| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Verschlüsselungs Trojaner infiziert!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.06.2012, 16:47
| #1 |
 |  Windows Verschlüsselungs Trojaner infiziert! Guten Tag, Ich bitte um Hilfe bei diesem Trojaner, da ich mich selbst nicht sehr gut damit auskenne. Habe diesen auf meinen Win7 PC über eine E-Mail von "flirt-fever" bekommen, der Absender war "johann.calchera@ritz.edu". Bin dummerweise darauf reingefallen. War nur sehr empört darüber, dass ich 497€ zahlen sollte obwohl ich gar nicht da angemeldet war. Zu meinem Problem: Ich habe jetzt eine Systemwiederherstellung gemacht, sodass ich überhaupt wieder auf meinem Rechner zugreifen konnte. Danach wollte ich wie beschrieben Malwarebytes Anti-Malware runterladen, wobei ich bemerkte, dass nun auch Firefox bei mir nicht mehr ging. Habe mir anschließen Internet Explorer heruntergeladen, der nun auch ging, und nun das Malware Programm mit folgendem Ergebnis heruntergeladen und ausgeführt: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.01.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hannes :: HANNES-PC [Administrator] 01.06.2012 16:25:14 mbam-log-2012-06-01 (16-25-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 224203 Laufzeit: 5 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Hannes\AppData\Local\Temp\jnqojnqtdx.pre (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hannes\AppData\Local\Temp\zsrlnbhinb.pre (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Daraufhin habe ich nun defogger ausgeführt, bei dem ich aber keine Fehlermeldung erhielt, aber zur Sicherheit auch hier die Log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:55 on 01/06/2012 (Hannes) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU  AEMON Tools Lite -> RemovedChecking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Als nächstes habe ich OTL drüber laufen lassen. Zuerst die OTL.txt und dann die Extra.txt: OTL logfile created on: 01.06.2012 17:12:04 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Hannes\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,23% Memory free 4,00 Gb Paging File | 2,78 Gb Available in Paging File | 69,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,19 Gb Total Space | 44,74 Gb Free Space | 40,24% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 70,65 Gb Free Space | 30,34% Space Free | Partition Type: NTFS Drive E: | 110,95 Gb Total Space | 44,29 Gb Free Space | 39,92% Space Free | Partition Type: NTFS Computer Name: HANNES-PC | User Name: Hannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.01 17:10:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe PRC - [2012.05.04 07:37:10 | 000,021,392 | ---- | M] () -- D:\Handy rooten\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.05.04 07:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Handy rooten\Kies\KiesTrayAgent.exe PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.02.09 12:53:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.08.23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.08.02 11:46:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.09 19:46:53 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.09 12:53:46 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.10.28 05:31:14 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe PRC - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.02.28 19:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.02.22 10:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.05.14 17:23:54 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.05.14 16:14:23 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012.05.14 16:14:15 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.13 20:39:59 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9b24ceabcec0e6585573eba2837ae0a5\PresentationFramework.ni.dll MOD - [2012.05.13 20:39:44 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0ada55b589d5afc9fbcece80a97ad64b\PresentationCore.ni.dll MOD - [2012.05.13 20:39:43 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d231b57b4658ef8ac5e04f0a38aea210\System.Windows.Forms.ni.dll MOD - [2012.05.13 20:39:34 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\e5815f5d63d01768714c92c2decbf04c\System.Drawing.ni.dll MOD - [2012.05.13 20:39:32 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f750eaacd177ac6247919035d58643a5\WindowsBase.ni.dll MOD - [2012.05.13 20:39:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.13 20:39:29 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.13 20:39:26 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.13 20:39:22 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.05.13 20:39:20 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.13 20:39:14 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.05.13 20:38:53 | 000,115,137 | ---- | M] () -- C:\Users\Hannes\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll MOD - [2012.05.04 07:37:10 | 000,021,392 | ---- | M] () -- D:\Handy rooten\Kies\External\FirmwareUpdate\KiesPDLR.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.02.09 13:58:15 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.02.09 12:53:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.02 11:46:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.09 19:46:53 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2011.08.02 11:46:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.08.02 11:46:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.23 14:17:38 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.02.11 22:16:58 | 000,036,864 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.08.28 10:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:36:04 | 000,696,832 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fus2base.sys -- (FUS2BASE) DRV:64bit: - [2009.06.10 22:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmcowan.sys -- (AVMCOWAN) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.03.13 15:51:00 | 000,068,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2008.03.13 15:49:36 | 000,084,288 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2007.08.13 21:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2007.07.31 19:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2006.11.18 14:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2005.09.24 00:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.04.07 10:39:44 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2005.03.30 11:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\TVicPort.sys -- (TVicPort) DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=327FE2A8-7931-4E66-8DD5-CB1A16956775 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{745CBB2B-7D6B-42EE-BD3D-234ACE39FDB8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=FA53FEE2-5D7D-49B1-81B7-CF139F383622&apn_sauid=E552C527-A743-49E4-BD1E-8686E67D5147& IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.01 15:26:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.09 13:30:18 | 000,000,000 | ---D | M] [2010.03.19 16:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions [2012.05.19 13:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions [2012.04.18 18:45:39 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2012.04.04 20:16:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\h7r66vdw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.29 11:03:08 | 000,000,933 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\11-suche.xml [2011.12.29 11:03:08 | 000,002,419 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\englische-ergebnisse.xml [2011.12.29 11:03:08 | 000,010,525 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\gmx-suche.xml [2011.12.29 11:03:08 | 000,002,457 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\lastminute.xml [2012.04.18 18:45:32 | 000,003,915 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\sweetim.xml [2011.12.29 11:03:08 | 000,005,508 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\h7r66vdw.default\searchplugins\webde-suche.xml [2012.03.29 17:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.29 17:51:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.09 13:30:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.03.29 17:51:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.29 17:51:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.29 17:51:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.29 17:51:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.29 17:51:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.29 17:51:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KiesTrayAgent] D:\Handy rooten\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero Burning ROM 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [F:\SPECTRUM_3.0_setup.exe] F:\SPECTRUM_3.0_setup.exe File not found O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [KiesHelper] D:\Handy rooten\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] D:\Handy rooten\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Steam] D:\Spiele\steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O8 - Extra context menu item: Free YouTube Download - C:\Users\Hannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50B16190-951C-4789-BCFA-A6E94A8311E6}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E408DDA-6263-4A13-B2FE-2DFDB74DFBB3}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O32 - Unable to obtain root file information for disk E:\ O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.01 17:10:08 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe [2012.06.01 16:22:38 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\Malwarebytes [2012.06.01 16:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.01 16:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.01 16:22:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.01 16:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.30 20:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.19 14:24:30 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\TuneUp Software [2012.05.19 14:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.05.19 14:22:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.05.19 14:22:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.05.14 13:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.14 13:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.13 20:37:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32 [2012.05.12 22:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.05.12 21:36:47 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012.05.12 21:36:47 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2012.05.12 14:25:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi ========== Files - Modified Within 30 Days ========== [2012.06.01 17:10:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe [2012.06.01 17:05:32 | 000,013,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 17:05:32 | 000,013,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 16:59:51 | 000,001,525 | ---- | M] () -- C:\Users\Hannes\Desktop\iexplore - Verknüpfung.lnk [2012.06.01 16:58:17 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.06.01 16:57:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.01 16:57:36 | 1609,043,968 | -HS- | M] () -- C:\hiberfil.sys [2012.06.01 16:55:31 | 000,000,188 | ---- | M] () -- C:\Users\Hannes\defogger_reenable [2012.06.01 16:54:46 | 000,050,477 | ---- | M] () -- C:\Users\Hannes\Desktop\Defogger.exe [2012.06.01 16:22:30 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.01 16:00:19 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.06.01 16:00:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.06.01 15:58:20 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.01 15:58:20 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.01 15:58:20 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.01 15:58:20 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.01 15:58:20 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.30 14:14:55 | 000,124,899 | ---- | M] () -- C:\Users\Hannes\Desktop\476355_416282435049858_100000043157736_1615673_127329664_o.jpg [2012.05.23 11:28:38 | 000,002,042 | -H-- | M] () -- C:\Users\Hannes\Documents\Default.rdp [2012.05.14 13:16:01 | 000,211,945 | ---- | M] () -- C:\Users\Hannes\Desktop\VodafoneWillkommen_001925162666.pdf [2012.05.14 13:15:40 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012.05.13 21:17:32 | 000,481,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.06.01 16:59:51 | 000,001,525 | ---- | C] () -- C:\Users\Hannes\Desktop\iexplore - Verknüpfung.lnk [2012.06.01 16:55:30 | 000,000,188 | ---- | C] () -- C:\Users\Hannes\defogger_reenable [2012.06.01 16:54:46 | 000,050,477 | ---- | C] () -- C:\Users\Hannes\Desktop\Defogger.exe [2012.06.01 16:22:30 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.01 16:11:50 | 000,001,409 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.06.01 16:11:47 | 000,001,443 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.06.01 16:00:19 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.06.01 16:00:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.05.30 14:14:46 | 000,124,899 | ---- | C] () -- C:\Users\Hannes\Desktop\476355_416282435049858_100000043157736_1615673_127329664_o.jpg [2012.05.14 13:15:52 | 000,211,945 | ---- | C] () -- C:\Users\Hannes\Desktop\VodafoneWillkommen_001925162666.pdf [2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.01.04 15:32:58 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2011.02.11 17:42:01 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.02.11 17:41:58 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2011.02.11 17:41:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.10.05 11:34:31 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI ========== LOP Check ========== [2010.10.22 19:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Hannes\AppData\Roaming\.# [2011.01.15 23:58:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\algomahe.de [2010.05.06 15:14:40 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Canon [2010.11.23 14:24:35 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DAEMON Tools Lite [2010.11.22 21:39:21 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DAEMON Tools Pro [2009.11.11 12:10:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Dev-Cpp [2012.06.01 16:58:57 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Dropbox [2012.04.04 20:17:40 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DVDVideoSoft [2012.04.04 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DVDVideoSoftIEHelpers [2009.11.10 22:16:57 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\FRITZ! [2009.11.24 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ICQ [2010.11.10 15:15:12 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\McLoad [2012.02.11 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\MCS Electronics [2012.02.09 12:18:11 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Origin [2010.11.23 00:04:17 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PC Suite [2012.04.19 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Samsung [2012.05.13 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Temp [2012.05.19 14:24:30 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TuneUp Software [2009.12.14 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ubi.com [2012.04.12 19:31:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0A73A758 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A95A95AC @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:30A9E86A @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7B212553 < End of report > OTL Extras logfile created on: 01.06.2012 17:12:04 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Hannes\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,23% Memory free 4,00 Gb Paging File | 2,78 Gb Available in Paging File | 69,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,19 Gb Total Space | 44,74 Gb Free Space | 40,24% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 70,65 Gb Free Space | 30,34% Space Free | Partition Type: NTFS Drive E: | 110,95 Gb Total Space | 44,29 Gb Free Space | 39,92% Space Free | Partition Type: NTFS Computer Name: HANNES-PC | User Name: Hannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "E:\Photobuch\EDEKA Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [EDEKA Fotowelt] -- "E:\Photobuch\EDEKA Fotowelt\EDEKA Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "E:\Photobuch\EDEKA Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [EDEKA Fotowelt] -- "E:\Photobuch\EDEKA Fotowelt\EDEKA Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{092957BA-38A2-455B-BE44-F347A2A978AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{133C38C2-E93F-4088-AAD7-B9837517C011}" = rport=2869 | protocol=6 | dir=out | app=system | "{1AEE2CF4-D606-429F-9F59-0BDB26A95878}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2629A2AD-977A-4467-8052-A59112231FA2}" = lport=2869 | protocol=6 | dir=in | app=system | "{2CEDA3F7-7C2E-4A5D-A575-9BC140862872}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2D07D852-E8DD-4C41-9255-0794737CE398}" = lport=10243 | protocol=6 | dir=in | app=system | "{2EE986BF-BBA5-4468-9770-F1D34166B02B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3FD07F14-905E-415F-BC7F-5161128992D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4D3FF37B-B384-4F64-ACF0-6AC5B418C43C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4D621769-D303-4073-A4E1-21211AF51194}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5B6FB1B0-6ECF-47B5-BC29-BC40CE97A206}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5B8E3190-2126-43DC-A671-AB65B2155C7E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{5D5817C0-1160-440A-8901-0148294BA85B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6014ADC4-5F83-4484-88DD-3B5A326220F1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{70BB1314-6C7E-444F-9AE6-8456210CC300}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{7C015A54-D6CD-4D40-AA00-0D746229DE03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{87565EC1-429A-4183-A657-C70673BFD8AB}" = lport=2869 | protocol=6 | dir=in | app=system | "{96C09DC7-6B15-4A64-9C17-3D4AB6131EBD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B407BBB0-8C44-4F26-9EF0-81E07B743B40}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B74015BE-6280-46A4-925B-8D1F85198A00}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C112AAAB-C961-43D5-AC50-122ED423A11C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{CD365FC2-8FE2-4A8B-8505-126C99C4CF86}" = rport=10243 | protocol=6 | dir=out | app=system | "{CDB5940F-C9A3-4E0B-AA40-671D273843DB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D266AAA4-4E5A-4D45-AD35-316597A51E90}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D6D45455-2C4B-4176-8DCA-E1DC8A74C2CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F01A72C2-F3A1-4519-BC11-91B9A5EB670C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0840FD14-0A8D-43CE-9A41-303141127E70}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{0977D08B-44B9-4208-8825-12E2916CC22A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0B1F952E-49C0-4A67-ADC6-CC87DC7DE4E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0DE23B4E-3060-42C0-BCC0-04018D4D4674}" = protocol=17 | dir=in | app=d:\fussball manager 10\eadm\core.exe | "{0E5FA11C-7753-48C2-B076-089E5EDFDD9D}" = protocol=17 | dir=in | app=e:\pinnacle studio\programs\umi.exe | "{11566E2A-DD3C-4495-9578-57061DC091C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{12FE553F-7D11-472F-8E7D-0F0E4CC5FB5F}" = protocol=17 | dir=in | app=d:\spiele\battlefield3\battlefield 3\bf3.exe | "{18D7285C-0092-450C-949F-3CD5D8B6AD2A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1912F5F3-67A7-4AFE-9CC8-4508635E0441}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1BFB3E61-9698-46FF-B5AF-65766BF398DC}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{2D1E0762-18B5-4982-8D23-F9B6AAE85C2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{35B28ABC-951A-4D27-B4A4-2BBB6DDEEF00}" = protocol=6 | dir=out | app=system | "{3785F6E6-F551-411D-97D0-A359869B812D}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe | "{3B86A21E-DC03-4C6C-9B91-15FD001D6DA9}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{46E789A1-1B63-4D5E-98C9-E6803CD5E59F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{4998AE01-06D1-4726-8A11-1FB0041126D4}" = protocol=17 | dir=in | app=d:\spiele\cod_blackops\steam.exe | "{591015CF-0996-4A02-8754-831C2287F651}" = protocol=17 | dir=in | app=e:\pinnacle studio\programs\studio.exe | "{5C7ABE8D-5513-4D34-BCA8-19A729016F78}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{60307D34-E831-4965-A485-7BFD0F02C32A}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe | "{615D80B6-C141-4D47-B1A7-6134E3FC38CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{66C26189-20B7-4CDC-9CCB-59B54C013FF6}" = protocol=6 | dir=in | app=e:\pinnacle studio\programs\rm.exe | "{6D4CE6F3-527C-4C3F-8832-5221F08D9A5C}" = protocol=6 | dir=in | app=e:\pinnacle studio\programs\studio.exe | "{7169EDB7-9B51-4D2B-80DA-A54EC66CDE1E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{74D1B1F9-AFBB-4D86-BC36-BFC00BA028ED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{7ADC6E84-F6CC-4E23-9644-5ECD7FD175EA}" = protocol=6 | dir=in | app=e:\pinnacle studio\programs\umi.exe | "{86FC94E6-1BB9-48BF-9796-8E51508C7606}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{8E2ECD64-906F-4029-BC0C-EA7E3365A677}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{8F6CD606-BF7D-4E20-B08A-15A16C6531CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{95D04D60-F2C9-4741-8133-0B67228C710A}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{A095AAFB-03D9-482D-B620-A8CD6E42C093}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A0DFF1C0-12D4-403B-907D-81C9304744FD}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{A9ADC48C-CEC3-42BB-AD42-B99D7FF532D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AFBF4A48-4115-43C6-A256-E8264BDF795B}" = protocol=6 | dir=in | app=d:\spiele\battlefield3\battlefield 3\bf3.exe | "{B2E157C0-1BD5-4563-8202-D611D4A4087A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{B370FD9D-9527-461C-B29A-5225F22E487C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B382F3BA-C120-4438-A3B9-50827E03F633}" = protocol=17 | dir=in | app=e:\pinnacle studio\programs\rm.exe | "{BBF4C220-0455-47BF-A524-14A41FEBAF39}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BC43687B-73E7-4EAB-B4A8-C5F3859B6B06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C4DC1E8B-83CC-43C8-8E36-590E2287E2FD}" = protocol=6 | dir=in | app=d:\spiele\cod_blackops\steam.exe | "{CBD64028-8AA7-4510-B053-308D4D4C896F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{CC4BB565-E920-4664-BE2A-43193CBB98F6}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{CEDA5165-4B17-4C1B-AFBC-B91FE7C74627}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D29454E1-1904-4B26-82B0-803935B41DDF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D393D0E8-24BB-466F-86F8-4CDB4139A54D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D58E0BE8-401F-4226-A225-1D24C0D6E8B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E07E620C-2C95-44B1-A767-5CEC3E1BE8AA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{E9436C6D-539A-42AA-84C5-9EDA5BB8BCB3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E9B61360-DB40-4D25-9AA1-0D73E6A63ECE}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{EB92B50C-9F89-446D-8495-71710029437E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F1F5B7A7-965D-4442-90E9-1575F0B2909B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FF6D304C-A2CF-4BDF-9C35-82CDD2C55B2E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{FF8D3F9C-98B0-41BD-AF71-13961239FC13}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{45751A1A-4197-43AB-A14B-84B855FCA637}D:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=d:\fussball manager 10\eadm\core.exe | "TCP Query User{C172435E-86A9-4A00-A40D-B154079DE087}E:\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=e:\atube catcher 2.0\yct.exe | "TCP Query User{D71D410C-EF74-4A13-B9A8-74A19CDD55B2}G:\batz michael\spiele\call of duty\codmp.exe" = protocol=6 | dir=in | app=g:\batz michael\spiele\call of duty\codmp.exe | "UDP Query User{86ABE9D4-62D5-4B8B-8E2A-EE7A87A9BA59}G:\batz michael\spiele\call of duty\codmp.exe" = protocol=17 | dir=in | app=g:\batz michael\spiele\call of duty\codmp.exe | "UDP Query User{C1DFA0ED-4A2D-4280-954A-C7B6A41EFB4A}D:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=d:\fussball manager 10\eadm\core.exe | "UDP Query User{E25314FD-8297-414E-8C0E-7C1394D81D45}E:\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=e:\atube catcher 2.0\yct.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100-Serie "{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit) "{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Treiber "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6 "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{11A8473A-B793-4739-A3EC-78AC82DC03E5}" = .NET Api v3.30 for CodeMeter "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM) "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1" = BASCOM-AVR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1 "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8FD73B28-7CB0-4009-9D7E-83E6A3AC695F}" = WatchPcLink "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX "{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0 "{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12 "{E040012F-A895-482E-87EF-D747ABB0F1D6}" = CADdy++ - SEE Electrical "{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "aTube Catcher" = aTube Catcher "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CursorFX" = CursorFX "Deutschlands Brettspiele Deluxe" = Deutschlands Brettspiele Deluxe 1.0 "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "EDEKA Fotowelt" = EDEKA Fotowelt "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free YouTube Download_is1" = Free YouTube Download version 3.1.22.319 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MatlabR2007a" = MATLAB Student R2007a "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "MProg 3.0a" = MProg 3.0a "Origin" = Origin "PriceGong" = PriceGong 2.6.4 "PSpice Student" = PSpice Student 9.1 "PunkBusterSvc" = PunkBuster Services "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server "TUGZip_is1" = TUGZip 3.5 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.02.2011 15:13:03 | Computer Name = Hannes-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 01.03.2011 13:29:41 | Computer Name = Hannes-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 01.03.2011 14:06:00 | Computer Name = Hannes-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 04.03.2011 16:57:43 | Computer Name = Hannes-PC | Source = RasClient | ID = 20227 Description = Error - 04.03.2011 16:58:37 | Computer Name = Hannes-PC | Source = RasClient | ID = 20227 Description = Error - 04.03.2011 16:59:31 | Computer Name = Hannes-PC | Source = RasClient | ID = 20227 Description = Error - 04.03.2011 17:03:57 | Computer Name = Hannes-PC | Source = RasClient | ID = 20227 Description = Error - 04.03.2011 17:07:10 | Computer Name = Hannes-PC | Source = RasClient | ID = 20227 Description = Error - 05.03.2011 05:03:36 | Computer Name = Hannes-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 05.03.2011 06:04:44 | Computer Name = Hannes-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ Media Center Events ] Error - 07.03.2012 11:36:45 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0 Description = 16:36:45 - Fehler beim Herstellen der Internetverbindung. 16:36:45 - Serververbindung konnte nicht hergestellt werden.. Error - 07.03.2012 12:36:51 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0 Description = 17:36:50 - Fehler beim Herstellen der Internetverbindung. 17:36:50 - Serververbindung konnte nicht hergestellt werden.. Error - 07.03.2012 13:36:55 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0 Description = 18:36:55 - Fehler beim Herstellen der Internetverbindung. 18:36:55 - Serververbindung konnte nicht hergestellt werden.. Error - 23.03.2012 04:07:19 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0 Description = 09:07:18 - Fehler beim Herstellen der Internetverbindung. 09:07:19 - Serververbindung konnte nicht hergestellt werden.. Error - 27.03.2012 11:46:14 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0 Description = 17:46:13 - Fehler beim Herstellen der Internetverbindung. 17:46:13 - Serververbindung konnte nicht hergestellt werden.. Error - 27.03.2012 12:46:26 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0 Description = 18:46:25 - Fehler beim Herstellen der Internetverbindung. 18:46:26 - Serververbindung konnte nicht hergestellt werden.. Error - 28.03.2012 13:46:59 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0 Description = 19:46:58 - Fehler beim Herstellen der Internetverbindung. 19:46:58 - Serververbindung konnte nicht hergestellt werden.. Error - 02.04.2012 16:11:42 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0 Description = 22:11:41 - Fehler beim Herstellen der Internetverbindung. 22:11:42 - Serververbindung konnte nicht hergestellt werden.. Error - 08.04.2012 07:00:44 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0 Description = 13:00:43 - Fehler beim Herstellen der Internetverbindung. 13:00:43 - Serververbindung konnte nicht hergestellt werden.. Error - 19.05.2012 05:28:31 | Computer Name = Hannes-PC | Source = MCUpdate | ID = 0 Description = 11:28:30 - Fehler beim Herstellen der Internetverbindung. 11:28:30 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 17.04.2012 09:17:55 | Computer Name = Hannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4142 seconds with 1500 seconds of active time. This session ended with a crash. Error - 23.04.2012 09:16:24 | Computer Name = Hannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7082 seconds with 2820 seconds of active time. This session ended with a crash. Error - 23.04.2012 09:16:48 | Computer Name = Hannes-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 01.06.2012 10:10:42 | Computer Name = Hannes-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\TVicPort.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 01.06.2012 10:10:42 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TVicPort" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 01.06.2012 10:10:42 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 01.06.2012 10:10:42 | Computer Name = Hannes-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\hardlock.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 01.06.2012 10:10:42 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Hardlock" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 01.06.2012 10:57:55 | Computer Name = Hannes-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\TVicPort.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 01.06.2012 10:57:55 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TVicPort" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 01.06.2012 10:57:56 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 01.06.2012 10:57:56 | Computer Name = Hannes-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\hardlock.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 01.06.2012 10:57:56 | Computer Name = Hannes-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Hardlock" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 < End of report > Würde mich freuen wenn mir jemand helfen könnte, wie ich weiter verfahren sollte! Im voraus schon ein rießen Dankeschön!!! Beste Grüße Hannes |
| Themen zu Windows Verschlüsselungs Trojaner infiziert! |
| alternate, antivir, avira, bho, call of duty, dateisystem, device driver, e-mail, error, excel, firefox, flash player, flirt-fever, flirtfever, helper, heuristiks/extra, heuristiks/shuriken, iexplore, install.exe, internet, internet explorer, langs, logfile, microsoft office word, msiexec.exe, nvidia update, office 2007, plug-in, popup, problem, programm, registry, required, rooten, searchscopes, security, senden, software, svchost.exe, sweetim, systemwiederherstellung gemacht, trojaner, usb, version=1.0, windows, windows verschlüsselungs-trojaner, windows7 |
Baum-Darstellung