|
Log-Analyse und Auswertung: TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.06.2012, 13:13 | #1 |
| TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 Avira spuckt mir folgende Funde aus: Typ: Datei Quelle: C:\Windows\SysWOW64\d3dybse3i.dll Status: Infiziert Quarantäne-Objekt: 4a3d8f14.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.42 Virendefinitionsdatei: 7.11.27.144 Meldung: TR/ATRAPS.Gen Datum/Uhrzeit: 13.04.2012, 15:50 Typ: Datei Quelle: C:\Windows\SysWOW64\nsp4gkpf.dll Status: Infiziert Quarantäne-Objekt: 55b81a4c.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.80 Virendefinitionsdatei: 7.11.32.116 Meldung: TR/PSW.Kykymber.ceig Datum/Uhrzeit: 11.06.2012, 11:29 Den ersten habe ich damals leider ignoriert. Probleme sind noch keine aufgetreten, fühle mich aber langsam nicht mehr sicher wegen Onlinebanking, Paypal etc. Nutze AVIRA, Ad-Aware und gelegentlich MBAM. Zudem Mozilla mit Noscript und den Windows Defender. MBAM sagt folgendes: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bernhard :: BERNHARD-PC [Administrator] 11.06.2012 11:48:13 mbam-log-2012-06-11 (11-48-13).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 482349 Laufzeit: 1 Stunde(n), 18 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Bernhard\Downloads\SoftonicDownloader_fuer_speedupmypc.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 11.06.2012 13:48:37 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Bernhard\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 42,14% Memory free 9,99 Gb Paging File | 7,59 Gb Available in Paging File | 75,95% Paging File free Paging file location(s): C:\pagefile.sys 6139 6139 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,45 Gb Total Space | 31,08 Gb Free Space | 26,69% Space Free | Partition Type: NTFS Drive D: | 329,78 Gb Total Space | 153,38 Gb Free Space | 46,51% Space Free | Partition Type: NTFS Computer Name: BERNHARD-PC | User Name: Bernhard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.11 13:39:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bernhard\Desktop\OTL.exe PRC - [2012.06.06 10:57:26 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.05.25 19:14:40 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2012.05.25 19:14:39 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2012.05.08 18:36:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:36:44 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe PRC - [2012.05.08 18:36:44 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:36:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.16 14:27:24 | 000,025,464 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe PRC - [2012.04.09 16:15:44 | 000,968,328 | ---- | M] (e-academy Inc.) -- C:\Users\Bernhard\AppData\Local\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.27 16:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.09.26 22:04:35 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2011.01.24 02:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe PRC - [2011.01.24 02:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe PRC - [2010.11.20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010.08.31 21:13:29 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.02.05 19:05:08 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.02.04 23:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.01.05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.01.05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007.08.03 13:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ========== Modules (No Company Name) ========== MOD - [2012.06.06 10:57:26 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.05.17 10:52:51 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2011.09.26 22:04:35 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011.01.24 02:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe MOD - [2011.01.24 02:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe MOD - [2010.04.05 12:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL MOD - [2010.04.05 12:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll MOD - [2010.04.05 12:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL MOD - [2010.04.05 12:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL MOD - [2010.04.05 12:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL MOD - [2010.04.01 19:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll MOD - [2010.04.01 19:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll MOD - [2010.01.05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.06.23 13:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll MOD - [2009.06.23 13:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll MOD - [2009.06.23 13:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll MOD - [2009.05.27 14:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll MOD - [2009.04.28 09:56:29 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll MOD - [2009.04.07 21:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll MOD - [2009.03.10 07:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll MOD - [2009.03.02 16:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll MOD - [2009.02.20 10:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.06.02 16:59:51 | 000,354,304 | ---- | M] (Parental Solutions Inc.) [Auto | Running] -- C:\Windows\SysNative\poua7stgo.dll -- (Dnscache) SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.04.14 22:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device) SRV:64bit: - [2010.04.14 22:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService) SRV:64bit: - [2009.12.08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.05.04 16:47:36 | 000,809,984 | ---- | M] (OptionNV) [Disabled | Stopped] -- C:\Program Files\Option\Option WWAN Driver 5.0.32.0 Installer\GtDetectSc.exe -- (GtDetectSc) SRV:64bit: - [2007.08.03 13:24:54 | 000,125,496 | ---- | M] () [On_Demand | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2012.06.06 10:57:26 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.25 19:14:39 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2012.05.17 10:52:51 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 18:36:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:36:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.25 23:31:21 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.12 17:07:51 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service) SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2010.04.14 22:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService) SRV - [2010.04.14 22:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.12.04 15:45:06 | 000,111,904 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe -- (NWHelper) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.11 09:05:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.05.08 18:36:46 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 18:36:46 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1) DRV:64bit: - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.12.23 08:12:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.11.05 16:46:43 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2011.10.27 03:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2011.10.27 03:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2011.10.27 03:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2011.10.27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.10.27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.10.27 03:25:42 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV:64bit: - [2011.10.27 03:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.10.27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.09 08:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.08.31 12:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.08.07 11:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.07.27 03:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010.06.19 16:49:14 | 000,012,800 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2010.04.19 21:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2010.04.13 12:15:03 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.03.04 11:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.02.09 12:19:13 | 001,586,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.12.22 11:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.11.10 16:56:24 | 000,256,000 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI) DRV:64bit: - [2009.10.07 09:13:33 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 09:13:33 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.23 17:48:59 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 12:15:57 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.05.05 04:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.02.03 18:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs) DRV:64bit: - [2008.12.08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.08.03 06:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2012.01.14 22:45:05 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_deDE459 IE - HKCU\..\SearchScopes\{8A1156F9-A62C-4069-8BBB-432ADD4BC21C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=2c8ec2c8-d2f1-4de8-bf5b-a0d292ec2703&apn_sauid=9D2FE97D-246E-4C1D-BC91-3CD45A996AFF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: trackmenot@mrl.nyu.edu:0.6.728 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.4 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153 FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.10 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.10 17:41:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 10:57:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.11 09:20:12 | 000,000,000 | ---D | M] [2010.11.23 01:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Extensions [2012.03.19 11:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions [2012.01.01 18:54:40 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2011.08.20 10:23:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.21 22:56:19 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.11.24 18:21:44 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\illimitux@illimitux.net [2011.07.31 14:01:52 | 000,000,000 | ---D | M] (TrackMeNot) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\trackmenot@mrl.nyu.edu [2012.02.18 07:57:00 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\53xlmtrd.default\extensions\zotero@chnm.gmu.edu [2012.06.06 10:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\5oll6geo.Standard-Benutzer\extensions [2012.05.20 19:04:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\5oll6geo.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.17 01:34:27 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\5oll6geo.Standard-Benutzer\extensions\ich@maltegoetz.de [2012.05.05 17:58:03 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\5oll6geo.Standard-Benutzer\extensions\zotero@chnm.gmu.edu [2011.09.10 01:19:30 | 000,002,394 | ---- | M] () -- C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\53xlmtrd.default\searchplugins\askcom.xml [2012.01.14 01:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.09.22 20:53:07 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.03.10 17:41:28 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.02.24 14:03:51 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\BERNHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\53XLMTRD.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI [2012.03.19 11:32:11 | 000,521,058 | ---- | M] () (No name found) -- C:\USERS\BERNHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\53XLMTRD.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.12.08 09:02:06 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\BERNHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\53XLMTRD.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI [2011.12.09 12:10:52 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\BERNHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\53XLMTRD.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2012.06.06 10:57:27 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.03.20 21:57:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.20 21:57:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.20 21:57:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.20 21:57:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.20 21:57:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.20 21:57:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe () O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\system32\d3dybse3i.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: imdb.com ([secure] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89287100-6AAE-406B-A4D7-5C0DB236B402}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C80D883-BC3A-4E2A-9DD4-FFC52A9BB3FF}: DhcpNameServer = 10.74.83.22 193.254.160.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{23ee7e75-07bc-11e1-be48-485b3998c3f1}\Shell - "" = AutoRun O33 - MountPoints2\{23ee7e75-07bc-11e1-be48-485b3998c3f1}\Shell\AutoRun\command - "" = J:\autorun.exe O33 - MountPoints2\{23ee7ecc-07bc-11e1-be48-c17cf2eba36b}\Shell - "" = AutoRun O33 - MountPoints2\{23ee7ecc-07bc-11e1-be48-c17cf2eba36b}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{23ee7ef9-07bc-11e1-be48-c17cf2eba36b}\Shell - "" = AutoRun O33 - MountPoints2\{23ee7ef9-07bc-11e1-be48-c17cf2eba36b}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{2658433d-ac83-11e0-b7c2-485b3998c3f1}\Shell - "" = AutoRun O33 - MountPoints2\{2658433d-ac83-11e0-b7c2-485b3998c3f1}\Shell\AutoRun\command - "" = G:\OriginInstaller.exe O33 - MountPoints2\{275ecf27-c66b-11e0-9eee-485b3998c3f1}\Shell - "" = AutoRun O33 - MountPoints2\{275ecf27-c66b-11e0-9eee-485b3998c3f1}\Shell\AutoRun\command - "" = I:\BALDUR.EXE O33 - MountPoints2\{3165ec13-090f-11e1-a6b5-485b3998c3f1}\Shell - "" = AutoRun O33 - MountPoints2\{3165ec13-090f-11e1-a6b5-485b3998c3f1}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{71c62b7c-4dc8-11e1-9c2f-485b3998c3f1}\Shell - "" = AutoRun O33 - MountPoints2\{71c62b7c-4dc8-11e1-9c2f-485b3998c3f1}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{8ce174fe-087f-11e1-92b6-485b3998c3f1}\Shell - "" = AutoRun O33 - MountPoints2\{8ce174fe-087f-11e1-92b6-485b3998c3f1}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{8ce175ac-087f-11e1-92b6-485b3998c3f1}\Shell - "" = AutoRun O33 - MountPoints2\{8ce175ac-087f-11e1-92b6-485b3998c3f1}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{8ce175b7-087f-11e1-92b6-485b3998c3f1}\Shell - "" = AutoRun O33 - MountPoints2\{8ce175b7-087f-11e1-92b6-485b3998c3f1}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{963db2a9-bf4d-11e0-bb48-485b3998c3f1}\Shell - "" = AutoRun O33 - MountPoints2\{963db2a9-bf4d-11e0-bb48-485b3998c3f1}\Shell\AutoRun\command - "" = F:\baldur.exe O33 - MountPoints2\{ac7ffc79-0889-11e1-9c3d-485b3998c3f1}\Shell - "" = AutoRun O33 - MountPoints2\{ac7ffc79-0889-11e1-9c3d-485b3998c3f1}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.11 13:39:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bernhard\Desktop\OTL.exe [2012.06.11 13:34:23 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Desktop\Music [2012.06.11 13:16:56 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Bernhard\Desktop\HiJackThis204.exe [2012.06.11 12:56:02 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Downloads [2012.06.11 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\e-academy Inc [2012.06.11 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\e-academy Inc [2012.06.04 20:47:43 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2012.06.02 16:59:51 | 000,354,304 | ---- | C] (Parental Solutions Inc.) -- C:\Windows\SysNative\poua7stgo.dll [2012.05.30 08:29:18 | 000,071,680 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2012.05.30 08:29:14 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2012.05.21 14:46:31 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Mp3tag [2012.05.21 14:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2012.05.21 14:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2012.05.21 14:41:05 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Hulubulu [2012.05.21 14:37:12 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012.05.20 19:18:11 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Documents\Any Video Converter [2012.05.20 19:18:00 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\AnvSoft [2012.05.20 19:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2012.05.20 19:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft [2012.05.20 19:04:34 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.05.20 16:03:51 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.05.14 20:17:28 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Documents\Diablo III [2012.05.14 19:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.05.14 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.05.14 19:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.05.14 19:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012.05.14 13:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.11 13:39:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bernhard\Desktop\OTL.exe [2012.06.11 13:38:44 | 000,000,168 | ---- | M] () -- C:\Users\Bernhard\defogger_reenable [2012.06.11 13:38:28 | 000,050,477 | ---- | M] () -- C:\Users\Bernhard\Desktop\Defogger.exe [2012.06.11 13:17:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Bernhard\Desktop\HiJackThis204.exe [2012.06.11 12:56:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.11 12:54:17 | 000,003,161 | ---- | M] () -- C:\Users\Bernhard\Desktop\Secure Download Manager.lnk [2012.06.11 12:52:12 | 000,718,336 | ---- | M] () -- C:\Users\Bernhard\Desktop\SDM_DE.msi [2012.06.11 12:43:16 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.11 12:43:16 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.11 01:31:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.06.11 01:30:06 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.06.11 01:29:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.11 01:29:27 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys [2012.06.10 15:02:26 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2012.06.09 12:53:54 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.06.09 12:53:54 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.06.07 22:51:30 | 000,015,637 | ---- | M] () -- C:\Users\Bernhard\.recently-used.xbel [2012.06.04 20:47:43 | 000,000,516 | ---- | M] () -- C:\Users\Bernhard\Desktop\Fraps.lnk [2012.06.02 16:59:51 | 000,354,304 | ---- | M] (Parental Solutions Inc.) -- C:\Windows\SysNative\poua7stgo.dll [2012.05.30 08:29:18 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2012.05.30 08:29:14 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2012.05.26 13:56:29 | 000,007,607 | ---- | M] () -- C:\Users\Bernhard\AppData\Local\Resmon.ResmonCfg [2012.05.21 14:46:09 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2012.05.20 19:17:41 | 000,001,238 | ---- | M] () -- C:\Users\Bernhard\Desktop\Any Video Converter.lnk [2012.05.17 20:06:15 | 000,001,493 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.05.14 23:12:43 | 000,612,043 | ---- | M] () -- C:\Users\Bernhard\Documents\14-05-2012 23;12;43.PDF [2012.05.14 19:47:13 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.14 16:36:43 | 000,609,361 | ---- | M] () -- C:\Users\Bernhard\Documents\14-05-2012 16;36;43.PDF [2012.05.14 12:27:40 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.14 12:27:40 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.14 12:27:40 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.14 12:27:40 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.14 12:27:40 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.12 15:18:49 | 000,412,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.11 13:38:44 | 000,000,168 | ---- | C] () -- C:\Users\Bernhard\defogger_reenable [2012.06.11 13:37:59 | 000,050,477 | ---- | C] () -- C:\Users\Bernhard\Desktop\Defogger.exe [2012.06.11 12:54:17 | 000,003,161 | ---- | C] () -- C:\Users\Bernhard\Desktop\Secure Download Manager.lnk [2012.06.11 12:51:53 | 000,718,336 | ---- | C] () -- C:\Users\Bernhard\Desktop\SDM_DE.msi [2012.06.11 01:30:06 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.06.07 22:51:30 | 000,015,637 | ---- | C] () -- C:\Users\Bernhard\.recently-used.xbel [2012.06.04 20:47:43 | 000,000,516 | ---- | C] () -- C:\Users\Bernhard\Desktop\Fraps.lnk [2012.05.26 13:56:29 | 000,007,607 | ---- | C] () -- C:\Users\Bernhard\AppData\Local\Resmon.ResmonCfg [2012.05.21 14:46:09 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2012.05.20 19:17:41 | 000,001,238 | ---- | C] () -- C:\Users\Bernhard\Desktop\Any Video Converter.lnk [2012.05.17 10:52:55 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.14 23:12:43 | 000,612,043 | ---- | C] () -- C:\Users\Bernhard\Documents\14-05-2012 23;12;43.PDF [2012.05.14 19:19:24 | 000,001,209 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.14 16:36:43 | 000,609,361 | ---- | C] () -- C:\Users\Bernhard\Documents\14-05-2012 16;36;43.PDF [2012.05.09 14:29:30 | 000,001,867 | ---- | C] () -- C:\Windows\lightworks.ini [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.04 22:56:45 | 000,005,632 | ---- | C] () -- C:\Users\Bernhard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.11.21 22:50:03 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll [2011.11.21 22:50:02 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll [2011.11.21 22:50:02 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll [2011.11.21 22:50:02 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll [2011.11.21 22:50:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll [2011.11.21 22:50:01 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll [2011.11.21 22:50:01 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll [2011.11.21 22:50:01 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll [2011.11.21 22:50:01 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll [2011.11.21 22:50:01 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll [2011.11.21 22:50:01 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll [2011.11.21 22:50:01 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll [2011.11.21 22:50:00 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll [2011.11.21 22:50:00 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll [2011.11.21 22:50:00 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll [2011.11.21 22:49:59 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll [2011.11.21 22:49:59 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll [2011.11.21 22:49:59 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe [2011.11.21 22:49:59 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe [2011.11.21 22:49:59 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll [2011.11.21 22:49:59 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe [2011.11.21 22:48:49 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll [2011.11.21 22:48:49 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll [2011.11.17 19:39:46 | 000,000,600 | ---- | C] () -- C:\Users\Bernhard\AppData\Local\PUTTY.RND [2011.11.07 12:40:03 | 000,000,421 | ---- | C] () -- C:\Users\Bernhard\AppData\Roaming\sqlite3Explorer.xml [2011.11.06 18:11:11 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.24 13:13:21 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI [2011.08.15 22:52:50 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011.07.11 18:45:08 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\rgbacodec.dll [2011.04.21 12:33:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.04.21 12:33:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2010.08.31 21:12:48 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2010.08.31 21:04:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.08.31 20:45:52 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2012.05.20 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\AnvSoft [2011.12.04 22:07:07 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\avidemux [2012.05.11 09:07:22 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\DAEMON Tools Lite [2011.07.15 01:51:02 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Dropbox [2012.05.20 19:04:49 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\DVDVideoSoft [2011.11.30 22:43:40 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.11 12:54:17 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\e-academy Inc [2011.10.24 23:45:36 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Epson [2012.01.21 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\FileZilla [2010.11.29 23:13:07 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\FVZilla [2012.06.07 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\gtk-2.0 [2012.05.21 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Hulubulu [2010.12.07 20:04:33 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\LolClient [2012.05.21 14:59:21 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Mp3tag [2011.11.10 18:30:14 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Notepad++ [2012.01.01 19:06:33 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Samsung [2012.05.11 09:30:40 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Systweak [2011.11.05 22:16:56 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Telefónica [2012.01.29 00:06:11 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\The Creative Assembly [2012.01.27 21:25:21 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Ubisoft [2012.05.11 09:22:10 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Uniblue [2011.11.07 21:35:36 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Webocton - Scriptly [2010.11.26 14:47:58 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\WindSolutions [2010.11.26 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Xilisoft [2012.06.11 01:30:06 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012.06.10 15:02:26 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job [2012.05.11 09:51:44 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job [2012.05.11 09:51:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.11 01:31:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\SpeedUpMyPC.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 876 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk < End of report > Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:53:53, on 11.06.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\program files (x86)\avira\antivir desktop\avcenter.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Bernhard\AppData\Local\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\Bernhard\Desktop\OTL.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\Bernhard\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: SRS Premium Sound.lnk = ? O4 - Global Startup: vpngui.exe.lnk = ? O8 - Extra context menu item: Free YouTube Download - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bernhard\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe O10 - Broken Internet access because of LSP provider 'c:\windows\system32\d3dybse3i.dll' missing O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe O23 - Service: lxec_device - - C:\Windows\system32\lxeccoms.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Novatel Wireless Device Helper (NWHelper) - Novatel Wireless Inc. - C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 12757 bytes Code:
ATTFilter OTL Extras logfile created on: 11.06.2012 13:48:37 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Bernhard\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 42,14% Memory free 9,99 Gb Paging File | 7,59 Gb Available in Paging File | 75,95% Paging File free Paging file location(s): C:\pagefile.sys 6139 6139 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,45 Gb Total Space | 31,08 Gb Free Space | 26,69% Space Free | Partition Type: NTFS Drive D: | 329,78 Gb Total Space | 153,38 Gb Free Space | 46,51% Space Free | Partition Type: NTFS Computer Name: BERNHARD-PC | User Name: Bernhard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Free Video Zilla\FVZilla.exe" = C:\Program Files (x86)\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla -- () "C:\Program Files (x86)\Free Video Zilla\FVZilla.exe" = C:\Program Files (x86)\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F8DBEE5-BE7D-428C-952E-12ED1DA0BB28}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | "{1CF47160-D805-4208-A57A-A3CA0EE7F2F6}" = lport=2869 | protocol=6 | dir=in | app=system | "{1E0E8E86-A63E-437A-9972-F3CDD7641590}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | "{210E0FAE-D644-43ED-AEF7-B05DA1E0B672}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{2AC0E576-36AF-4FEB-87A1-315BFAECFB91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{330B7387-A7DC-4641-A14C-34E5165BAC81}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{368B3674-E689-4BBF-870C-6DBB2FBAA666}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{3981A4F0-0E6D-4C58-B893-955B18E6A5B1}" = lport=6974 | protocol=17 | dir=in | name=league of legends launcher | "{3F557EAC-FF22-44A2-9F8F-FE5768500067}" = lport=137 | protocol=17 | dir=in | app=system | "{40D6B55D-8B0E-4444-9346-4CA7D791E2AF}" = rport=10243 | protocol=6 | dir=out | app=system | "{414AB295-4610-4B6F-882C-FD893F765FDD}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher | "{51DEDAD9-55EB-4816-BD35-064DE12DFC82}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{56406035-E465-49B5-9A51-4AE9C40F82D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{569BF1FD-ED0A-4955-8E6E-75A35095EC2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5DFDE7D4-3160-4C04-90EE-F60E045B5766}" = rport=137 | protocol=17 | dir=out | app=system | "{6D7E2E50-0259-47C4-8B22-39AAA333A6E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{75AA124E-9FC0-406C-8418-ABE01DBE4DAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{78E201A1-963A-4E1C-8317-E1F2744EC77E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{81B95D49-DDA6-417A-94CE-1611F0FC17F6}" = lport=2869 | protocol=6 | dir=in | app=system | "{82803733-2002-48F5-834B-952C1A348B76}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{94DB8552-7C2F-4E5E-82D9-54F5B50E2D20}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher | "{95CA8D92-0288-4FE9-9B03-8AA18AF41C67}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{97444878-94D7-42B4-BA5A-507980435ABD}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{9AD80BE5-6929-4F36-8B6A-0A7B5156E86A}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | "{AA45A428-13FF-4EC7-A616-0CF85A25F94D}" = lport=6974 | protocol=6 | dir=in | name=league of legends launcher | "{AF3096CC-48F9-43D8-8E4B-196EE0906877}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B110BECA-96C1-4EFA-9E44-EA9768884C62}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{BDF4B6B7-4EFC-42EE-96CE-CAF15CC4FF26}" = lport=138 | protocol=17 | dir=in | app=system | "{C0178B87-13D2-4816-8DA4-DB8D9BA17619}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | "{CC0A0779-3BE1-4E07-BFEA-8841FAB251FC}" = rport=139 | protocol=6 | dir=out | app=system | "{D6CB9A9E-4DBD-49F0-BDB0-D05080D6D10D}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{D7875D61-3106-4192-8386-630ABB96E06A}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{E34F25E8-91BD-4526-A257-1E266C0442BF}" = rport=445 | protocol=6 | dir=out | app=system | "{E5D46309-B35D-467C-A03E-13F5D6B78AFF}" = rport=138 | protocol=17 | dir=out | app=system | "{E802DB63-5B1D-459D-A258-98B0B07F144A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EFD07297-297C-4135-A954-CE76272131A3}" = lport=139 | protocol=6 | dir=in | app=system | "{F05E0E4B-F1EE-42B8-AC99-36D16CB595C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{F07C0D13-D528-4157-8A25-180271C45EB7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F7F8D96F-E1CB-4F8E-8465-345A346C92FF}" = lport=10243 | protocol=6 | dir=in | app=system | "{F9869D62-7C98-4D69-B477-8DA8A99B5A5A}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{068B314D-05B1-4EE0-836C-9E6E79C01969}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{0CFFB919-EC07-4D4C-ADE1-FC2DE4E148B3}" = protocol=17 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe | "{0F9FAA1E-4DF2-4EB1-BF79-9FB50B863C9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{109011D6-43DB-4C34-97AA-A251A395044B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{191E46F1-0557-4DB3-AC00-E14F082C043E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{19D0AE5D-D3B9-4205-A590-B9BA36659E6B}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{1EDA03A2-6180-406E-B577-9239C490CC99}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{1FCB7B3E-76F8-4568-B48C-BFC84A9DBBA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{20443C25-EDCF-41DC-982B-7A2EFBFACB45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{22B52D49-B8CF-417E-A526-D78E224C891F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2329B52F-CC74-4FE3-9C9F-33BBDA95F8FA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{232D5B41-413E-4332-9375-15CA5D81EED1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{234A125A-29A9-448F-878C-69EBCB1ECCDE}" = protocol=6 | dir=in | app=d:\games\mass effect 3\binaries\win32\masseffect3.exe | "{26911D87-DCFE-4922-BFAD-60F96B329397}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{2AA3FB05-3F10-4B33-810A-E56B0BA7E185}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{31604E84-2514-43A6-9CCE-1ABFECAD9303}" = protocol=6 | dir=in | app=c:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe | "{34A20449-1BFE-415C-826E-0D90FCFBEEBD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{3BB8248A-3A44-47D3-A90F-6D912E3FF87E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{416D1303-C4FD-415A-9B24-FFCC041D3BFC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{44DE2881-F2EA-4F98-9108-96961DB21CD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{473A18D2-2DC7-4D7D-BE63-BFFEE48FFA12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{47996145-AE7F-41C1-8B92-24355B31C30E}" = dir=in | app=c:\windows\system32\lxeccoms.exe | "{47DD9A14-3055-426B-944C-A2F6371D6096}" = protocol=6 | dir=out | app=system | "{48CA0683-234B-4DF3-AB53-48D7A62FDF70}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{48D76788-A9C9-4396-ADD8-40DFC0A40BC9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{4986DF78-AB2A-4881-8EBC-F117421A3806}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{4CC3A768-89A3-4E2E-9E37-C16DEF9B3F62}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{50CC6213-3C23-4A53-8E72-DCBCE000C51E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{51035C80-1126-4BF5-BFE2-3A0156A43DAA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{536A941C-AC68-4286-8470-E817ECC7254A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{537ADD56-008B-4CA1-A59B-6D8771BA6612}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{54EF4EDD-BD9D-4C6C-B18F-AD216CDAFC08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{55CAD36D-37C9-4C62-AFCA-6E56000A6BFA}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{576A8951-B2BA-4113-9946-146E9C441141}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{57716A17-9669-4613-B44D-4C983A207D6F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{5892272B-EC5A-4048-8EDD-B6D76BFBFBF9}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{5ADFCF35-F4D8-4CC2-81AC-F0F409354A8B}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{5AE97971-88C2-47E8-95FD-061F568E8C53}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6171C1C7-01AD-4ED3-9BF3-E4758ABF6722}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{642D1D63-0C5F-4C63-901B-3D22491E7396}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{67E17C88-493C-4B93-8FE1-E76E7C1D1BB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6A61555E-F5D5-422C-B0E0-7344305EA75D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{767A4D45-472A-4B31-BC13-4900DFA7C259}" = dir=in | app=c:\windows\system32\lxeccoms.exe | "{7B46AA27-6A1B-4755-B550-A2CEC000A5D7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{899274AB-2578-4E87-9349-52B60584358A}" = protocol=17 | dir=in | app=c:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe | "{8A92448F-0C87-4F28-8F22-65838B19C28E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{8E1076F5-A980-47EC-A405-E4FBF3C03F8F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{8E33D352-851F-42E8-9F07-45AEB43E1BA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{98856EB5-B7F6-4215-A71D-AC96C3BF6F27}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{9A17FA2C-A425-4914-8CDE-CA2A2A869263}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9E5A72A6-49D4-4329-86BE-EBB3F7A0F2EB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{9FB8FE3F-0BD4-450A-B3BA-405159F032C8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{A274AF93-CD28-4042-B362-2022EAE25186}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{A2F93524-1EA0-4D83-AE57-8045AB8033C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{A2FF5C8A-F89D-4BA2-BB46-7DC856C59C52}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A499F9B5-D148-45A2-BE23-FDBE799F500E}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{A49A4BDE-8440-4E5F-8C1F-4AA699BE2B43}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{A54AD496-1555-405B-8811-E8F3871B4667}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{AA7BA9B4-6CD2-4608-B83B-68DF70061A97}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{AA9B916F-60A1-4FF9-9630-E176E6299408}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{ABF28236-0D6E-4BF4-AD17-F7382A1EEDB4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{AEEBC91F-9EAF-41DD-BF98-7C93F654675D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{B3B80611-04D5-40E8-8031-BFC1075C5625}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{BA49D4B7-8DDB-43CB-B1B9-312773B7BA46}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{BF7E10F0-50F9-4042-9580-17A49EEFD727}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{BF826C44-9FB5-4EBE-9301-0C2B7319F3A0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C134DD7D-7E6B-42B6-B3CA-75601E997196}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | "{C664B585-A1B2-4F91-894C-A6B43B345546}" = dir=in | app=c:\windows\system32\lxeccoms.exe | "{C7B14A49-8C5F-4691-A18C-667774D7A0EE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CA3A4428-F354-4121-8D17-5BA3FD98974F}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{CCE75252-A425-4670-8E06-5ACB13EB91C1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{CE3E0102-3D54-4E6A-AD9D-03C9988A03C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CE85B927-0630-4C9D-A33B-A271744599FD}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "{D1CA8D7E-DA1C-4E26-9AB3-41E2C4A587C3}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "{D3138D20-8A1C-4326-ADE9-AC5384076516}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D4ADEE20-2D52-4F5D-A2B8-1910E9C5A94E}" = dir=in | app=c:\windows\system32\lxeccoms.exe | "{D7AE25E2-1FA5-4D6A-8F65-46D8CE35A0D5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D890D46C-D713-4765-9FCB-678D7C95B159}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{DA7C5C96-21AC-4C63-B85F-62C4D60798F6}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{DC6AA798-5B77-4236-94D7-5B5D72E838AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{DFF73A27-BD16-4E9E-83B4-F2C4BFDD30BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{E6D256A1-87CE-445C-A468-893747432855}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{ED2B15E6-211B-4FA3-9F5B-C9612C7E1AA7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{EF29F835-DCB2-4546-9577-63A7C0E41BB0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F2974E51-7E42-4E4C-B198-527454F00D18}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{F3F9438F-0984-44E3-8D5B-EE01F693018D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F742A887-0F89-407A-BB88-024E70CD9FF0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{F8F50270-BC99-433F-A072-5B95F6AC2E2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FA58AE99-32D2-4EB1-A04C-E14205164F6A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{FB201EB3-13E7-43FA-BF34-BC4D93601D22}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{FF2FFB44-A4CD-40D7-9083-AB4E33C93E2E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | "TCP Query User{11D53D8B-B999-44D8-A747-0613544D12CC}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | "TCP Query User{3051574A-1681-450B-A3B2-70C412DFDC75}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{3D46D0EC-14AC-4BBE-8004-84F525479A23}D:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | "TCP Query User{60F494DD-DD0A-4E97-9DF8-F6C3A52EB4DE}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{764A2865-471E-45E8-9B2F-AABC45BA506A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{7F2E4B0A-3A13-4D94-B125-85B7463A2890}C:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{C6610C35-13ED-4601-A6B6-0249BE4875F6}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe | "TCP Query User{CCBA72FD-CD45-48C3-93ED-47D9E6AAA3E0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{09056D0A-7DDB-4CD4-B658-B395AFF592D6}D:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | "UDP Query User{2583C417-8C8B-4C77-8F65-C1A1CFDA131E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{25B1E485-7F00-4112-BD29-C6AD2042DDB0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{34779C59-0ABA-4B6B-B5EE-9AFD02804F41}C:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bernhard\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{4F80081E-7EE1-4C61-8CE4-4F4CE1682304}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{5547C8B4-7A09-48A5-9E98-22271B1308A2}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{9F917DC5-0DF3-44F3-85CD-6690399B9523}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe | "UDP Query User{C294206D-F425-4A06-957E-54372116C000}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety "{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding "{412FF2A0-2E34-436B-8A0A-9E4EF32E913E}" = Option WWAN Driver 5.0.32.0 Installer "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5581B78C-609A-4AA0-BFAB-64A847C0A4E6}" = Outlook Sync Db 2010 "{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel "{5DBC38C9-D776-3050-FD3E-F4B5E99CCDDC}" = AMD Fuel "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{63591AAA-97F0-24A8-3EBD-174B5E35D6BF}" = ccc-utility64 "{63FC1F01-1232-B654-0C07-E1CD91B760E0}" = AMD Media Foundation Decoders "{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = Option WWAN Driver 5.0.32.0 Installer "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{82C9101B-36EC-5821-DD8B-05480074A0B8}" = AMD Catalyst Install Manager "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel "{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL "EPSON SX125 Series" = Druckerdeinstallation für EPSON SX125 Series "Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam "WinGimp-2.0_is1" = GIMP 2.6.8 "WinRAR archiver" = WinRAR "ZTE USB Driver" = ZTE USB Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02D0DF6E-BE8D-66B0-3C3F-ED0F395DF765}" = CCC Help Finnish "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste "{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office "{1395B38D-5889-19E5-D02E-BD1A02BF373B}" = CCC Help Spanish "{13D5F9B6-D70A-DCCA-A00D-E43839CDFA83}" = CCC Help Chinese Standard "{1410D707-A9C3-2E70-9476-2427EC18134F}" = CCC Help Turkish "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{46AFD359-AAE9-2843-B7CE-10FB46C76E99}" = CCC Help German "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{57D5FAFB-30E8-63EB-D4F7-07298597578F}" = AMD VISION Engine Control Center "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5CAA69CD-9C1B-5604-B14B-8FAC2BC5E228}" = Catalyst Control Center InstallProxy "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3 "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7322467B-FAD1-5529-C4EF-7EA4BC17C0A2}" = CCC Help Korean "{74E4B282-F25A-53A1-BBA5-7A3EFB90FAF4}" = CCC Help Japanese "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8AC115AA-27D2-4024-6E7D-D9FCD93D0487}" = CCC Help Portuguese "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91EDBF6E-2260-646A-4D80-CB0802132736}" = Catalyst Control Center Localization All "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager "{931AED36-CF8A-F34F-8C13-5C19010DF6C6}" = CCC Help French "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{9E75789D-E176-A72B-DE9E-D2AE63FE601B}" = Catalyst Control Center Graphics Previews Common "{9F711CB6-8E76-63DA-6ABA-C21B7C839CA5}" = CCC Help Russian "{A0E52598-872B-9E9A-181F-1A80C6AA4493}" = CCC Help Italian "{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BFA7A60F-D018-AF0D-47E9-A13D0219E86A}" = CCC Help Thai "{C3C35CB3-82B6-F36F-B39A-B2AFAA74F7D2}" = CCC Help Norwegian "{C47C2F4D-4419-D823-C272-325FD9B92415}" = CCC Help Czech "{C68C6E34-A103-F7BC-8682-C1C4190BAC1F}" = CCC Help Greek "{D0251102-442C-6FE0-4FDC-2ACF2AD2A2A5}" = CCC Help English "{D2A90CAF-AF34-C526-D4C7-AE4FF4547B66}" = CCC Help Polish "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC "{E5C76964-F17B-7FCB-958F-1C067A2D217C}" = CCC Help Swedish "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E7E76AEC-266C-C1A0-E39B-21AB97402CA1}" = CCC Help Chinese Traditional "{E7F12C4C-9932-A039-4FAC-CAD1672EB633}" = CCC Help Hungarian "{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks "{EBE9A607-31AB-696D-5220-5098B61AA9B2}" = CCC Help Dutch "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFAF4DB9-943E-97E5-051C-DC6C4E7094C0}" = CCC Help Danish "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Any Video Converter_is1" = Any Video Converter 3.3.8 "Audacity_is1" = Audacity 1.2.6 "Avidemux 2.5" = Avidemux 2.5 (32-bit) "Avira AntiVir Desktop" = Avira Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "DivX Setup" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Scanner" = EPSON Scan "EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FileZilla Client" = FileZilla Client 3.5.3 "FormatFactory" = FormatFactory 2.70 "Fraps" = Fraps "Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228 "Free Video Zilla_is1" = Free Video Zilla "Free YouTube Download_is1" = Free YouTube Download version 3.0.18.1123 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508 "HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.12.00 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader "JDownloader" = JDownloader "JPG2PDF_is1" = JPG2PDF 2.2 "K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers "Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.51 "Notepad++" = Notepad++ "o2DE" = Mobile Connection Manager "PokerStars.net" = PokerStars.net "RealPlayer 12.0" = RealPlayer "RegClean Pro_is1" = RegClean Pro "Security Task Manager" = Security Task Manager 1.8d "SpeedFan" = SpeedFan (remove only) "Steam App 34330" = Total War: SHOGUN 2 "Steam App 40390" = Risen 2 - Dark Waters "SubtitleCreator" = SubtitleCreator "VLC media player" = VLC media player 1.1.5 "Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.05.2012 14:14:49 | Computer Name = Bernhard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 23.05.2012 14:30:54 | Computer Name = Bernhard-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 25.05.2012 13:12:39 | Computer Name = Bernhard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 25.05.2012 14:04:41 | Computer Name = Bernhard-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 25.05.2012 21:53:56 | Computer Name = Bernhard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 25.05.2012 22:39:57 | Computer Name = Bernhard-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 26.05.2012 07:19:57 | Computer Name = Bernhard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 26.05.2012 11:53:58 | Computer Name = Bernhard-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 26.05.2012 12:34:11 | Computer Name = Bernhard-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 26.05.2012 14:27:03 | Computer Name = Bernhard-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . [ System Events ] Error - 11.06.2012 06:23:55 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.06.2012 07:28:38 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.06.2012 07:28:38 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.06.2012 07:28:38 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.06.2012 07:28:38 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.06.2012 07:28:39 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.06.2012 07:28:39 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.06.2012 07:28:39 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.06.2012 07:28:39 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.06.2012 07:28:48 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 < End of report > Zu Kykymber finde ich nichts brauchbares in Google, nur etwa 6 Mrd Virenscanner, die sich mein Geld unter den Nagel reißen wollen. Bin für jede Hilfe dankbar. |
11.06.2012, 13:42 | #2 |
/// Malwareteam | TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Ich muss dir leider sagen, dass das sehr holprig werden kann. Der Schädling, den du im April ignoriert hast, kann mehr als unangenehm werden und wie es aussieht, ist er nach wie vor aktiv. Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
11.06.2012, 15:35 | #3 |
| TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 Schonmal danke für die schnelle Antwort.
__________________aswMBR spuckt Folgendes aus: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-06-11 16:12:33 ----------------------------- 16:12:33.794 OS Version: Windows x64 6.1.7601 Service Pack 1 16:12:33.794 Number of processors: 2 586 0x603 16:12:33.795 ComputerName: BERNHARD-PC UserName: Bernhard 16:12:34.586 Initialize success 16:12:58.783 AVAST engine defs: 12061100 16:14:20.100 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071 16:14:20.105 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11 16:14:20.126 Disk 0 MBR read successfully 16:14:20.131 Disk 0 MBR scan 16:14:20.142 Disk 0 Windows 7 default MBR code 16:14:20.148 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63 16:14:20.172 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119240 MB offset 40965750 16:14:20.179 Disk 0 Partition - 00 0F Extended LBA 337695 MB offset 285171712 16:14:20.208 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 337694 MB offset 285173760 16:14:20.235 Disk 0 scanning C:\Windows\system32\drivers 16:14:32.892 Service scanning 16:15:06.103 Modules scanning 16:15:06.125 Disk 0 trace - called modules: 16:15:06.514 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 16:15:06.528 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b01060] 16:15:06.536 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004a8eb80] 16:15:06.541 5 amdxata.sys[fffff880011537a8] -> nt!IofCallDriver -> \Device\00000071[0xfffffa8004a89060] 16:15:07.497 AVAST engine scan C:\Windows 16:15:10.686 AVAST engine scan C:\Windows\system32 16:18:55.543 AVAST engine scan C:\Windows\system32\drivers 16:19:13.545 AVAST engine scan C:\Users\Bernhard 16:25:08.563 AVAST engine scan C:\ProgramData 16:26:31.501 Disk 0 MBR has been saved successfully to "C:\Users\Bernhard\Desktop\MBR.dat" 16:26:31.510 The log file has been saved successfully to "C:\Users\Bernhard\Desktop\aswMBR.txt" |
11.06.2012, 15:47 | #4 |
| TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 Parameter vergessen, tut mir leid |
12.06.2012, 06:54 | #5 | |
/// Malwareteam | TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
12.06.2012, 08:47 | #6 |
| TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 So hier. Bin noch eine 3/4 Std da dann noch ab 18.00. Code:
ATTFilter Combofix Logfile: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. Geändert von Numitor (12.06.2012 um 09:07 Uhr) |
12.06.2012, 09:08 | #7 | |
/// Malwareteam | TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 Mehrere Anti-Virus-Programme Code:
ATTFilter AV: Avira Lavasoft Ad-Watch Live! Anti-Virus Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
12.06.2012, 09:20 | #8 |
| TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 Habe Ad-Aware deinstalliert. Mehr hilft wohl nicht mehr |
12.06.2012, 09:46 | #9 |
/// Malwareteam | TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 Schritt 1: CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter FILE:: c:\windows\system32\poua7stgo.dll C:\Windows\SysWOW64\UpdSvc.dll DRIVER:: Update-Service DNScache CLEARJAVACACHE:: REGISTRY:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f84e55c-9b36-11e1-ab0c-485b3998c3f1}] Wichtig:
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
12.06.2012, 21:50 | #10 |
| TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 Hier der Log von Combofix Code:
ATTFilter Combofix Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bernhard :: BERNHARD-PC [Administrator] 11.06.2012 21:12:57 mbam-log-2012-06-11 (21-12-57).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 483064 Laufzeit: 58 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
13.06.2012, 08:48 | #11 | |
/// Malwareteam | TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
13.06.2012, 13:11 | #12 |
| TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 Das hier war die letzte Infektionsmeldung. Code:
ATTFilter Protokollname: Application Quelle: Avira Antivirus Datum: 12.06.2012 08:11:09 Ereignis-ID: 4113 Aufgabenkategorie:Infektion Ebene: Warnung Schlüsselwörter:Klassisch Benutzer: SYSTEM Computer: Bernhard-PC Beschreibung: AntiVir erkannte in der Datei C:\Windows\System32\xpty0h43.tsp verdächtigen Code mit der Bezeichnung 'TR/ATRAPS.Gen'! Ereignis-XML: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Avira Antivirus" /> <EventID Qualifiers="32768">4113</EventID> <Level>3</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2012-06-12T06:11:09.000000000Z" /> <EventRecordID>30538</EventRecordID> <Channel>Application</Channel> <Computer>Bernhard-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data>TR/ATRAPS.Gen</Data> <Data>C:\Windows\System32\xpty0h43.tsp</Data> <Data>0x0</Data> <Data> </Data> </EventData> </Event> Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Montag, 11. Juni 2012 12:01 Es wird nach 3814688 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Bernhard Computername : BERNHARD-PC Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 16:36:44 AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 16:36:44 LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 16:36:45 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 16:36:46 AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 16:36:36 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:49:21 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 07:56:15 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 07:56:21 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 12:01:15 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 17:21:25 VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 16:36:35 VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 16:36:35 VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 16:36:35 VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 16:36:35 VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 16:36:35 VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 16:36:35 VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 16:36:35 VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 16:36:35 VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 16:36:35 VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 15:57:08 VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 17:20:49 VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 22:54:20 VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 18:21:12 VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 07:21:59 VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 12:44:54 VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 12:45:19 VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 15:00:52 VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 18:46:38 VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 18:46:41 VBASE024.VDF : 7.11.32.86 2048 Bytes 08.06.2012 18:46:41 VBASE025.VDF : 7.11.32.87 2048 Bytes 08.06.2012 18:46:41 VBASE026.VDF : 7.11.32.88 2048 Bytes 08.06.2012 18:46:41 VBASE027.VDF : 7.11.32.89 2048 Bytes 08.06.2012 18:46:41 VBASE028.VDF : 7.11.32.90 2048 Bytes 08.06.2012 18:46:41 VBASE029.VDF : 7.11.32.91 2048 Bytes 08.06.2012 18:46:41 VBASE030.VDF : 7.11.32.92 2048 Bytes 08.06.2012 18:46:41 VBASE031.VDF : 7.11.32.116 77824 Bytes 10.06.2012 23:34:57 Engineversion : 8.2.10.80 AEVDF.DLL : 8.1.2.8 106867 Bytes 02.06.2012 15:00:51 AESCRIPT.DLL : 8.1.4.24 450939 Bytes 01.06.2012 12:46:03 AESCN.DLL : 8.1.8.2 131444 Bytes 24.03.2012 12:01:19 AESBX.DLL : 8.2.5.10 606580 Bytes 30.05.2012 10:31:56 AERDL.DLL : 8.1.9.15 639348 Bytes 31.01.2012 07:55:37 AEPACK.DLL : 8.2.16.16 807288 Bytes 30.05.2012 10:31:47 AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 21:13:43 AEHEUR.DLL : 8.1.4.36 4874615 Bytes 01.06.2012 12:46:00 AEHELP.DLL : 8.1.21.0 254326 Bytes 12.05.2012 13:24:35 AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 21:13:40 AEEXP.DLL : 8.1.0.44 82293 Bytes 30.05.2012 10:31:56 AEEMU.DLL : 8.1.3.0 393589 Bytes 31.01.2012 07:55:34 AECORE.DLL : 8.1.25.10 201080 Bytes 01.06.2012 12:45:22 AEBB.DLL : 8.1.1.0 53618 Bytes 31.01.2012 07:55:33 AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 16:36:43 AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 16:36:44 AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 16:36:46 AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 16:36:44 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 16:36:44 SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 16:36:45 AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 16:36:44 NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 16:36:45 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 16:36:44 RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 16:36:44 Konfiguration für den aktuellen Suchlauf: Job Name..............................: ShlExt Konfigurationsdatei...................: C:\Users\Bernhard\AppData\Local\Temp\31258352.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: aus Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Montag, 11. Juni 2012 12:01 Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\Bernhard\Desktop\d3dybse3i.dll' C:\Users\Bernhard\Desktop\d3dybse3i.dll [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen Beginne mit der Suche in 'C:\Users\Bernhard\Desktop\nsp4gkpf.dll' C:\Users\Bernhard\Desktop\nsp4gkpf.dll [FUND] Ist das Trojanische Pferd TR/PSW.Kykymber.ceig Beginne mit der Desinfektion: C:\Users\Bernhard\Desktop\nsp4gkpf.dll [FUND] Ist das Trojanische Pferd TR/PSW.Kykymber.ceig [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '562d6385.qua' verschoben! C:\Users\Bernhard\Desktop\d3dybse3i.dll [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ec64ce2.qua' verschoben! Ende des Suchlaufs: Montag, 11. Juni 2012 12:02 Benötigte Zeit: 00:00 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 2 Dateien wurden geprüft 2 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 2 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 0 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 2 Hinweise |
13.06.2012, 13:26 | #13 | |
/// Malwareteam | TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 VT Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
13.06.2012, 15:57 | #14 |
| TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 Die Datei ist nicht auffindbar. Weder in der Avira-Quarantäne noch beim Defender und auch nicht im Verzeichnis |
14.06.2012, 08:08 | #15 |
/// Malwareteam | TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter FILELOOK:: C:\Windows\System32\xpty0h43.tsp Wichtig:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
Themen zu TR/ATRAPS.Gen und TR/PSW.Kykymber.ceig in SysWOW64 |
.com, acrobat update, ad-aware, alternate, antivir, audacity, avira, bho, converter, dateisystem, device driver, ebanking, error, firefox, flash player, geld, google, heuristiks/extra, heuristiks/shuriken, hijack, hijackthis, home, install.exe, jdownloader, langsam, league of legends, logfile, microsoft office word, mp3, neu aufsetzen, office 2007, pando media booster, plug-in, pup.toolbardownloader, realtek, regclean, regclean pro, scan, searchscopes, security, senden, software, svchost.exe, system neu, usb 2.0, windows |