F-97C8451E7D04}" = BtwMfcMM "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.192 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "1917 - Der Aufstand_is1" = 1917 - Der Aufstand 1.04 "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe AIR" = Adobe AIR "Avira AntiVir Desktop" = Avira Free Antivirus "AVS Media Player_is1" = AVS Media Player 3.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "BabylonToolbar" = Babylon toolbar "BearShare" = BearShare "BearShare MediaBar" = MediaBar "BIPA FotoShop" = BIPA FotoShop "BitTorrent" = BitTorrent "Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit "dlancockpit" = devolo dLAN Cockpit "DriverFinder" = DriverFinder "ETKA" = ETKA "facemoods" = Facemoods Toolbar "FAT32 Format" = FAT32 Format "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Audio Dub_is1" = Free Audio Dub version 1.7 "Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221 "IncrediMail" = IncrediMail 2.0 "IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IsoBuster_is1" = IsoBuster 1.9 "MAGIX_MSI_Video_easy_3_RYVT" = MAGIX Video easy Retten Sie Ihre Videokassetten! Edition "MainApp.exe_is1" = CloneDVD 4.1.0.23 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MyTomTom" = MyTomTom 3.1.0.530 "Nokia PC Suite" = Nokia PC Suite "Nokia Suite" = Nokia Suite "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OnlineFotoservice" = OnlineFotoservice "PhotoMail" = PhotoMail Maker "ProInst" = Intel PROSet Wireless "softonic-de3 Toolbar" = softonic-de3 Toolbar "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.7 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "FoxTab Video Converter" = FoxTab Video Converter "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.05.2012 09:35:47 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10281 Error - 17.05.2012 12:03:22 | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ctfmon.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc292 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002deeb ID des fehlerhaften Prozesses: 0xe68 Startzeit der fehlerhaften Anwendung: 0x01cd34465b7cc6e3 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\ctfmon.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d32add04-a039-11e1-a1b6-002243c51624 Error - 17.05.2012 13:48:09 | Computer Name = Laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ctfmon.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc292 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002dee0 ID des fehlerhaften Prozesses: 0x5a0 Startzeit der fehlerhaften Anwendung: 0x01cd3454f8de16c4 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\ctfmon.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 76a51756-a048-11e1-801d-002243c51624 Error - 17.05.2012 15:58:05 | Computer Name = Laptop | Source = Application Hang | ID = 1002 Description = Programm IncMail.exe, Version 6.2.9.5006 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 97c Startzeit: 01cd346648e629b3 Endzeit: 290 Anwendungspfad: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe Berichts-ID: 99f89ad3-a05a-11e1-8f8f-002243c51624 Error - 17.05.2012 18:32:27 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 17.05.2012 18:32:27 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15584 Error - 17.05.2012 18:32:27 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15584 Error - 18.05.2012 03:15:14 | Computer Name = Laptop | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 18.05.2012 16:14:10 | Computer Name = Laptop | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 18.05.2012 16:18:19 | Computer Name = Laptop | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 [ Media Center Events ] Error - 24.08.2011 05:41:35 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 11:41:35 - Fehler beim Herstellen der Internetverbindung. 11:41:35 - Serververbindung konnte nicht hergestellt werden.. Error - 24.08.2011 05:41:41 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 11:41:40 - Fehler beim Herstellen der Internetverbindung. 11:41:40 - Serververbindung konnte nicht hergestellt werden.. Error - 26.08.2011 22:57:50 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 04:57:50 - Fehler beim Herstellen der Internetverbindung. 04:57:50 - Serververbindung konnte nicht hergestellt werden.. Error - 26.08.2011 22:58:23 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 04:57:55 - Fehler beim Herstellen der Internetverbindung. 04:57:55 - Serververbindung konnte nicht hergestellt werden.. Error - 10.10.2011 00:44:10 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 06:44:07 - Fehler beim Herstellen der Internetverbindung. 06:44:08 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2011 21:57:09 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 03:57:08 - Fehler beim Herstellen der Internetverbindung. 03:57:08 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2011 22:57:14 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 04:57:13 - Fehler beim Herstellen der Internetverbindung. 04:57:13 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2011 23:57:18 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 05:57:18 - Fehler beim Herstellen der Internetverbindung. 05:57:18 - Serververbindung konnte nicht hergestellt werden.. Error - 20.10.2011 00:57:23 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 06:57:23 - Fehler beim Herstellen der Internetverbindung. 06:57:23 - Serververbindung konnte nicht hergestellt werden.. Error - 24.10.2011 21:48:48 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 03:48:47 - Fehler beim Herstellen der Internetverbindung. 03:48:47 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 09.11.2011 15:06:51 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 09.11.2011 15:06:51 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 09.11.2011 15:06:52 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 09.11.2011 15:06:52 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 12.11.2011 11:36:25 | Computer Name = Laptop | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 13.11.2011 13:43:57 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden. Error - 13.11.2011 13:43:58 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden. Error - 13.11.2011 13:43:58 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden. Error - 13.11.2011 13:43:59 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden. Error - 14.11.2011 15:46:13 | Computer Name = Laptop | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.3 mit dem Computer mit der Netzwerkhardwareadresse 74-F0-6D-54-18-57 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. < End of report > Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.18.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Andrea&Berni :: LAPTOP [Administrator] Schutz: Aktiviert 18.05.2012 22:37:47 mbam-log-2012-05-18 (22-37-47).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 505468 Laufzeit: 2 Stunde(n), 9 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) hab schon wieder so eine komischedatei per e-mail erhalten!!!???? |
19.05.2012, 11:03 | #5 | |
/// Helfer-Team | Aus sicherheitsgründen wurde ihr windowssystem blockiert "Windows Product Activation" umgehen..warum? Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
22.05.2012, 07:36 | #6 |
| Aus sicherheitsgründen wurde ihr windowssystem blockiert Das war mal auf einer windows cd von meinem bruder, hatt er für sich selber gebraucht keine ahnung.... Habe feststellen müssen das ich kein einziges bild öffnen kann, bzw sie sind da aber haben alle komische namen... bitte um hilfe Gruß |
22.05.2012, 12:01 | #7 | ||||
/// Helfer-Team | Aus sicherheitsgründen wurde ihr windowssystem blockiert 1. es handelt sich hier um durch Erpresser-Trojaner verschlüsselte Objekte?: Zitat:
deinstalliere: Code:
ATTFilter BearShare BitTorrent BitTorrent Zitat:
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen! Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen! 3. Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert: Code:
ATTFilter Babylon toolbar Facemoods Toolbar IncrediMail MediaBar MediaBar softonic-de3 Toolbar Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Zitat:
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=52f3f09900000000000000215d99bb44&tlver=1.4.19.19&affID=17160 IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=52f3f09900000000000000215d99bb44&tlver=1.4.19.19&affID=17160 IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKCU\..\SearchScopes\{A9C9B17F-9CE9-4E85-BCB2-B25579A01B0E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=4E9DB2F7-5503-4CF6-A116-A085A60EC650&apn_sauid=BE6A04A3-BC1C-4F13-9CA4-D81DF9F836E8 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box&a=6R7MGeu975 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrea&Berni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrea&Berni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found [2011.06.19 16:56:36 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.03.24 20:45:06 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll CHR - Extension: Babylon Translator = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\ CHR - Extension: Facemoods = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\ O4:64bit: - HKLM..\Run: [] File not found O4 - HKCU..\Run: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c2d5c9a2-e42a-11e0-8ce8-002243c51624}\Shell - "" = AutoRun O33 - MountPoints2\{c2d5c9a2-e42a-11e0-8ce8-002243c51624}\Shell\AutoRun\command - "" = H:\PcOptions.exe O33 - MountPoints2\{da524262-234d-11e0-8660-00248c7314ef}\Shell - "" = AutoRun O33 - MountPoints2\{da524262-234d-11e0-8660-00248c7314ef}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a [2012.05.18 22:14:27 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.17 14:57:06 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.17 14:43:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183819916-2779571043-2576572107-1001UA.job [2012.05.17 10:43:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183819916-2779571043-2576572107-1001Core.job :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
5. erneut einen Scan mit OTL:
6. MBR mit aswMBR von Avast prüfen Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin). XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten. Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen. Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen. Klicke Scan, um den Suchlauf zu starten. Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern. Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
22.05.2012, 12:33 | #8 |
| Aus sicherheitsgründen wurde ihr windowssystem blockiertCode:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File C:\Program Files (x86)\softonic-de3\tbsoft.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found. File C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File C:\Program Files (x86)\softonic-de3\tbsoft.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found. File C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B63A8D6-BBED-4341-8867-790E5F524C96}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9C9B17F-9CE9-4E85-BCB2-B25579A01B0E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9C9B17F-9CE9-4E85-BCB2-B25579A01B0E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA\ deleted successfully. C:\Program Files (x86)\DNA\plugins\npbtdna.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchstonicde.xml moved successfully. File C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll not found. File C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0 not found. File C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0 not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2d5c9a2-e42a-11e0-8ce8-002243c51624}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d5c9a2-e42a-11e0-8ce8-002243c51624}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2d5c9a2-e42a-11e0-8ce8-002243c51624}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d5c9a2-e42a-11e0-8ce8-002243c51624}\ not found. File H:\PcOptions.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da524262-234d-11e0-8660-00248c7314ef}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da524262-234d-11e0-8660-00248c7314ef}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da524262-234d-11e0-8660-00248c7314ef}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da524262-234d-11e0-8660-00248c7314ef}\ not found. File I:\LaunchU3.exe -a not found. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183819916-2779571043-2576572107-1001UA.job not found. File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183819916-2779571043-2576572107-1001Core.job not found. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Andrea&Berni\Desktop\cmd.bat deleted successfully. C:\Users\Andrea&Berni\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Andrea&Berni ->Temp folder emptied: 41464868 bytes ->Temporary Internet Files folder emptied: 441285949 bytes ->Java cache emptied: 2801864 bytes ->Google Chrome cache emptied: 241639115 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 150914 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2806549 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes RecycleBin emptied: 3535737539 bytes Total Files Cleaned = 4.069,00 mb OTL by OldTimer - Version 3.2.43.0 log created on 05222012_132218 Files\Folders moved on Reboot... C:\Users\Andrea&Berni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Code:
ATTFilter OTL logfile created on: 22.05.2012 13:34:42 - Run 2 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Andrea&Berni\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,31% Memory free 8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,11 Gb Total Space | 23,73 Gb Free Space | 20,44% Space Free | Partition Type: NTFS Drive D: | 115,70 Gb Total Space | 64,76 Gb Free Space | 55,97% Space Free | Partition Type: NTFS Drive E: | 117,19 Gb Total Space | 41,69 Gb Free Space | 35,58% Space Free | Partition Type: NTFS Drive F: | 116,67 Gb Total Space | 105,54 Gb Free Space | 90,46% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: LAPTOP | User Name: Andrea&Berni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.18 09:30:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea&Berni\Desktop\OTL.exe PRC - [2012.05.11 20:56:02 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.11 20:56:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.11 20:56:02 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.05.21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe PRC - [2010.08.17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.05.03 14:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.07.20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe ========== Modules (No Company Name) ========== MOD - [2012.05.09 05:04:52 | 000,441,840 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll MOD - [2012.05.09 05:04:51 | 003,921,904 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll MOD - [2012.05.09 05:03:36 | 000,553,456 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll MOD - [2012.05.09 05:03:35 | 000,117,744 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll MOD - [2012.05.09 05:03:25 | 000,134,656 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll MOD - [2012.05.09 05:03:24 | 000,250,368 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll MOD - [2012.05.09 05:03:23 | 002,375,680 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.14 21:45:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.05.11 20:56:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.11 20:56:02 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.05 17:31:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.01.13 12:22:24 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.01.04 12:27:32 | 001,526,032 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2012.01.04 12:14:38 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.01.04 12:13:06 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.14 13:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.12 03:40:36 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.05.21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.20 14:50:18 | 000,152,064 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010.04.14 15:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeacoms.exe -- (lxea_device) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.07.20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.11 20:56:03 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.11 20:56:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.16 13:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.12.12 08:19:16 | 008,616,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011.12.12 03:33:36 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.12.12 03:33:36 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.12.08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.12.08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.12.08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.11.01 11:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2011.11.01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.11.01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.11.01 11:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.09 16:28:08 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2011.05.10 11:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.22 09:54:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.04.22 09:54:19 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.27 12:41:18 | 000,894,240 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.07.12 13:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2010.07.12 13:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2009.09.03 20:14:30 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.09.03 19:59:28 | 000,054,784 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.09.03 19:37:02 | 000,067,072 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.09.02 11:29:06 | 000,626,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM) DRV:64bit: - [2009.09.01 15:31:42 | 000,649,984 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 22:44:48 | 000,015,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PuAcpi64.sys -- (MTsensor64) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.03.25 16:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm) DRV:64bit: - [2009.03.25 16:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex) DRV:64bit: - [2009.03.25 16:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV:64bit: - [2009.03.25 16:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2005.06.14 14:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock) DRV - [2012.05.07 22:28:27 | 000,019,572 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FNETDEVI.SYS -- (FNETDEVI) DRV - [2011.12.12 20:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2010.06.10 12:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 64 26 A1 EC 5F CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andrea&Berni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.21 18:32:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.21 18:32:06 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E1D4AD8-C498-433B-9510-98736ACA0888}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECB685C8-9C63-440C-AD9F-3DEB1F4B8D11}: DhcpNameServer = 169.254.0.1 169.254.0.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.22 13:35:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Andrea&Berni\Desktop\aswMBR.exe [2012.05.22 13:22:18 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.21 21:54:54 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\ImgBurn [2012.05.21 21:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012.05.21 21:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012.05.21 21:45:35 | 006,118,990 | ---- | C] (LIGHTNING UK!) -- C:\Users\Andrea&Berni\Desktop\SetupImgBurn_2.5.7.0.exe [2012.05.19 08:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.19 08:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.05.19 08:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.05.18 09:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.05.18 09:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.18 09:30:23 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Andrea&Berni\Desktop\OTL.exe [2012.05.18 07:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.17 17:07:30 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Malwarebytes [2012.05.17 17:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.17 11:57:22 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Ranlpo [2012.05.11 20:54:39 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.11 20:54:37 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.11 20:54:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.11 20:54:34 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.08 10:05:07 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Desktop\FANTEC LD-H35NU2-2 Upgrade Firmware-v48 [2012.05.08 09:53:36 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Avira [2012.05.08 09:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.08 09:50:14 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.08 09:50:14 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.08 09:50:14 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.05.08 09:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.08 09:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.05.08 09:41:02 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Local\Logishrd [2012.05.08 09:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2012.05.08 09:33:23 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Leadertech [2012.05.08 09:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2012.05.08 09:32:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2012.05.08 09:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.05.08 09:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2012.05.08 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2012.05.08 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Logitech [2012.05.08 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Logishrd [2012.05.08 09:29:48 | 000,676,968 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2012.05.08 09:29:48 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll [2012.05.07 22:28:20 | 000,019,572 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysWow64\drivers\FNETDEVI.SYS [2012.05.07 22:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FAT32 Format [2012.05.07 22:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FAT32 Format [2012.05.07 00:09:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.05.07 00:08:38 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.05.07 00:08:38 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll [2012.05.07 00:08:38 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll [2012.05.07 00:08:38 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.05.07 00:08:38 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.05.07 00:08:38 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.05.07 00:08:38 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.05.07 00:08:38 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll [2012.05.07 00:08:38 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll [2012.05.07 00:08:36 | 002,670,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2012.05.07 00:08:36 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2012.05.07 00:08:36 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2012.05.07 00:08:36 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2012.05.07 00:08:36 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2012.05.07 00:08:36 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2012.05.07 00:08:36 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2012.05.07 00:08:36 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.05.07 00:08:34 | 003,608,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2012.05.07 00:08:34 | 000,824,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2012.05.07 00:08:34 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.05.07 00:08:34 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.05.07 00:08:34 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2012.05.07 00:08:34 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.05.07 00:08:34 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.05.07 00:08:34 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2012.05.07 00:08:33 | 002,886,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2012.05.07 00:08:33 | 001,251,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2012.05.07 00:08:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.05.07 00:08:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.05.07 00:08:33 | 000,102,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2012.05.07 00:08:31 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012.05.07 00:08:31 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012.05.07 00:08:31 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012.05.07 00:08:30 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012.05.07 00:08:30 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012.05.07 00:08:30 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012.05.07 00:08:29 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2012.05.07 00:08:28 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012.05.07 00:08:28 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.05.07 00:08:27 | 000,978,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2012.05.07 00:08:27 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012.05.07 00:08:26 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2012.05.07 00:08:26 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.05.07 00:08:15 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.05.07 00:08:14 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.05.07 00:08:14 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2012.05.07 00:08:14 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2012.05.07 00:08:14 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2012.05.07 00:08:13 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012.05.07 00:08:12 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.05.07 00:08:12 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.05.07 00:08:12 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.05.07 00:08:12 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.05.07 00:08:11 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.05.07 00:08:11 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.05.07 00:08:11 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.05.07 00:08:11 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.05.07 00:08:11 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012.05.07 00:08:10 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.05.07 00:08:08 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2012.05.07 00:08:08 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2012.05.07 00:07:21 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Local\Hewlett-Packard [2012.05.06 23:59:56 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Intel [2012.05.06 23:59:44 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Roaming [2012.05.06 23:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2012.05.06 23:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2012.05.06 23:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2012.05.06 23:55:01 | 000,067,072 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimmpx64.sys [2012.05.06 23:55:01 | 000,057,856 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rixdpx64.sys [2012.05.06 23:55:01 | 000,054,784 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimspx64.sys [2012.05.06 23:54:32 | 000,000,000 | ---D | C] -- C:\DRIVERS [2012.05.05 17:31:14 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.05.04 19:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at [2012.05.04 18:01:34 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\XLink Kai [2012.05.04 18:00:46 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLink Kai [2012.05.04 18:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XLink Kai [2012.05.04 17:17:18 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Desktop\Xbox [2012.05.03 19:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1917 - Der Aufstand [2012.05.03 19:11:54 | 000,000,000 | ---D | C] -- C:\games [2012.05.03 18:38:19 | 000,015,920 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVolUp.sys [2012.05.03 18:38:12 | 000,072,240 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVol.sys [2012.04.30 09:59:31 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Desktop\Einladungen Gutscheine [2012.04.26 17:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo [2012.04.26 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.04.26 17:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\devolo [2012.04.25 09:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark S300-S400 Series [2011.08.09 16:28:08 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\Andrea&Berni\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.05.22 13:35:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Andrea&Berni\Desktop\aswMBR.exe [2012.05.22 13:34:51 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.22 13:34:51 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.22 13:33:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.22 13:33:52 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.22 13:33:52 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.22 13:33:52 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.22 13:33:52 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.22 13:27:44 | 000,000,430 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.05.22 13:27:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.22 13:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.21 21:46:29 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.05.21 21:46:06 | 006,118,990 | ---- | M] (LIGHTNING UK!) -- C:\Users\Andrea&Berni\Desktop\SetupImgBurn_2.5.7.0.exe [2012.05.18 09:50:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.18 09:30:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea&Berni\Desktop\OTL.exe [2012.05.13 14:10:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.05.13 11:04:16 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.05.12 08:38:58 | 000,288,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.11 20:56:03 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.11 20:56:02 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.08 13:17:29 | 000,222,291 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf [2012.05.08 12:55:08 | 000,004,759 | ---- | M] () -- C:\WirelessDiagLog.csv [2012.05.08 09:50:35 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.07 22:28:27 | 000,019,572 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysWow64\drivers\FNETDEVI.SYS [2012.05.07 22:21:02 | 000,000,000 | -H-- | M] () -- C:\Users\Andrea&Berni\Documents\jyoEjQuOQQOttUssdseT [2012.05.06 23:59:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf [2012.05.06 23:57:23 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2012.05.05 17:31:21 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.05 17:31:21 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.05 17:31:14 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.05.03 19:16:45 | 000,000,734 | ---- | M] () -- C:\Users\Andrea&Berni\Desktop\1917 - Der Aufstand.lnk [2012.05.03 18:50:07 | 000,002,797 | ---- | M] () -- C:\Users\Public\Desktop\Nero Video 11.lnk [2012.05.03 18:49:04 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012.05.03 18:47:23 | 000,002,783 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk [2012.05.03 18:47:03 | 000,002,881 | ---- | M] () -- C:\Users\Public\Desktop\Nero 11.lnk [2012.05.03 18:46:19 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk ========== Files Created - No Company Name ========== [2012.05.21 21:46:29 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.05.21 21:46:27 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012.05.18 09:50:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.13 14:10:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.05.08 12:54:37 | 000,004,759 | ---- | C] () -- C:\WirelessDiagLog.csv [2012.05.08 09:50:35 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.07 22:21:02 | 000,000,000 | -H-- | C] () -- C:\Users\Andrea&Berni\Documents\jyoEjQuOQQOttUssdseT [2012.05.07 00:08:33 | 000,272,629 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.05.06 23:59:36 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\drivers\PuAcpi64.sys [2012.05.06 23:59:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf [2012.05.06 23:57:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.06 23:56:27 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\drivers\PS2.sys [2012.05.03 19:16:45 | 000,000,734 | ---- | C] () -- C:\Users\Andrea&Berni\Desktop\1917 - Der Aufstand.lnk [2012.05.03 18:50:07 | 000,002,797 | ---- | C] () -- C:\Users\Public\Desktop\Nero Video 11.lnk [2012.05.03 18:49:04 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012.05.03 18:47:23 | 000,002,783 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk [2012.05.03 18:47:03 | 000,002,881 | ---- | C] () -- C:\Users\Public\Desktop\Nero 11.lnk [2012.05.03 18:46:19 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk [2012.04.11 13:24:24 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll [2012.04.11 13:24:24 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll [2012.04.11 13:24:24 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll [2012.04.11 13:24:24 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll [2012.04.11 13:24:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll [2012.04.11 13:24:24 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe [2012.04.11 13:24:24 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll [2012.04.11 13:24:24 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe [2012.04.11 13:24:24 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll [2012.04.11 13:24:24 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll [2012.04.11 13:24:24 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll [2012.04.11 13:24:24 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll [2012.04.11 13:24:24 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll [2012.04.11 13:24:24 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe [2012.04.11 13:24:24 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll [2012.04.11 13:24:24 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll [2012.04.11 13:24:24 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll [2012.04.11 13:24:24 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll [2012.04.11 13:24:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll [2012.04.11 13:24:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll [2012.04.11 13:24:24 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.08.10 14:24:10 | 000,000,000 | ---- | C] () -- C:\Users\Andrea&Berni\AppData\Roaming\GdsrvvgQrNJjooqLAAEsX [2011.08.10 14:24:10 | 000,000,000 | ---- | C] () -- C:\Users\Andrea&Berni\AppData\Roaming\fdvExujsgqTNjp [2011.08.09 16:28:57 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll [2011.08.09 16:28:08 | 000,001,167 | ---- | C] () -- C:\Users\Andrea&Berni\AppData\Roaming\pcouffin.inf [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.05.05 20:32:27 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.02.28 23:30:53 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe [2011.02.28 23:29:05 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini [2010.10.08 22:18:03 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.10.08 22:18:03 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.10.05 17:56:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.03 19:57:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.29 19:09:04 | 000,029,696 | ---- | C] () -- C:\Users\Andrea&Berni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2010.09.29 19:51:28 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Canneverbe Limited [2012.05.17 12:45:37 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\DAEMON Tools Lite [2012.05.17 12:45:37 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\DeepBurner [2012.04.09 11:30:29 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\DriverFinder [2012.03.11 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoft [2012.05.17 12:45:42 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.10 22:27:37 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\gtk-2.0 [2012.05.21 22:19:43 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\ImgBurn [2010.10.08 17:28:25 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\IrfanView [2012.05.08 09:33:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Leadertech [2010.11.25 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\MAGIX [2012.02.21 18:34:41 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Nokia [2011.11.02 09:19:49 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Nokia Ovi Suite [2012.02.21 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Nokia Suite [2011.07.18 19:09:46 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\PC Suite [2012.05.18 22:08:55 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Ranlpo [2012.02.05 11:21:55 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Samsung [2012.02.20 23:57:30 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Systweak [2012.02.05 11:32:58 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Temp [2011.11.16 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\TuneUp Software [2011.12.14 00:22:15 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Ubisoft [2011.08.09 16:28:39 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Vso [2012.04.09 12:38:33 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\WinBatch [2012.05.17 14:44:35 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\XLink Kai [2012.04.14 22:28:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > rest folgt....thx Geändert von Winkitdi (22.05.2012 um 12:44 Uhr) |
22.05.2012, 12:45 | #9 |
| Aus sicherheitsgründen wurde ihr windowssystem blockiertCode:
ATTFilter OTL Extras logfile created on: 22.05.2012 13:34:42 - Run 2 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Andrea&Berni\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,31% Memory free 8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,11 Gb Total Space | 23,73 Gb Free Space | 20,44% Space Free | Partition Type: NTFS Drive D: | 115,70 Gb Total Space | 64,76 Gb Free Space | 55,97% Space Free | Partition Type: NTFS Drive E: | 117,19 Gb Total Space | 41,69 Gb Free Space | 35,58% Space Free | Partition Type: NTFS Drive F: | 116,67 Gb Total Space | 105,54 Gb Free Space | 90,46% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: LAPTOP | User Name: Andrea&Berni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [BIPA FotoShop] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [BIPA FotoShop] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{155011CC-2887-47D7-B82A-E82725C29D4D}" = lport=10243 | protocol=6 | dir=in | app=system | "{1930EBDA-91BB-4BDB-A1A4-4ED23E6315D8}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1D587989-CE9B-4EAB-80C4-CB0DEEA0BDCF}" = lport=2869 | protocol=6 | dir=in | app=system | "{1EF55C76-A79E-4134-9F55-8A21C743CBA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{293A1673-E91B-48D6-A7B3-01500F30BA29}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2BC47FB4-989B-4A1B-9954-D2E92E7CC281}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2CCDD46D-9DBC-4A0D-B5FF-6809A906EDDA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3243873A-B9CC-46AD-B20C-EDBBFABA28EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{336655F9-A805-4985-9E91-BDBDAC1F01D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{338E6891-78A2-47C5-9DCB-FEE0A2E1E07D}" = lport=2869 | protocol=6 | dir=in | app=system | "{3B986E31-1FB2-47C6-925B-B840D0E0F49D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3FEAA475-15A0-4EEF-A38D-1D37E117300C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{46BBE506-A44D-415D-BBB0-80CF5B7DE9DD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{48A53B49-340C-4C3B-8F59-BAD7CFDF2B20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4CC8C2C7-C987-421C-B794-3490B69EC94F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4E01786F-2FAE-4199-AB9C-49C98B568260}" = rport=139 | protocol=6 | dir=out | app=system | "{50156754-759B-4381-9E19-BF44E20620D6}" = lport=137 | protocol=17 | dir=in | app=system | "{566933D0-B880-4BB5-8FFD-6482856A6D40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{62C77B54-A342-49D4-AB7F-1CAB6CDE8F14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{646DEDA9-759D-4438-A2D6-42C6286B6C1C}" = lport=19376 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{71CF9747-C9C7-4FB5-9FE5-092E8D1D5D86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{73EB1C44-C3B7-4E99-98B3-B299CFDC63E6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{752D1340-A949-420C-8B5D-1A009CDE8FF2}" = lport=445 | protocol=6 | dir=in | app=system | "{8B1EB835-6A3D-477A-ACC8-42843B78FC0C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{92C0CCDB-AB30-4344-8291-900C51159C8A}" = rport=445 | protocol=6 | dir=out | app=system | "{945113BE-E881-466F-A7EC-9095E76D835E}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{A7294437-CEEB-4599-9D2A-DA1720CBA8B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B4CE6BC4-D51E-46A1-B8A8-5C1B7CB58040}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B99954CD-420C-4FA2-ACE4-360A1527213A}" = rport=2869 | protocol=6 | dir=out | app=system | "{BDD8B3B2-7FD7-4C5D-A272-C506F850A474}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C054589A-00B5-4969-954A-392C1AE40C1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C53481CB-F694-4070-AC94-1330A275F1F9}" = lport=139 | protocol=6 | dir=in | app=system | "{D3F7FDCA-98D8-4913-96D0-9E85109F87AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D4C50ED1-ADB6-4F2B-BD0A-CE1EC20F9ADF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D4E7E02C-86FD-4DB3-ACC7-6084C07D13C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D53FAE67-4B25-4C18-8027-F9C1079684C6}" = lport=138 | protocol=17 | dir=in | app=system | "{D5FB7222-997E-4EB9-B14C-3FF522C6C0BD}" = rport=10243 | protocol=6 | dir=out | app=system | "{E59DFB2A-1A26-4C4C-B39E-06F18DE0BBD2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{EB29C5F6-7B06-4F04-A9D5-59C9DC636B3D}" = rport=137 | protocol=17 | dir=out | app=system | "{ECEB22AF-0151-45CD-96A8-D90355E7AF4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ED279D7F-D699-4DB0-AFC3-C9D75C30DCD7}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CC6CDF-2FA8-4004-B20B-1C697F459D62}" = protocol=17 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "{028A9EA2-899A-4534-8353-1C2C84A6B6EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{028C396B-0274-4542-834A-2D6A9F567727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{02DE59B1-4CAD-47AE-8729-B1112668F1B5}" = dir=in | app=c:\windows\system32\lxeacoms.exe | "{039A663F-7E35-4655-8A3B-E21A0F050558}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0454CFA3-5AE2-4061-BEF3-AECFA9A24A72}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{059DF861-DAF8-4397-97F9-45633B71152F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0E3461C6-B8DF-4DF4-AEF7-FD4304C6FEC0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{1876B6E1-BF21-4811-92EE-26AE8DAE45B3}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{195764E3-6010-4F60-9779-25FDBD5D56E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1AB6A2FB-05B5-4E94-97B2-015177007BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{1FECC8AE-EEB8-4618-9519-228738E7A0A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{2115B39A-B3F8-4E49-A23C-92544BDFF9E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{2632BCD6-2365-4D72-9BC8-ECADC39C290C}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{264DD277-0875-4456-9A67-91587D2344E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{35367EB0-47BE-41FC-8DE8-CD0169A0F71C}" = protocol=6 | dir=in | app=f:\anno 2070 demo exe\initengine.exe | "{358AC1DC-B220-45EB-B0B5-8578611707A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{412C9D39-FCA5-41D7-8BCF-6C68DC655CEE}" = protocol=17 | dir=in | app=f:\anno 2070 demo exe\anno5.exe | "{46F43629-3CFE-4EA9-9996-8AC5D0FDE058}" = protocol=6 | dir=in | app=f:\anno 2070 demo exe\anno5.exe | "{4AEB1B55-E024-4A2A-BCE3-F6C82A9A659B}" = protocol=17 | dir=in | app=f:\anno 2070 demo exe\initengine.exe | "{501EA6F7-842F-4705-9E5E-57F611F6382D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{529854F3-2AAF-4443-87E6-CFE0006F5583}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{549B7F1A-AC81-4CE4-83D9-83D89E726367}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5A86FBDE-74B1-4820-B2C2-F34203440959}" = dir=in | app=c:\windows\system32\lxeacoms.exe | "{5F5DFB41-6141-4F49-A207-A498989BF842}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{607B68D3-4138-41A2-A4F0-5B5A52CC3CBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6DF071B0-1763-4FF4-88B0-266BBA041FBB}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{741BF52B-6453-43A7-A913-73C890AB4917}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{7B4AA296-4826-41ED-9F33-331D8343A3D9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{7C638378-1108-40FC-9BD6-779A0EB49DCD}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{87E013BE-694E-4B4D-9937-A67DE7FEE9BB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{88E0C3B3-5E77-4509-B0E8-EC9EE7089DA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8A7414BA-4870-4B54-BF0D-A5CFF5055BCC}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{8B64EB42-D62A-4312-8CE4-56897878C290}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{91C73D1B-6F1C-4157-87D4-99FCD8807D4A}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{95ECB32F-30D7-4247-A9FE-7082AC751D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{99476265-69B4-4545-9B6F-36CEC4DDF4BD}" = protocol=6 | dir=out | app=system | "{9E36EA5C-52F9-4C5F-A7D7-6BB6A6BA0071}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{A1443541-10CA-4A88-BA0E-A81AB4164826}" = protocol=6 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "{A319FFCB-6A11-4FC4-A52D-C3AB2D77FC49}" = dir=in | app=c:\windows\system32\lxeacoms.exe | "{A461DD17-1ECC-4DAE-8C06-94648C959C1A}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{A53572E0-409C-4EC9-8793-B2A4BE8BE7B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A6796CDB-107D-4011-B150-4F30C3D46209}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A84ABC1B-353B-404F-9D36-D8E117B55345}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{AFD42B3F-9309-40FB-8A71-49003F8413CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B0404E99-2F03-405D-98A0-9452CFABBD46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B33DDF92-E163-44A4-B98C-C15D691BC782}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B689FE4F-A197-470B-A8C5-3BE71F0BE0BD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B6F9323A-1353-4648-984F-28E1DC75C9CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D7DBD1CD-3BC5-4F70-9751-3A9215DBCBA4}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "{DB5A2273-C3D5-4CD9-86BA-A066C2D9EDAF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DD5208F1-9F9A-4006-99AC-EAE6A2B624A1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{F4D189DE-0740-458C-851F-249851AF1C8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FB25DB24-F0D4-45A2-9A89-0CA9515184B1}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "TCP Query User{1C43E418-A58F-4F8B-8C90-C36C8E2F7746}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{655D9CD5-5163-4BA6-A70C-DBA05B2E7518}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{72BC0BA7-0691-4009-AF46-FDA624F90BD0}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{AB12B776-500C-4D35-AE02-973C1D08767E}E:\anno 2070\files\targetdir\autopatcher.exe" = protocol=6 | dir=in | app=e:\anno 2070\files\targetdir\autopatcher.exe | "TCP Query User{BA3DBDC0-92EB-48A1-B581-E5E8ECA1C488}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "TCP Query User{C5B25185-B515-468A-BE52-6BD705D90DD3}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{D6FAC446-C82D-483C-B20C-C215D7282E59}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{F69FEE2D-FB5A-4641-9E36-48170508C80D}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "UDP Query User{345239C9-3903-4AD9-894C-E8358F81CEB0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{34831F3A-B001-49D0-9A83-B378D89F0547}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe | "UDP Query User{3F1C4C57-CCA4-47D1-B63D-7ACCACDF70D0}E:\anno 2070\files\targetdir\autopatcher.exe" = protocol=17 | dir=in | app=e:\anno 2070\files\targetdir\autopatcher.exe | "UDP Query User{89F71698-6CDA-40E5-865D-1AC7D7ABC87A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "UDP Query User{A5DE0216-3D39-43E6-82A5-709C525C56BD}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{A7A5A27B-AA34-48DC-A1C8-CA686F49963E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{C67D5DEA-3F73-4646-959E-CE7654CF06C2}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | "UDP Query User{FF7A6B2D-EBC9-4939-9B37-8A5A1D5BA7CF}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{399C855A-6384-4C5D-A2C4-8C55B2C36E33}" = AuthenTec TrueSuite "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud "{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{E7DC06A3-8516-4929-B712-80987AFFFB57}" = Intel(R) PROSet/Wireless WiFi-Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02) "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Lexmark S300-S400 Series" = Lexmark S300-S400 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "ProInst" = Intel PROSet Wireless "sp6" = Logitech SetPoint 6.32 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11 "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20F5F93B-9A27-4508-87B0-BFD7494FBEC4}" = AuthenTec WinBio FingerPrint Software "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29 "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04 "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3D035310-3D86-4537-93B5-D390A6CF1778}" = ANNO 2070 DEMO "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3ec366ce-424e-481e-a960-162c8fdce12f}" = Nero 9 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Ultra Edition "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = welcome "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57BC1FEB-421D-469C-B07B-C8095596A224}" = XLink Kai "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02 "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5CB79EE7-301F-4AE7-A76D-D27BF8942E0A}" = Nero 11 "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8D85149E-D7A0-4920-BEBF-B6CEDFED8D1E}" = MAGIX USB-Videowandler 2 "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C4E03BC-974B-45ED-A0FB-E369E83C45DA}" = MAGIX Video easy Retten Sie Ihre Videokassetten! Edition "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{D5B46D30-F054-4C64-9C0F-97C8451E7D04}" = BtwMfcMM "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.192 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "1917 - Der Aufstand_is1" = 1917 - Der Aufstand 1.04 "7-Zip" = 7-Zip 9.20 "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe AIR" = Adobe AIR "Avira AntiVir Desktop" = Avira Free Antivirus "AVS Media Player_is1" = AVS Media Player 3.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "BIPA FotoShop" = BIPA FotoShop "Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit "dlancockpit" = devolo dLAN Cockpit "DriverFinder" = DriverFinder "ETKA" = ETKA "FAT32 Format" = FAT32 Format "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Audio Dub_is1" = Free Audio Dub version 1.7 "Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221 "ImgBurn" = ImgBurn "IncrediMail" = IncrediMail 2.0 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IsoBuster_is1" = IsoBuster 1.9 "MAGIX_MSI_Video_easy_3_RYVT" = MAGIX Video easy Retten Sie Ihre Videokassetten! Edition "MainApp.exe_is1" = CloneDVD 4.1.0.23 "MyTomTom" = MyTomTom 3.1.0.530 "Nokia PC Suite" = Nokia PC Suite "Nokia Suite" = Nokia Suite "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OnlineFotoservice" = OnlineFotoservice "PhotoMail" = PhotoMail Maker "ProInst" = Intel PROSet Wireless "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.7 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FoxTab Video Converter" = FoxTab Video Converter "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.05.2012 18:32:27 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 18.05.2012 03:15:14 | Computer Name = Laptop | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 18.05.2012 16:14:10 | Computer Name = Laptop | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 18.05.2012 16:18:19 | Computer Name = Laptop | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 19.05.2012 01:58:59 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 19.05.2012 01:58:59 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 19.05.2012 01:58:59 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 21.05.2012 15:45:08 | Computer Name = Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andrea&Berni\Downloads\SoftonicDownloader_fuer_imgburn.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 21.05.2012 15:45:09 | Computer Name = Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andrea&Berni\Downloads\SoftonicDownloader_fuer_imgburn.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 22.05.2012 03:08:51 | Computer Name = Laptop | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andrea&Berni\Downloads\SoftonicDownloader_fuer_imgburn.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. [ Media Center Events ] Error - 24.08.2011 05:41:35 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 11:41:35 - Fehler beim Herstellen der Internetverbindung. 11:41:35 - Serververbindung konnte nicht hergestellt werden.. Error - 24.08.2011 05:41:41 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 11:41:40 - Fehler beim Herstellen der Internetverbindung. 11:41:40 - Serververbindung konnte nicht hergestellt werden.. Error - 26.08.2011 22:57:50 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 04:57:50 - Fehler beim Herstellen der Internetverbindung. 04:57:50 - Serververbindung konnte nicht hergestellt werden.. Error - 26.08.2011 22:58:23 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 04:57:55 - Fehler beim Herstellen der Internetverbindung. 04:57:55 - Serververbindung konnte nicht hergestellt werden.. Error - 10.10.2011 00:44:10 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 06:44:07 - Fehler beim Herstellen der Internetverbindung. 06:44:08 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2011 21:57:09 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 03:57:08 - Fehler beim Herstellen der Internetverbindung. 03:57:08 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2011 22:57:14 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 04:57:13 - Fehler beim Herstellen der Internetverbindung. 04:57:13 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2011 23:57:18 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 05:57:18 - Fehler beim Herstellen der Internetverbindung. 05:57:18 - Serververbindung konnte nicht hergestellt werden.. Error - 20.10.2011 00:57:23 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 06:57:23 - Fehler beim Herstellen der Internetverbindung. 06:57:23 - Serververbindung konnte nicht hergestellt werden.. Error - 24.10.2011 21:48:48 | Computer Name = Laptop | Source = MCUpdate | ID = 0 Description = 03:48:47 - Fehler beim Herstellen der Internetverbindung. 03:48:47 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 09.11.2011 15:06:51 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 09.11.2011 15:06:51 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 09.11.2011 15:06:52 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 09.11.2011 15:06:52 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 12.11.2011 11:36:25 | Computer Name = Laptop | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 13.11.2011 13:43:57 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden. Error - 13.11.2011 13:43:58 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden. Error - 13.11.2011 13:43:58 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden. Error - 13.11.2011 13:43:59 | Computer Name = Laptop | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden. Error - 14.11.2011 15:46:13 | Computer Name = Laptop | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.3 mit dem Computer mit der Netzwerkhardwareadresse 74-F0-6D-54-18-57 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. < End of report > Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-05-22 13:36:39 ----------------------------- 13:36:39.564 OS Version: Windows x64 6.1.7601 Service Pack 1 13:36:39.564 Number of processors: 2 586 0x1706 13:36:39.564 ComputerName: LAPTOP UserName: 13:36:43.043 Initialize success 13:40:45.692 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 13:40:45.696 Disk 0 Vendor: ST9250320AS 0303 Size: 238475MB BusType: 11 13:40:45.698 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 13:40:45.700 Disk 1 Vendor: ST9250320AS 0303 Size: 238475MB BusType: 11 13:40:45.728 Disk 1 MBR read successfully 13:40:45.730 Disk 1 MBR scan 13:40:45.733 Disk 1 Windows 7 default MBR code 13:40:45.741 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 13:40:45.755 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 118900 MB offset 206848 13:40:45.792 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 119473 MB offset 243714048 13:40:45.844 Disk 1 scanning C:\Windows\system32\drivers 13:40:59.125 Service scanning 13:41:20.316 Modules scanning 13:41:20.331 Disk 1 trace - called modules: 13:41:20.604 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 13:41:20.617 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004c356e0] 13:41:20.632 3 CLASSPNP.SYS[fffff880019b643f] -> nt!IofCallDriver -> [0xfffffa8004699520] 13:41:20.659 5 ACPI.sys[fffff88000f947a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046d51f0] 13:41:20.668 Scan finished successfully 13:46:32.744 Disk 1 MBR has been saved successfully to "C:\Users\Andrea&Berni\Desktop\MBR.dat" 13:46:32.749 The log file has been saved successfully to "C:\Users\Andrea&Berni\Desktop\aswMBR.txt" |
22.05.2012, 22:02 | #10 | ||||
/// Helfer-Team | Aus sicherheitsgründen wurde ihr windowssystem blockiert Systemreinigung und Prüfung: 1. Aus Autostart herausnehmen (läuft unnötig): Zitat:
2. kann ich nicht zuordnen, um was handelt es sich dabei ?: Code:
ATTFilter C:\Users\Andrea&Berni\AppData\Roaming\Ranlpo es handelt sich hier um durch Erpresser-Trojaner verschlüsselte Objekte?: Zitat:
Zitat:
Code:
ATTFilter :OTL O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found. :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
5. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version für 64 Bit: Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 6. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 7. reinige dein System mit CCleaner:
8.
9. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 10. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 11. erneut einen Scan mit OTL:
damit ich weiß, welche Änderungen Du vorgenommen hast: Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
22.05.2012, 22:35 | #11 |
| Aus sicherheitsgründen wurde ihr windowssystem blockiert hallo... zu punkt 2 haben ein ipad2....wenn das hilft? soll ich die erpresser trojaner löschen (punkt3??) verstehe punkt 4 nicht ganz danke im voraus Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Andrea&Berni\Desktop\cmd.bat deleted successfully. C:\Users\Andrea&Berni\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Andrea&Berni ->Temp folder emptied: 29708755 bytes ->Temporary Internet Files folder emptied: 26500809 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 101521631 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 1691 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 2867337 bytes Total Files Cleaned = 153,00 mb OTL by OldTimer - Version 3.2.43.0 log created on 05222012_234622 Files\Folders moved on Reboot... C:\Users\Andrea&Berni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Geändert von Winkitdi (22.05.2012 um 22:51 Uhr) |
23.05.2012, 05:48 | #12 | ||
/// Helfer-Team | Aus sicherheitsgründen wurde ihr windowssystem blockiertZitat:
1. Am besten alle verschlüsselten Daten extern sichern (auf leere USB-Stick oder ext. Festplatte). Dann mit Entschlüsselung beginnen. Also am Computer sollen die geänderten Daten um Nummer sicher zu gehen zuerst unberührt bleiben Wenn alles gut geht, kannst Du dann am PC weiter machen 2. Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html ► SemperVideo hat ein Video zum Thema erstellt. ** Außerdem kannst versuchen die verschlüsselte Dateien auf einen leeren USB Stick speichern. Wenn Du weiß was für dateien sind (z.B *.jpg, *.doc usw) dann benenne sie alle wieder in Originalform wie vorher, also z.B in eine .jpg Datei Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
23.05.2012, 07:28 | #13 |
| Aus sicherheitsgründen wurde ihr windowssystem blockiert Habe nicht mehr bei antispyware gefunden.. hoffe es passt Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/23/2012 at 01:56 AM Application Version : 5.0.1150 Core Rules Database Version : 8634 Trace Rules Database Version: 6446 Scan type : Complete Scan Total Scan Time : 01:38:23 Operating System Information Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 534 Memory threats detected : 0 Registry items scanned : 72565 Registry threats detected : 0 File items scanned : 74042 File threats detected : 1 Adware.Tracking Cookie .doubleclick.net [ C:\USERS\ANDREA&BERNI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] |
24.05.2012, 17:17 | #14 |
| Aus sicherheitsgründen wurde ihr windowssystem blockiert so habe endlich den rest fertig... der online scanner lief ca 17 stunden ??!!! Code:
ATTFilter OTL logfile created on: 24.05.2012 17:52:15 - Run 3 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Andrea&Berni\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 59,58% Memory free 8,00 Gb Paging File | 6,07 Gb Available in Paging File | 75,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,11 Gb Total Space | 23,75 Gb Free Space | 20,45% Space Free | Partition Type: NTFS Drive D: | 115,70 Gb Total Space | 69,99 Gb Free Space | 60,49% Space Free | Partition Type: NTFS Drive E: | 117,19 Gb Total Space | 41,69 Gb Free Space | 35,58% Space Free | Partition Type: NTFS Drive F: | 116,67 Gb Total Space | 105,54 Gb Free Space | 90,46% Space Free | Partition Type: NTFS Drive H: | 232,88 Gb Total Space | 14,07 Gb Free Space | 6,04% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Andrea&Berni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.18 09:30:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea&Berni\Desktop\OTL.exe PRC - [2012.05.11 20:56:02 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.11 20:56:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.11 20:56:02 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.05.21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe PRC - [2010.08.17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.05.03 14:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.07.20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe ========== Modules (No Company Name) ========== MOD - [2012.05.09 05:04:52 | 000,441,840 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll MOD - [2012.05.09 05:04:51 | 003,921,904 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll MOD - [2012.05.09 05:03:36 | 000,553,456 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll MOD - [2012.05.09 05:03:35 | 000,117,744 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll MOD - [2012.05.09 05:03:25 | 000,134,656 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll MOD - [2012.05.09 05:03:24 | 000,250,368 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll MOD - [2012.05.09 05:03:23 | 002,375,680 | ---- | M] () -- C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.14 21:45:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.05.11 20:56:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.11 20:56:02 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.05 17:31:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.13 12:22:24 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.01.04 12:27:32 | 001,526,032 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2012.01.04 12:14:38 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.01.04 12:13:06 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.14 13:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.12 03:40:36 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2011.05.21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.20 14:50:18 | 000,152,064 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.12.23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010.04.14 15:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeacoms.exe -- (lxea_device) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.07.20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.11 20:56:03 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.11 20:56:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.16 13:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.12.12 08:19:16 | 008,616,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011.12.12 03:33:36 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.12.12 03:33:36 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.12.08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.12.08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.12.08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.11.01 11:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2011.11.01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.11.01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.11.01 11:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.09 16:28:08 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2011.05.10 11:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.22 09:54:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.04.22 09:54:19 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.27 12:41:18 | 000,894,240 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.07.12 13:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2010.07.12 13:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2009.09.03 20:14:30 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.09.03 19:59:28 | 000,054,784 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.09.03 19:37:02 | 000,067,072 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.09.02 11:29:06 | 000,626,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM) DRV:64bit: - [2009.09.01 15:31:42 | 000,649,984 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 22:44:48 | 000,015,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PuAcpi64.sys -- (MTsensor64) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.03.25 16:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm) DRV:64bit: - [2009.03.25 16:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex) DRV:64bit: - [2009.03.25 16:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV:64bit: - [2009.03.25 16:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2005.06.14 14:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock) DRV - [2012.05.07 22:28:27 | 000,019,572 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FNETDEVI.SYS -- (FNETDEVI) DRV - [2011.12.12 20:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2010.06.10 12:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 64 26 A1 EC 5F CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = ???????????????????????? IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andrea&Berni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.21 18:32:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.21 18:32:06 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Andrea&Berni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E1D4AD8-C498-433B-9510-98736ACA0888}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECB685C8-9C63-440C-AD9F-3DEB1F4B8D11}: DhcpNameServer = 169.254.0.1 169.254.0.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.23 08:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.05.23 00:16:53 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\SUPERAntiSpyware.com [2012.05.23 00:16:09 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.05.23 00:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.05.23 00:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.05.23 00:00:06 | 000,839,112 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.05.23 00:00:05 | 000,955,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.05.23 00:00:05 | 000,268,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.05.22 23:59:56 | 000,189,384 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.05.22 23:59:56 | 000,188,872 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.05.22 23:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.05.22 16:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.22 16:26:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.22 16:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.22 13:35:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Andrea&Berni\Desktop\aswMBR.exe [2012.05.22 13:22:18 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.21 21:54:54 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\ImgBurn [2012.05.21 21:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012.05.21 21:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012.05.21 21:45:35 | 006,118,990 | ---- | C] (LIGHTNING UK!) -- C:\Users\Andrea&Berni\Desktop\SetupImgBurn_2.5.7.0.exe [2012.05.19 08:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.19 08:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.05.19 08:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.05.18 09:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.05.18 09:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.18 09:30:23 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Andrea&Berni\Desktop\OTL.exe [2012.05.18 07:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.17 17:07:30 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Malwarebytes [2012.05.17 17:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.11 20:54:39 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.11 20:54:37 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.11 20:54:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.11 20:54:34 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.08 10:05:07 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Desktop\FANTEC LD-H35NU2-2 Upgrade Firmware-v48 [2012.05.08 09:53:36 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Avira [2012.05.08 09:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.08 09:50:14 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.08 09:50:14 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.08 09:50:14 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.05.08 09:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.08 09:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.05.08 09:41:02 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Local\Logishrd [2012.05.08 09:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2012.05.08 09:33:23 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Leadertech [2012.05.08 09:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2012.05.08 09:32:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2012.05.08 09:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.05.08 09:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2012.05.08 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2012.05.08 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Logitech [2012.05.08 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Logishrd [2012.05.08 09:29:48 | 000,676,968 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2012.05.08 09:29:48 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll [2012.05.07 22:28:20 | 000,019,572 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysWow64\drivers\FNETDEVI.SYS [2012.05.07 22:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FAT32 Format [2012.05.07 22:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FAT32 Format [2012.05.07 00:09:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.05.07 00:08:38 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.05.07 00:08:38 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll [2012.05.07 00:08:38 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll [2012.05.07 00:08:38 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.05.07 00:08:38 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.05.07 00:08:38 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.05.07 00:08:38 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.05.07 00:08:38 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll [2012.05.07 00:08:38 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll [2012.05.07 00:08:36 | 002,670,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2012.05.07 00:08:36 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2012.05.07 00:08:36 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2012.05.07 00:08:36 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2012.05.07 00:08:36 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2012.05.07 00:08:36 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2012.05.07 00:08:36 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2012.05.07 00:08:36 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.05.07 00:08:34 | 003,608,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2012.05.07 00:08:34 | 000,824,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2012.05.07 00:08:34 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.05.07 00:08:34 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.05.07 00:08:34 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2012.05.07 00:08:34 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.05.07 00:08:34 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.05.07 00:08:34 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2012.05.07 00:08:33 | 002,886,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2012.05.07 00:08:33 | 001,251,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2012.05.07 00:08:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.05.07 00:08:33 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.05.07 00:08:33 | 000,102,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2012.05.07 00:08:31 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012.05.07 00:08:31 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012.05.07 00:08:31 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012.05.07 00:08:30 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012.05.07 00:08:30 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012.05.07 00:08:30 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012.05.07 00:08:29 | 001,247,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2012.05.07 00:08:28 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012.05.07 00:08:28 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.05.07 00:08:27 | 000,978,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2012.05.07 00:08:27 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012.05.07 00:08:26 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2012.05.07 00:08:26 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.05.07 00:08:15 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.05.07 00:08:14 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.05.07 00:08:14 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2012.05.07 00:08:14 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2012.05.07 00:08:14 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2012.05.07 00:08:13 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012.05.07 00:08:12 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.05.07 00:08:12 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.05.07 00:08:12 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.05.07 00:08:12 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.05.07 00:08:11 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.05.07 00:08:11 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.05.07 00:08:11 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.05.07 00:08:11 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.05.07 00:08:11 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012.05.07 00:08:10 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.05.07 00:08:08 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2012.05.07 00:08:08 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2012.05.07 00:07:21 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Local\Hewlett-Packard [2012.05.06 23:59:56 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Intel [2012.05.06 23:59:44 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Roaming [2012.05.06 23:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012.05.06 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2012.05.06 23:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2012.05.06 23:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2012.05.06 23:55:01 | 000,067,072 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimmpx64.sys [2012.05.06 23:55:01 | 000,057,856 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rixdpx64.sys [2012.05.06 23:55:01 | 000,054,784 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimspx64.sys [2012.05.06 23:54:32 | 000,000,000 | ---D | C] -- C:\DRIVERS [2012.05.05 17:31:14 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.05.04 19:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at [2012.05.04 18:01:34 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\XLink Kai [2012.05.04 18:00:46 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLink Kai [2012.05.04 18:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XLink Kai [2012.05.04 17:17:18 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Desktop\Xbox [2012.05.03 19:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1917 - Der Aufstand [2012.05.03 19:11:54 | 000,000,000 | ---D | C] -- C:\games [2012.05.03 18:38:19 | 000,015,920 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVolUp.sys [2012.05.03 18:38:12 | 000,072,240 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVol.sys [2012.04.30 09:59:31 | 000,000,000 | ---D | C] -- C:\Users\Andrea&Berni\Desktop\Einladungen Gutscheine [2012.04.26 17:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo [2012.04.26 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.04.26 17:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\devolo [2012.04.25 09:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark S300-S400 Series [2011.08.09 16:28:08 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\Andrea&Berni\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.05.24 17:21:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.24 16:58:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.24 00:40:46 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.24 00:40:46 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.24 00:40:36 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.24 00:40:36 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.24 00:40:36 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.24 00:40:36 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.24 00:40:36 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.24 00:33:34 | 000,000,430 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.05.23 00:16:09 | 000,001,842 | ---- | M] () -- C:\Users\Andrea&Berni\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.23 00:07:58 | 000,000,206 | ---- | M] () -- C:\Users\Andrea&Berni\Documents\cc_20120523_000751.reg [2012.05.23 00:07:36 | 000,002,606 | ---- | M] () -- C:\Users\Andrea&Berni\Documents\cc_20120523_000732.reg [2012.05.23 00:07:15 | 000,084,076 | ---- | M] () -- C:\Users\Andrea&Berni\Documents\cc_20120523_000655.reg [2012.05.22 23:59:51 | 000,955,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.05.22 23:59:51 | 000,839,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.05.22 23:59:51 | 000,268,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.05.22 23:59:51 | 000,189,384 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.05.22 23:59:51 | 000,188,872 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.05.22 16:26:05 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 13:46:32 | 000,000,512 | ---- | M] () -- C:\Users\Andrea&Berni\Desktop\MBR.dat [2012.05.22 13:35:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Andrea&Berni\Desktop\aswMBR.exe [2012.05.21 21:46:29 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.05.21 21:46:06 | 006,118,990 | ---- | M] (LIGHTNING UK!) -- C:\Users\Andrea&Berni\Desktop\SetupImgBurn_2.5.7.0.exe [2012.05.18 09:50:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.18 09:30:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea&Berni\Desktop\OTL.exe [2012.05.13 14:10:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.05.13 11:04:16 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.05.12 08:38:58 | 000,288,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.11 20:56:03 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.11 20:56:02 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.08 13:17:29 | 000,222,291 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf [2012.05.08 12:55:08 | 000,004,759 | ---- | M] () -- C:\WirelessDiagLog.csv [2012.05.08 09:50:35 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.07 22:28:27 | 000,019,572 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysWow64\drivers\FNETDEVI.SYS [2012.05.07 22:21:02 | 000,000,000 | -H-- | M] () -- C:\Users\Andrea&Berni\Documents\jyoEjQuOQQOttUssdseT [2012.05.06 23:59:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf [2012.05.06 23:57:23 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2012.05.05 17:31:21 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.05 17:31:21 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.05 17:31:14 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.05.03 19:16:45 | 000,000,734 | ---- | M] () -- C:\Users\Andrea&Berni\Desktop\1917 - Der Aufstand.lnk [2012.05.03 18:50:07 | 000,002,797 | ---- | M] () -- C:\Users\Public\Desktop\Nero Video 11.lnk [2012.05.03 18:49:04 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012.05.03 18:47:23 | 000,002,783 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk [2012.05.03 18:47:03 | 000,002,881 | ---- | M] () -- C:\Users\Public\Desktop\Nero 11.lnk [2012.05.03 18:46:19 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk ========== Files Created - No Company Name ========== [2012.05.23 00:16:09 | 000,001,842 | ---- | C] () -- C:\Users\Andrea&Berni\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.23 00:07:56 | 000,000,206 | ---- | C] () -- C:\Users\Andrea&Berni\Documents\cc_20120523_000751.reg [2012.05.23 00:07:34 | 000,002,606 | ---- | C] () -- C:\Users\Andrea&Berni\Documents\cc_20120523_000732.reg [2012.05.23 00:07:01 | 000,084,076 | ---- | C] () -- C:\Users\Andrea&Berni\Documents\cc_20120523_000655.reg [2012.05.22 16:26:05 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.22 13:46:32 | 000,000,512 | ---- | C] () -- C:\Users\Andrea&Berni\Desktop\MBR.dat [2012.05.21 21:46:29 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.05.21 21:46:27 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012.05.18 09:50:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.13 14:10:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.05.08 12:54:37 | 000,004,759 | ---- | C] () -- C:\WirelessDiagLog.csv [2012.05.08 09:50:35 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.07 22:21:02 | 000,000,000 | -H-- | C] () -- C:\Users\Andrea&Berni\Documents\jyoEjQuOQQOttUssdseT [2012.05.07 00:08:33 | 000,272,629 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.05.06 23:59:36 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\drivers\PuAcpi64.sys [2012.05.06 23:59:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf [2012.05.06 23:57:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.06 23:56:27 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\drivers\PS2.sys [2012.05.03 19:16:45 | 000,000,734 | ---- | C] () -- C:\Users\Andrea&Berni\Desktop\1917 - Der Aufstand.lnk [2012.05.03 18:50:07 | 000,002,797 | ---- | C] () -- C:\Users\Public\Desktop\Nero Video 11.lnk [2012.05.03 18:49:04 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012.05.03 18:47:23 | 000,002,783 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 11.lnk [2012.05.03 18:47:03 | 000,002,881 | ---- | C] () -- C:\Users\Public\Desktop\Nero 11.lnk [2012.05.03 18:46:19 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk [2012.04.11 13:24:24 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll [2012.04.11 13:24:24 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll [2012.04.11 13:24:24 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll [2012.04.11 13:24:24 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll [2012.04.11 13:24:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll [2012.04.11 13:24:24 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe [2012.04.11 13:24:24 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll [2012.04.11 13:24:24 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe [2012.04.11 13:24:24 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll [2012.04.11 13:24:24 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll [2012.04.11 13:24:24 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll [2012.04.11 13:24:24 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll [2012.04.11 13:24:24 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll [2012.04.11 13:24:24 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe [2012.04.11 13:24:24 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll [2012.04.11 13:24:24 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll [2012.04.11 13:24:24 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll [2012.04.11 13:24:24 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll [2012.04.11 13:24:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll [2012.04.11 13:24:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll [2012.04.11 13:24:24 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.08.09 16:28:57 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll [2011.08.09 16:28:08 | 000,001,167 | ---- | C] () -- C:\Users\Andrea&Berni\AppData\Roaming\pcouffin.inf [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.05.05 20:32:27 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.02.28 23:30:53 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe [2011.02.28 23:29:05 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini [2010.10.08 22:18:03 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.10.08 22:18:03 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.10.05 17:56:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.03 19:57:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.29 19:09:04 | 000,029,696 | ---- | C] () -- C:\Users\Andrea&Berni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2010.09.29 19:51:28 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Canneverbe Limited [2012.05.17 12:45:37 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\DAEMON Tools Lite [2012.05.17 12:45:37 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\DeepBurner [2012.04.09 11:30:29 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\DriverFinder [2012.03.11 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoft [2012.05.17 12:45:42 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.10 22:27:37 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\gtk-2.0 [2012.05.21 22:19:43 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\ImgBurn [2010.10.08 17:28:25 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\IrfanView [2012.05.08 09:33:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Leadertech [2010.11.25 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\MAGIX [2012.02.21 18:34:41 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Nokia [2011.11.02 09:19:49 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Nokia Ovi Suite [2012.02.21 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Nokia Suite [2011.07.18 19:09:46 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\PC Suite [2012.02.05 11:21:55 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Samsung [2012.02.20 23:57:30 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Systweak [2012.02.05 11:32:58 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Temp [2011.11.16 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\TuneUp Software [2011.12.14 00:22:15 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Ubisoft [2011.08.09 16:28:39 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\Vso [2012.04.09 12:38:33 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\WinBatch [2012.05.17 14:44:35 | 000,000,000 | ---D | M] -- C:\Users\Andrea&Berni\AppData\Roaming\XLink Kai [2012.04.14 22:28:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > bild hieß vorher zb. bild002.jpg und jetzt hfghjfdjdksjhggf als datei hinterlegt???? und bei videos das gleiche....... gibt es eine möglichkeit?? danke im voraus |
25.05.2012, 08:33 | #15 | ||
/// Helfer-Team | Aus sicherheitsgründen wurde ihr windowssystem blockiertZitat:
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
Themen zu Aus sicherheitsgründen wurde ihr windowssystem blockiert |
acrobat update, adobe, antivir, avg, avgnt, avira, babylon toolbar, babylontoolbar, blockiert, converter, defender, desktop, device driver, excel, explorer, flash player, generic, google earth, helper, install.exe, ip-adresse, mp3, ntdll.dll, nvidia, nvidia update, object, pdf, plug-in, realtek, scan, schattenkopien, svchost.exe, system, usb, vista, visual studio, wenig ahnung, windows, windows 7 64-bit |