| |
| |||||||
Log-Analyse und Auswertung: Firefox bereitet Probleme, Malware vermutetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.06.2012, 22:27
| #1 |
  |  Firefox bereitet Probleme, Malware vermutet Windows 7, SP1 , Prof, 64 bit, Updates aktuell Firefox ESR 10.0.5 , aktuell Ich habe Probleme mit dem Firefox, er friert bei manchen Anwendungen ein und beim abschalten erscheint der Absturzmelder. Im Forum Camp-Firefox hat man jetzt auch einen Malware-Verdacht geäußert, deshalb möchte ich euch hier mal um Rat fragen. Beim Defogger habe ich nur folgendes Log bekommen, aber da stimmt wohl was nicht, oder?? Wollte ohne Nachfrage nicht noch mal aufrufen. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:09 on 14/06/2012 (Uwe)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 14.06.2012 23:10:43 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Uwe\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,43% Memory free 7,99 Gb Paging File | 6,00 Gb Available in Paging File | 75,04% Paging File free Paging file location(s): h:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 76,91 Gb Free Space | 64,50% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS Drive E: | 465,66 Gb Total Space | 461,56 Gb Free Space | 99,12% Space Free | Partition Type: NTFS Drive G: | 111,76 Gb Total Space | 23,54 Gb Free Space | 21,06% Space Free | Partition Type: FAT32 Drive H: | 465,76 Gb Total Space | 412,41 Gb Free Space | 88,55% Space Free | Partition Type: NTFS Drive I: | 463,87 Gb Total Space | 357,96 Gb Free Space | 77,17% Space Free | Partition Type: NTFS Drive J: | 463,87 Gb Total Space | 443,80 Gb Free Space | 95,67% Space Free | Partition Type: NTFS Drive K: | 463,87 Gb Total Space | 463,77 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive L: | 471,41 Gb Total Space | 206,13 Gb Free Space | 43,73% Space Free | Partition Type: NTFS Drive N: | 7,39 Gb Total Space | 7,34 Gb Free Space | 99,38% Space Free | Partition Type: FAT32 Computer Name: UWESEIN-PC | User Name: Uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 23:04:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe PRC - [2012.06.14 23:02:36 | 000,050,477 | ---- | M] () -- C:\Users\Uwe\Desktop\Defogger.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.12.23 18:26:44 | 000,347,792 | ---- | M] (Expert System S.p.A.) -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe PRC - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011.10.14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2011.07.01 11:27:00 | 010,200,240 | ---- | M] (Bibliographisches Institut GmbH) -- C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe PRC - [2010.08.04 23:19:14 | 000,799,552 | ---- | M] (Interactive Brands Inc.) -- C:\Program Files (x86)\PDF Suite 2010\ConversionService.exe PRC - [2010.03.08 10:38:42 | 000,517,416 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe PRC - [2009.09.24 11:11:36 | 000,200,704 | R--- | M] () -- C:\Windows\SysWOW64\HsMgr.exe PRC - [2009.04.27 16:20:46 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe PRC - [2009.04.27 16:19:38 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe PRC - [2007.01.05 13:37:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\VM305_STI.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.14 23:02:36 | 000,050,477 | ---- | M] () -- C:\Users\Uwe\Desktop\Defogger.exe MOD - [2012.05.13 12:33:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.13 12:33:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.13 12:33:50 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll MOD - [2012.05.13 12:33:19 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.13 12:33:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.13 12:33:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.04.24 00:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.03.22 00:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011.10.05 11:32:28 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\MBControls.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:57:46 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll MOD - [2009.09.24 11:11:36 | 000,200,704 | R--- | M] () -- C:\Windows\SysWOW64\HsMgr.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.04.19 16:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device) SRV - [2012.06.11 12:25:54 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2011.04.25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.04 23:19:14 | 000,799,552 | ---- | M] (Interactive Brands Inc.) [Auto | Running] -- C:\Program Files (x86)\PDF Suite 2010\ConversionService.exe -- (PDF Suite 2010 Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.08 10:38:42 | 000,517,416 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.30 22:32:32 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.08 21:04:51 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.12.13 19:44:16 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011.12.12 22:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.12.12 22:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.07.13 14:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.07.13 14:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.11.02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.09.24 11:12:28 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2007.03.08 13:03:58 | 001,541,120 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbVM305.sys -- (ZSMC0305) DRV:64bit: - [2007.02.02 14:47:18 | 000,300,800 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vvftav.sys -- (vvftav) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E D2 E7 8E 7C 08 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deES476 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.225.68.125:8181 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google.de" FF - prefs.js..browser.search.defaultenginename: "Google.de" FF - prefs.js..browser.search.order.1: "Google.de" FF - prefs.js..browser.search.order.2: "Google" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rlz=1R0GGLL_de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {c666c018-6409-4479-afa3-68e4129e7eff}:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: FFPDFConverter@ib.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://www.google.de/search?q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.05.03 15:03:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.05.03 15:03:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.05.03 15:03:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFConverter@ib.com: C:\Program Files (x86)\PDF Suite 2010\firefoxextension [2012.03.08 23:02:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.05 22:16:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.24 18:21:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.03.08 20:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions [2012.06.14 18:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions [2012.04.08 00:27:28 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012.03.08 21:38:05 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2012.05.18 11:38:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.03.08 21:38:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.14 23:22:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions\firefox@ghostery.com [2011.07.26 19:19:58 | 000,002,333 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\vt4hwcmr.default\searchplugins\askcom.xml [2011.09.21 22:48:14 | 000,001,708 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\vt4hwcmr.default\searchplugins\es-fcil-verbos-espaoles.xml [2012.03.08 20:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.08 23:02:00 | 000,000,000 | ---D | M] (PDF Suite Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF SUITE 2010\FIREFOXEXTENSION [2011.11.02 14:38:26 | 000,007,532 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI [2012.03.01 16:59:24 | 000,033,619 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI [2012.06.12 22:53:01 | 000,525,301 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.06.05 22:16:37 | 000,061,219 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI [2012.03.20 15:24:07 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.02.24 12:50:42 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI [2011.10.18 13:38:40 | 000,174,405 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\GUICONFIG@SLOSD.NET.XPI [2012.06.05 22:16:29 | 000,134,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.17 00:16:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.17 00:01:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.17 00:16:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.17 00:16:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.17 00:16:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.17 00:16:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (PDF Suite Helper) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - C:\Program Files (x86)\PDF Suite 2010\PDFIEHelper.dll (Interactive Brands Inc.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found. O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PDF Suite Toolbar) - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Program Files (x86)\PDF Suite 2010\PDFIEPlugin.dll (Interactive Brands Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Cmaudio8768GX] C:\Windows\syswow64\HsMgr.exe () O4:64bit: - HKLM..\Run: [Cmaudio8768GX64] C:\Windows\system\HsMgr64.exe () O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BigDog305] C:\Windows\VM305_STI.EXE (Vimicro) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Uwe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Uwe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC37A775-B021-4B1D-9B36-3B956399D880}: DhcpNameServer = 80.58.61.250 80.58.61.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.03.11 16:42:21 | 000,024,064 | ---- | M] () - H:\Autorización General.doc -- [ NTFS ] O32 - AutoRun File - [2012.03.11 16:42:21 | 000,024,064 | ---- | M] () - K:\Autorización General.doc -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 23:04:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe [2012.06.14 11:49:57 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{3E78D47E-D9CB-4BBA-ACA2-ECE2358CE516} [2012.06.14 11:49:46 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{86A7DD94-3ED0-4935-B20C-60D59E70CC26} [2012.06.14 00:28:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 00:28:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 00:28:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 00:28:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 00:28:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 00:28:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 00:28:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.14 00:28:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.14 00:28:13 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.14 00:28:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.14 00:28:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.14 00:28:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 00:28:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.14 00:27:48 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.06.14 00:27:48 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.06.13 23:49:20 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{23F31114-A9AA-478F-B859-F0651C8CE4D4} [2012.06.13 23:49:01 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{08530354-52EB-478E-B734-ABC52C6DFF5F} [2012.06.13 11:53:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 11:53:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 11:53:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 11:53:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 11:53:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 11:53:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 11:53:18 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 11:53:17 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 11:53:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.13 11:48:48 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{4D0B9842-01B5-445E-91D8-6AD89584C993} [2012.06.13 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{CD76F96E-9F1C-4450-A4BB-DEAB07D201BE} [2012.06.12 12:17:30 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{BAA207AA-18FC-490E-8104-8ACDCB97DF36} [2012.06.12 12:17:19 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{F5D6B93B-8843-4240-96F7-4EA9FACC7DBB} [2012.06.11 12:19:50 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{E7930114-0DFF-47A9-8CFE-7A77ADAE4D15} [2012.06.11 12:19:39 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{17FF7C19-F40F-47DA-8442-3C2EA870B458} [2012.06.10 12:18:36 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{01537576-B0CE-4F53-9E5F-3D0D9C5519F6} [2012.06.10 12:18:19 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{C597DB50-028A-4C55-9B02-566C775ED488} [2012.06.09 12:12:51 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\Macromedia [2012.06.09 12:11:52 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{0D82F97B-7E01-4C3D-A86E-D6D4844125F1} [2012.06.09 12:11:40 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{42C6AAB9-9D64-4DBE-B88F-37315E0F725E} [2012.06.08 23:14:47 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{8857EE90-F9DB-4CAC-88B7-B4AC43F3ACE6} [2012.06.08 11:14:24 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{B4E0F331-58D8-43BD-BB30-80B690335C7F} [2012.06.08 11:14:13 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{65975ED1-C1E2-4863-B06C-D9294A4791EE} [2012.06.07 23:13:48 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{EDF5357C-95ED-465C-84A8-8B9AE4EA4BE0} [2012.06.07 11:13:13 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{9B9AD720-A6BD-4A6C-9D95-D39235636A6E} [2012.06.07 11:13:02 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{BB8D7582-995B-4A59-B271-D4EDC7F70E5F} [2012.06.06 21:50:16 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{A90DB73E-954E-458B-A692-E3A0F3E38508} [2012.06.06 21:50:04 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{7DC339BD-0E00-439A-8551-B73BAC28AB80} [2012.06.06 09:49:40 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{4D276867-40BB-44B5-9B4A-ED2E022A92F9} [2012.06.06 09:49:28 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{4DEEE0E2-F253-433E-A308-E889FB2A987C} [2012.06.05 12:25:31 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{E347CED8-1EFA-47FD-9F1A-CA6ED2FF6E00} [2012.06.05 12:25:15 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{D894CE7A-6263-40FC-A315-60D45978659A} [2012.06.04 13:11:16 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{5E8B2774-1AF0-4CD6-BBF9-1C0103170000} [2012.06.04 13:11:05 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{A248590B-FAE7-4FD1-AC60-25C480CECB3D} [2012.06.03 12:12:55 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{9FAF76CE-4BD3-472E-A38B-63AACD3874C8} [2012.06.03 12:12:44 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{8CC12D50-8AA7-42AD-AA0A-FEDB4AFD55F2} [2012.06.02 12:16:50 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{175E944F-9998-4841-B172-159F53D6DF02} [2012.06.02 12:16:34 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{88E4EC9E-55C8-4115-A293-418124930BA7} [2012.06.01 12:14:21 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{55BB213E-75E4-455C-8042-2CB0063C59C9} [2012.06.01 12:14:10 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{3B2311DF-2F9A-4FE5-8A09-ADEA31F5CC12} [2012.05.31 12:16:17 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{F2AB7E07-0A97-4FF5-9458-D2D9B5C0898B} [2012.05.31 12:16:06 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{1DB292CD-DC0E-4398-BA77-531783999748} [2012.05.31 00:15:29 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{7B1E8537-8510-4B1D-B3AD-00B8AA080A13} [2012.05.31 00:15:18 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{A8CCAA14-969D-43A3-B41C-3FEDDFAEC571} [2012.05.30 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\TrueCrypt [2012.05.30 22:32:32 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012.05.30 22:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt [2012.05.30 22:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt [2012.05.30 12:15:06 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{FD31B5E2-C99E-44E4-B704-0720AF06F150} [2012.05.30 12:14:55 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{CB8C1DA5-7B43-424E-9FEE-B058165C91E1} [2012.05.30 00:06:18 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{6663366B-42BE-4082-A591-F278682CE7C7} [2012.05.30 00:06:03 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{C28535D9-76C5-4BFF-AE14-633B3DEF68E8} [2012.05.29 12:05:50 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{8CAF28A1-50D4-4C2C-9050-C67BF0EE4AC6} [2012.05.29 12:05:35 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{45A17EB6-19A4-47D7-8BC7-63023D158AF9} [2012.05.28 12:31:28 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{923C6588-8827-407F-A97C-10D79FD846A5} [2012.05.28 12:31:13 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{1B8AFD07-9F36-441B-B263-BF00947CA06C} [2012.05.27 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{65D03188-929F-49FA-A199-DE4EB7F79618} [2012.05.27 12:24:20 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{26A04B67-E95C-4360-B9E4-E7F551F9C6AB} [2012.05.26 12:25:06 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{37A46D26-4CF2-4563-95BA-5D5627DF39D1} [2012.05.26 12:24:53 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{71254047-5AFB-4369-8C09-2A2763451496} [2012.05.25 12:41:00 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{547FA520-826C-47AC-AC04-BADBECAF8BAA} [2012.05.25 12:40:49 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{7C2FCAD4-482F-43DE-BED9-A9C5DF0F2C30} [2012.05.24 18:21:18 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\Thunderbird [2012.05.24 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.05.24 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{074CC885-6827-478B-B0BD-D0983DF74D68} [2012.05.24 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{93D0D493-81A8-48FC-8F96-8AA3729514A0} [2012.05.23 12:38:07 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{ABA1D10D-5FEE-42B2-8EF9-0BB550170DA7} [2012.05.23 12:37:51 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{804B10D6-F5A1-4EBC-A746-8B59A99E3F27} [2012.05.22 12:27:17 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.05.22 12:26:37 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{EAD37A08-B12E-4A12-9EEE-5F0CAC738230} [2012.05.22 12:26:26 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{D0504D5A-255E-450C-8AF9-563DD07C34B8} [2012.05.21 15:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.05.21 15:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.05.21 15:00:21 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{241D7A01-328E-4953-AA16-82F83B7B7C22} [2012.05.21 15:00:04 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{A819F99E-1AE8-49E5-B920-208DDCBFE782} [2012.05.20 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{9C268E40-8F93-455F-B333-297086905782} [2012.05.20 12:28:24 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{C2D13A6E-9568-4CFA-B0FD-9538734D8D6A} [2012.05.19 12:31:08 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{4FAC0DD9-8F88-4277-BFBE-F35C7E0B91CD} [2012.05.19 12:30:57 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{FBB08FA1-1ADA-4F52-A4C3-1FB1A02AF223} [2012.05.18 23:38:34 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{218FC2B2-A21F-4700-A4A9-0337CCE59FF8} [2012.05.18 23:38:12 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{9C823DF8-B28C-4DCB-8C4D-044215788969} [2012.05.18 11:37:59 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{2913348B-CA92-4C8F-876C-5A5C100C39BD} [2012.05.18 11:37:44 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{D5E854C4-8AE5-402E-BC16-643DCD9C937B} [2012.05.17 13:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.05.17 13:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.05.17 13:38:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.05.17 13:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.05.17 12:36:30 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{7B282815-55EE-4127-A393-1368A7D27A89} [2012.05.17 12:36:13 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{879B8522-2126-448F-A930-F04CBE209CFE} [2012.05.16 13:04:48 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{18A8DFDD-ADE7-4F9B-996A-0A994567D23B} [2012.05.16 13:04:26 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{09FEEA3B-83C8-4175-87A1-36DDE5796A85} [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.14 23:09:10 | 000,000,000 | ---- | M] () -- C:\Users\Uwe\defogger_reenable [2012.06.14 23:04:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe [2012.06.14 23:02:36 | 000,050,477 | ---- | M] () -- C:\Users\Uwe\Desktop\Defogger.exe [2012.06.14 22:55:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.14 22:29:20 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 22:29:20 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 22:29:20 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 22:29:20 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 22:29:20 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 22:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.14 12:55:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.14 10:05:02 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 10:05:02 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 09:57:50 | 000,309,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.14 09:57:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 09:57:29 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys [2012.06.11 12:25:53 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.11 12:25:53 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.30 22:32:32 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012.05.18 04:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.05.18 03:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.05.18 03:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.05.18 03:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.05.18 03:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.05.18 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.05.18 03:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.05.18 00:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.05.18 00:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.05.18 00:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.14 23:09:10 | 000,000,000 | ---- | C] () -- C:\Users\Uwe\defogger_reenable [2012.06.14 23:02:35 | 000,050,477 | ---- | C] () -- C:\Users\Uwe\Desktop\Defogger.exe [2012.05.24 18:21:15 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.08 23:34:13 | 000,122,880 | ---- | C] () -- C:\Windows\rm305.exe [2012.03.08 23:34:13 | 000,000,900 | ---- | C] () -- C:\Windows\rm305.ini [2012.03.08 22:07:15 | 000,000,165 | ---- | C] () -- C:\Windows\Lexstat.ini [2012.03.08 22:07:03 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll [2012.03.08 22:07:03 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll [2012.03.08 22:07:03 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll [2012.03.08 22:07:03 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll [2012.03.08 22:07:03 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll [2012.03.08 22:07:03 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll [2012.03.08 22:07:03 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe [2012.03.08 22:07:03 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll [2012.03.08 22:07:03 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll [2012.03.08 22:07:03 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll [2012.03.08 22:07:03 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll [2012.03.08 22:07:03 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe [2012.03.08 22:07:03 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe [2012.03.08 22:07:03 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll [2012.03.08 22:07:03 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe [2012.03.08 22:07:03 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll [2012.03.08 22:07:03 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll [2012.03.08 21:23:42 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.03.08 21:05:57 | 000,017,408 | ---- | C] () -- C:\Users\Uwe\AppData\Local\WebpageIcons.db [2012.03.08 20:47:51 | 000,200,704 | R--- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2012.03.08 20:47:51 | 000,143,360 | R--- | C] () -- C:\Windows\SysWow64\VmixP6.dll [2012.03.08 20:47:48 | 000,000,353 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl [2012.03.08 20:47:42 | 000,003,518 | R--- | C] () -- C:\Windows\Cmicnfg3.ini.cfg [2012.03.08 20:47:42 | 000,000,538 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi [2012.03.08 20:19:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.06.2012 23:10:43 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Uwe\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,43% Memory free
7,99 Gb Paging File | 6,00 Gb Available in Paging File | 75,04% Paging File free
Paging file location(s): h:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 76,91 Gb Free Space | 64,50% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS
Drive E: | 465,66 Gb Total Space | 461,56 Gb Free Space | 99,12% Space Free | Partition Type: NTFS
Drive G: | 111,76 Gb Total Space | 23,54 Gb Free Space | 21,06% Space Free | Partition Type: FAT32
Drive H: | 465,76 Gb Total Space | 412,41 Gb Free Space | 88,55% Space Free | Partition Type: NTFS
Drive I: | 463,87 Gb Total Space | 357,96 Gb Free Space | 77,17% Space Free | Partition Type: NTFS
Drive J: | 463,87 Gb Total Space | 443,80 Gb Free Space | 95,67% Space Free | Partition Type: NTFS
Drive K: | 463,87 Gb Total Space | 463,77 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive L: | 471,41 Gb Total Space | 206,13 Gb Free Space | 43,73% Space Free | Partition Type: NTFS
Drive N: | 7,39 Gb Total Space | 7,34 Gb Free Space | 99,38% Space Free | Partition Type: FAT32
Computer Name: UWESEIN-PC | User Name: Uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0735FD7A-E73E-4AF7-9C85-D28BB0BB5D10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0762B52B-BF7A-4E40-A7C0-C5828D05C95D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{15100D43-A70A-4ED4-B45B-9F2178447859}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19880DE7-005D-4A48-85D5-C3A986B842D7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FA6A3A2-367A-4DE4-9249-6C17A1004BC6}" = rport=139 | protocol=6 | dir=out | app=system |
"{2054430A-7D05-4B38-96F0-BE1030858AB8}" = rport=138 | protocol=17 | dir=out | app=system |
"{2816CAFF-DB87-4D1C-AAAE-BB3D051B5AF2}" = lport=137 | protocol=17 | dir=in | app=system |
"{32233981-58CC-4C79-A8C6-797A31F7537D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3B7F4212-8636-4A39-BE92-ED1BB812ACAD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{547E82D4-0BFA-4E9F-9AEF-D099D94A38FB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{697E008A-AB59-4645-AC19-2BC6DAE2A21D}" = lport=445 | protocol=6 | dir=in | app=system |
"{7447CE14-F240-47AE-80FF-C16F7E3124D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{96112D4D-FCF0-4135-978F-D20168DC2041}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99C5A373-1D1D-416C-B61F-462E2D73923E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C725D5E-3D65-405B-9FB9-A7D9F02AE3FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B37D2B40-A6F8-4BB9-99BB-8C08E8CB9249}" = rport=445 | protocol=6 | dir=out | app=system |
"{B561D60C-5B1F-43D6-9AFA-EA4006573F4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCC6A485-FF3B-42F0-99CA-953A5594F7AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{C49E2EEE-D2D6-4777-805E-0DADCBEF375B}" = lport=138 | protocol=17 | dir=in | app=system |
"{C83A30A8-AC54-4766-86AC-4673BAA4FCC0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9519961-AA5A-4480-81D0-C21D89E82948}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DCE7865B-8937-4261-82FC-25AC4D9D2CDC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E823FF85-878B-4FC8-858D-6C5F06476FFE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051E464C-5341-485A-ABB8-4F3CE0060519}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B158D3D-7D90-4C9D-9780-1D648B1DFF4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22CEDE06-58C4-4F40-B909-41DE2FD5A5A3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{2DDA6B42-06B5-4C68-A0D4-BCDCD2CFF22B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3FABFCC4-C5DA-428F-8A92-BAA98857E611}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41FC3F8F-51B9-43B1-A27D-062FEC29FF4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D28B40A-0E99-4E29-9A44-DED9A3CB5F20}" = protocol=6 | dir=out | app=system |
"{5622CD2B-A849-4335-8074-B3E60CA79E8D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60145433-AB59-41A5-BB63-A318391990F4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{6142164E-B4E4-4172-8F61-98A39105C3A4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{64320D1E-0FFB-45FD-A5D5-6DB1D703BC9A}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{64B66718-C837-488A-9412-BBE64DA4EB7A}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{6688D856-46BA-41FE-8DA6-F00EF9359909}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{681DD46E-23D1-4104-AA8D-9C4908E2FB1B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{68F91DA5-042C-4612-B4BD-002CC268A123}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{6F51C476-5176-4A43-9ECA-57C95D3C33CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72294A48-8299-4FA3-AB1E-F36EF732D330}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{74E8A23C-94CE-411B-ABBC-5E9CD89C200B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8713D04A-4E0E-42BD-A9AE-B693F7A26030}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{9C27DA03-9307-46FF-9B35-9CF50FC7202C}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe |
"{BE71047C-062F-4429-9447-7070F26BEA14}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C74BCE0B-686D-4CA2-93B2-EF9D7C8BB6FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC54E51B-50FB-4FAF-AD88-FEB147BA975D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CDD89D84-64AE-43A9-A70E-E2BE55A41459}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E145ECD0-BF54-4996-9B41-53CE3FD67101}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E29C5CA2-0C99-4F95-A5E0-03F9E350116F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E4490262-809B-44BE-A069-926FF6083927}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F07BCD93-D488-42F5-A923-08D441577352}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3F87603-1D48-4AA0-A873-D368BE4872EB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{F69C7CCB-4CE4-412B-8FEF-0E64092A5CE2}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{FB6A073C-A683-41A7-8E8F-B245D5E0D893}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{FC69604E-2592-4A48-A1D7-2F7B16166E97}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FD9E5D01-4803-4A63-8668-0B8BC2104548}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{FFE699CA-ECD3-45AC-8022-3BC648C79063}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{251481E4-723F-492F-F5C1-3424FB2EF44E}" = AMD Drag and Drop Transcoding
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"C-Media PCI Audio Driver" = Theatron Agrippa
"Defraggler" = Defraggler
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011E92F1-AF76-4983-8707-79F8F1956439}" = Nero Prerequisite Installer 1.0
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{31832C70-2FA4-4C99-BA99-94A5EF7A1184}" = PDF Suite 2010
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5870DF31-7BF8-4635-B708-7695CBCD5D48}" = DesignCAD 20
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71c64b8b-67a6-4d9a-8f60-56a148bf46ee}" = Nero MediaHome 4
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{8292F88E-2DB7-456B-A8F1-9079B7432A1E}" = DVD Architect Studio 5.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0305}" = USB PC Camera VC305
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}" = Duden-Rechtschreibprüfung
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{E97C937C-AE21-453D-86A0-A231507543D1}" = ACID Music Studio 8.0
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.5.3
"Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.2.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 10.0.5 (x86 de)" = Mozilla Firefox 10.0.5 (x86 de)
"Mozilla Thunderbird 13.0 (x86 de)" = Mozilla Thunderbird 13.0 (x86 de)
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"OpenAL" = OpenAL
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.06.2012 04:11:57 | Computer Name = Uwesein-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 14.06.2012 04:12:06 | Computer Name = Uwesein-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 14.06.2012 04:13:42 | Computer Name = Uwesein-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 14.06.2012 04:14:35 | Computer Name = Uwesein-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 14.06.2012 04:23:34 | Computer Name = Uwesein-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 14.06.2012 04:25:06 | Computer Name = Uwesein-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 14.06.2012 08:27:04 | Computer Name = Uwesein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 10.0.5.4534,
Zeitstempel: 0x4fc84ad9 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x61e59903 ID des fehlerhaften Prozesses: 0x3b8 Startzeit der fehlerhaften Anwendung:
0x01cd4a28e9fa1c0b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll Berichtskennung:
3f6c241c-b61c-11e1-8758-00252206585a
Error - 14.06.2012 12:30:02 | Computer Name = Uwesein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 10.0.5.4534,
Zeitstempel: 0x4fc84ad9 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x633e2fe6 ID des fehlerhaften Prozesses: 0x16e4 Startzeit der fehlerhaften Anwendung:
0x01cd4a4abf739943 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll Berichtskennung:
309b53f6-b63e-11e1-8758-00252206585a
Error - 14.06.2012 12:30:57 | Computer Name = Uwesein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 10.0.5.4534,
Zeitstempel: 0x4fc84ad9 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x61e59903 ID des fehlerhaften Prozesses: 0x1b10 Startzeit der fehlerhaften Anwendung:
0x01cd4a4aff18d38b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll Berichtskennung:
50f8d215-b63e-11e1-8758-00252206585a
Error - 14.06.2012 16:54:19 | Computer Name = Uwesein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 10.0.5.4534,
Zeitstempel: 0x4fc84ad9 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x61cc9903 ID des fehlerhaften Prozesses: 0xc60 Startzeit der fehlerhaften Anwendung:
0x01cd4a6fc2065d8d Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll Berichtskennung:
1bf546c7-b663-11e1-8758-00252206585a
[ System Events ]
Error - 13.06.2012 18:35:40 | Computer Name = Uwesein-PC | Source = DCOM | ID = 10016
Description =
Error - 14.06.2012 03:57:28 | Computer Name = Uwesein-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 14.06.2012 03:58:16 | Computer Name = Uwesein-PC | Source = DCOM | ID = 10016
Description =
Error - 14.06.2012 03:58:18 | Computer Name = Uwesein-PC | Source = DCOM | ID = 10016
Description =
Error - 14.06.2012 03:58:18 | Computer Name = Uwesein-PC | Source = DCOM | ID = 10016
Description =
Error - 14.06.2012 03:58:34 | Computer Name = Uwesein-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 14.06.2012 04:40:35 | Computer Name = Uwesein-PC | Source = DCOM | ID = 10016
Description =
Error - 14.06.2012 16:27:13 | Computer Name = Uwesein-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR7 gefunden.
Error - 14.06.2012 16:27:14 | Computer Name = Uwesein-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR7 gefunden.
Error - 14.06.2012 16:27:15 | Computer Name = Uwesein-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR7 gefunden.
< End of report >
__________________ Con saludos Uwe |
|
16.06.2012, 05:23
| #2 | ||||
| /// Helfer-Team    | Firefox bereitet Probleme, Malware vermutet Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Hast Du absichtlich die IP so als Proxy eingestellt? Code:
ATTFilter IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.225.68.125:8181
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus im Internet Explorer: Extras => Internetoptionen => Verbindungen => Lan-Einstellungen Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen. 2. Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deES476
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2011.07.26 19:19:58 | 000,002,333 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\vt4hwcmr.default\searchplugins\askcom.xml
[2012.02.17 00:16:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 00:01:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.17 00:16:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 00:16:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 00:16:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.11 16:42:21 | 000,024,064 | ---- | M] () - H:\Autorización General.doc -- [ NTFS ]
O32 - AutoRun File - [2012.03.11 16:42:21 | 000,024,064 | ---- | M] () - K:\Autorización General.doc -- [ NTFS ]
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
4. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
5. erneut einen Scan mit OTL:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
16.06.2012, 12:48
| #3 |
| | Firefox bereitet Probleme, Malware vermutet Hallo Kira,
__________________danke für deine Hilfe. 1. Im Rahmen einer heißen Diskussion, in dem es um die Vorratsdatenspeicherung ging, habe ich mit der Verwendung von Proxys experimentiert. Die IP vom Proxy stand zwar noch im IE, war aber inaktiv. Habe sie jetzt komplett rausgenommen. 2. Log vom OTL-Fix Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\vt4hwcmr.default\searchplugins\askcom.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
H:\Autorización General.doc moved successfully.
K:\Autorización General.doc moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Uwe\Desktop\cmd.bat deleted successfully.
C:\Users\Uwe\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NeroMediaHomeUser.4
->Temp folder emptied: 7192 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Public
User: Uwe
->Temp folder emptied: 3434136445 bytes
->Temporary Internet Files folder emptied: 9576049 bytes
->FireFox cache emptied: 385175874 bytes
->Flash cache emptied: 5007 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1531904 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2297966406 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 186265 bytes
Total Files Cleaned = 5.845,00 mb
OTL by OldTimer - Version 3.2.48.0 log created on 06162012_123027
Files\Folders moved on Reboot...
C:\Users\Uwe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.16.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Uwe :: UWESEIN-PC [Administrator] 16.06.2012 12:37:29 mbam-log-2012-06-16 (12-37-29).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 378371 Laufzeit: 57 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ACID Music Studio 8.0 Sony 07.03.2012 227MB 8.0.178 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 10.06.2012 6,00MB 11.3.300.257 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.06.2012 6,00MB 11.3.300.257 AMD Catalyst Install Manager Advanced Micro Devices, Inc. 13.06.2012 26,3MB 8.0.873.0 CCleaner Piriform 22.05.2012 3.19 Compatibility Pack for the 2007 Office system Microsoft Corporation 12.05.2012 112,8MB 12.0.6612.1000 Defraggler Piriform 24.05.2012 2.10 DesignCAD 20 IMSIDesign 07.03.2012 162,9MB 20.0.0 Duden-Rechtschreibprüfung Bibliographisches Institut GmbH 07.03.2012 585MB 8.031.31 DVD Architect Studio 5.0 Sony 07.03.2012 192,7MB 5.0.128 EVEREST Ultimate Edition v5.30 Lavalys, Inc. 07.03.2012 5.30 FileHippo.com Update Checker 07.03.2012 FileZilla Client 3.5.3 FileZilla Project 07.03.2012 16,6MB 3.5.3 Free DVD Video Converter version 2.0.2.221 DVDVideoSoft Ltd. 15.03.2012 85,5MB 2.0.2.221 Free YouTube to MP3 Converter version 3.10.17.221 DVDVideoSoft Ltd. 07.03.2012 71,5MB 3.10.17.221 Google Toolbar for Internet Explorer Google Inc. 22.03.2012 7.3.2710.138 HiJackThis Trend Micro 04.04.2012 0,36MB 1.0.0 HijackThis 2.0.2 TrendMicro 31.03.2012 2.0.2 IrfanView (remove only) Irfan Skiljan 07.03.2012 1,50MB 4.32 Kaspersky Internet Security 2012 Kaspersky Lab 07.03.2012 12.0.0.374 Lexmark 1200 Series Lexmark International, Inc. 07.03.2012 Macromedia Dreamweaver 8 Macromedia 07.03.2012 167,9MB 8.0.0.2751 Macromedia Extension Manager Ihr Firmenname 07.03.2012 4,90MB 1.7.270 Macromedia Fireworks 8 Macromedia 07.03.2012 141,3MB 8.0.0.777 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 11.04.2012 18,0MB 1.61.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 07.03.2012 38,8MB 4.0.30319 Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.04.2012 0,50MB 2.0.4024.1 Microsoft Office XP Professional mit FrontPage Microsoft Corporation 07.03.2012 613MB 10.0.6626.0 Microsoft Silverlight Microsoft Corporation 11.05.2012 60,4MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 27.03.2012 1,70MB 3.1.0000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 07.03.2012 0,29MB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 07.03.2012 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 07.03.2012 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 08.03.2012 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 07.03.2012 15,2MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 07.03.2012 15,0MB 10.0.40219 MozBackup 1.4.9 Pavel Cvrcek 07.03.2012 Mozilla Firefox 10.0.5 (x86 de) Mozilla 04.06.2012 35,2MB 10.0.5 Mozilla Thunderbird 13.0.1 (x86 de) Mozilla 14.06.2012 39,2MB 13.0.1 MS-Buchhalter Start 3.0 Michael Schroeder 07.03.2012 3.0 NAVIGON Fresh 3.4.1 NAVIGON 07.03.2012 3.4.1 Nero 11 Nero AG 07.03.2012 2.550MB 11.0.15800 Nero Backup Drivers Nero AG 07.03.2012 94,00KB 1.0.10000.1.0 Nero MediaHome 4 Nero AG 07.03.2012 Nero Prerequisite Installer 1.0 Nero AG 16.03.2012 1,00MB 11.0.11500 OpenAL 07.03.2012 PDF Suite 2010 Interactive Brands Inc. 07.03.2012 60,4MB 9.0.50 Secunia PSI (2.0.0.4003) Secunia 07.03.2012 3,47MB 2.0.0.4003 Skype™ 5.10 Skype Technologies S.A. 14.06.2012 19,3MB 5.10.114 SUPERAntiSpyware SUPERAntiSpyware.com 20.05.2012 114,4MB 5.0.1150 TeamViewer 7 TeamViewer 07.03.2012 7.0.12799 Theatron Agrippa 07.03.2012 TrueCrypt TrueCrypt Foundation 29.05.2012 7.1a USB PC Camera VC305 Vimicro Corporation 07.04.2012 1.45.060824 Vegas Movie Studio HD Platinum 10.0 Sony 07.03.2012 282MB 10.0.179 Windows Live Essentials Microsoft Corporation 28.03.2012 15.4.3555.0308 WinRAR 4.20 (64-bit) win.rar GmbH 14.06.2012 4.20.0 WinZip 15.0 WinZip Computing, S.L. 07.03.2012 36,5MB 15.0.9411 OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.06.2012 13:38:06 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Uwe\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,32% Memory free 7,99 Gb Paging File | 5,83 Gb Available in Paging File | 72,93% Paging File free Paging file location(s): h:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 81,23 Gb Free Space | 68,13% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS Drive E: | 465,66 Gb Total Space | 461,56 Gb Free Space | 99,12% Space Free | Partition Type: NTFS Drive G: | 111,76 Gb Total Space | 23,54 Gb Free Space | 21,06% Space Free | Partition Type: FAT32 Drive H: | 465,76 Gb Total Space | 412,41 Gb Free Space | 88,55% Space Free | Partition Type: NTFS Drive I: | 463,87 Gb Total Space | 357,96 Gb Free Space | 77,17% Space Free | Partition Type: NTFS Drive J: | 463,87 Gb Total Space | 443,80 Gb Free Space | 95,67% Space Free | Partition Type: NTFS Drive K: | 463,87 Gb Total Space | 463,77 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive L: | 471,41 Gb Total Space | 206,13 Gb Free Space | 43,73% Space Free | Partition Type: NTFS Computer Name: UWESEIN-PC | User Name: Uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 23:04:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe PRC - [2012.06.09 12:12:02 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe PRC - [2012.06.05 22:16:29 | 000,924,640 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.12.23 18:26:44 | 000,347,792 | ---- | M] (Expert System S.p.A.) -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe PRC - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011.10.14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2011.07.01 11:27:00 | 010,200,240 | ---- | M] (Bibliographisches Institut GmbH) -- C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe PRC - [2011.04.25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2010.08.04 23:19:14 | 000,799,552 | ---- | M] (Interactive Brands Inc.) -- C:\Program Files (x86)\PDF Suite 2010\ConversionService.exe PRC - [2010.03.08 10:38:42 | 000,517,416 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe PRC - [2009.09.24 11:11:36 | 000,200,704 | R--- | M] () -- C:\Windows\SysWOW64\HsMgr.exe PRC - [2009.04.27 16:20:46 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe PRC - [2009.04.27 16:19:38 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe PRC - [2007.01.05 13:37:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\VM305_STI.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.14 10:00:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 10:00:32 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.09 12:12:01 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll MOD - [2012.06.05 22:16:29 | 001,911,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.05.13 12:33:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.13 12:33:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.13 12:33:19 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.13 12:33:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.13 12:33:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.10.05 11:32:28 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\MBControls.dll MOD - [2011.04.25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011.04.25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011.04.25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011.04.25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011.04.25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011.04.25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011.04.20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:57:46 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll MOD - [2009.09.24 11:11:36 | 000,200,704 | R--- | M] () -- C:\Windows\SysWOW64\HsMgr.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.04.19 16:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device) SRV - [2012.06.11 12:25:54 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2011.04.25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.04 23:19:14 | 000,799,552 | ---- | M] (Interactive Brands Inc.) [Auto | Running] -- C:\Program Files (x86)\PDF Suite 2010\ConversionService.exe -- (PDF Suite 2010 Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.08 10:38:42 | 000,517,416 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.30 22:32:32 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.08 21:04:51 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.12.13 19:44:16 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011.12.12 22:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.12.12 22:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.07.13 14:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.07.13 14:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.11.02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.09.24 11:12:28 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2007.03.08 13:03:58 | 001,541,120 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbVM305.sys -- (ZSMC0305) DRV:64bit: - [2007.02.02 14:47:18 | 000,300,800 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vvftav.sys -- (vvftav) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB 12 AE CF AE 4B CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deES476 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google.de" FF - prefs.js..browser.search.defaultenginename: "Google.de" FF - prefs.js..browser.search.order.1: "Google.de" FF - prefs.js..browser.search.order.2: "Google" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rlz=1R0GGLL_de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {c666c018-6409-4479-afa3-68e4129e7eff}:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: FFPDFConverter@ib.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://www.google.de/search?q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.05.03 15:03:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.05.03 15:03:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.05.03 15:03:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFConverter@ib.com: C:\Program Files (x86)\PDF Suite 2010\firefoxextension [2012.03.08 23:02:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.05 22:16:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.24 18:21:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.03.08 20:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Extensions [2012.06.15 22:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\hcyaqkhq.Testprofil\extensions [2012.06.15 14:00:16 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\hcyaqkhq.Testprofil\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.06.15 13:55:14 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\hcyaqkhq.Testprofil\extensions\firefox@ghostery.com [2012.06.14 18:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions [2012.04.08 00:27:28 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012.03.08 21:38:05 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2012.05.18 11:38:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.03.08 21:38:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.14 23:22:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Uwe\AppData\Roaming\mozilla\Firefox\Profiles\vt4hwcmr.default\extensions\firefox@ghostery.com [2011.09.21 22:48:14 | 000,001,708 | ---- | M] () -- C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\vt4hwcmr.default\searchplugins\es-fcil-verbos-espaoles.xml [2012.03.08 20:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.08 23:02:00 | 000,000,000 | ---D | M] (PDF Suite Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF SUITE 2010\FIREFOXEXTENSION [2011.11.02 14:38:26 | 000,007,532 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI [2012.03.01 16:59:24 | 000,033,619 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI [2012.06.12 22:53:01 | 000,525,301 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.06.05 22:16:37 | 000,061,219 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI [2012.03.20 15:24:07 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.02.24 12:50:42 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI [2011.10.18 13:38:40 | 000,174,405 | ---- | M] () (No name found) -- C:\USERS\UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VT4HWCMR.DEFAULT\EXTENSIONS\GUICONFIG@SLOSD.NET.XPI [2012.06.05 22:16:29 | 000,134,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.17 00:16:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (PDF Suite Helper) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - C:\Program Files (x86)\PDF Suite 2010\PDFIEHelper.dll (Interactive Brands Inc.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PDF Suite Toolbar) - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Program Files (x86)\PDF Suite 2010\PDFIEPlugin.dll (Interactive Brands Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Cmaudio8768GX] C:\Windows\syswow64\HsMgr.exe () O4:64bit: - HKLM..\Run: [Cmaudio8768GX64] C:\Windows\system\HsMgr64.exe () O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BigDog305] C:\Windows\VM305_STI.EXE (Vimicro) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Uwe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Uwe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC37A775-B021-4B1D-9B36-3B956399D880}: DhcpNameServer = 80.58.61.250 80.58.61.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.16 12:30:27 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.16 12:21:24 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{8DBCFD54-2D02-4BFB-A97D-820A15E2075D} [2012.06.15 23:26:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.15 13:37:31 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.06.15 13:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.06.15 13:17:22 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{4D1A6B40-8399-4EA0-98A5-527721D23B76} [2012.06.14 23:50:21 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{406FC890-4C5D-4F46-B3D7-A3EADDAEFFBF} [2012.06.14 23:04:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe [2012.06.14 11:49:57 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{3E78D47E-D9CB-4BBA-ACA2-ECE2358CE516} [2012.06.14 11:49:46 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{86A7DD94-3ED0-4935-B20C-60D59E70CC26} [2012.06.14 00:28:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 00:28:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 00:28:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 00:28:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 00:28:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 00:28:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 00:28:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.14 00:28:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.14 00:28:13 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.14 00:28:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.14 00:28:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.14 00:28:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 00:28:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.14 00:27:48 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.06.14 00:27:48 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.06.13 23:49:20 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{23F31114-A9AA-478F-B859-F0651C8CE4D4} [2012.06.13 23:49:01 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{08530354-52EB-478E-B734-ABC52C6DFF5F} [2012.06.13 11:53:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 11:53:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 11:53:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 11:53:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 11:53:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 11:53:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 11:53:18 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 11:53:17 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 11:53:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.13 11:48:48 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{4D0B9842-01B5-445E-91D8-6AD89584C993} [2012.06.13 11:48:37 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{CD76F96E-9F1C-4450-A4BB-DEAB07D201BE} [2012.06.12 12:17:30 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{BAA207AA-18FC-490E-8104-8ACDCB97DF36} [2012.06.12 12:17:19 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{F5D6B93B-8843-4240-96F7-4EA9FACC7DBB} [2012.06.11 12:19:50 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{E7930114-0DFF-47A9-8CFE-7A77ADAE4D15} [2012.06.11 12:19:39 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{17FF7C19-F40F-47DA-8442-3C2EA870B458} [2012.06.10 12:18:36 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{01537576-B0CE-4F53-9E5F-3D0D9C5519F6} [2012.06.10 12:18:19 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{C597DB50-028A-4C55-9B02-566C775ED488} [2012.06.09 12:12:51 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\Macromedia [2012.06.09 12:11:52 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{0D82F97B-7E01-4C3D-A86E-D6D4844125F1} [2012.06.09 12:11:40 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{42C6AAB9-9D64-4DBE-B88F-37315E0F725E} [2012.06.08 23:14:47 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{8857EE90-F9DB-4CAC-88B7-B4AC43F3ACE6} [2012.06.08 11:14:24 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{B4E0F331-58D8-43BD-BB30-80B690335C7F} [2012.06.08 11:14:13 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{65975ED1-C1E2-4863-B06C-D9294A4791EE} [2012.06.07 23:13:48 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{EDF5357C-95ED-465C-84A8-8B9AE4EA4BE0} [2012.06.07 11:13:13 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{9B9AD720-A6BD-4A6C-9D95-D39235636A6E} [2012.06.07 11:13:02 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{BB8D7582-995B-4A59-B271-D4EDC7F70E5F} [2012.06.06 21:50:16 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{A90DB73E-954E-458B-A692-E3A0F3E38508} [2012.06.06 21:50:04 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{7DC339BD-0E00-439A-8551-B73BAC28AB80} [2012.06.06 09:49:40 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{4D276867-40BB-44B5-9B4A-ED2E022A92F9} [2012.06.06 09:49:28 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{4DEEE0E2-F253-433E-A308-E889FB2A987C} [2012.06.05 12:25:31 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{E347CED8-1EFA-47FD-9F1A-CA6ED2FF6E00} [2012.06.05 12:25:15 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{D894CE7A-6263-40FC-A315-60D45978659A} [2012.06.04 13:11:16 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{5E8B2774-1AF0-4CD6-BBF9-1C0103170000} [2012.06.04 13:11:05 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{A248590B-FAE7-4FD1-AC60-25C480CECB3D} [2012.06.03 12:12:55 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{9FAF76CE-4BD3-472E-A38B-63AACD3874C8} [2012.06.03 12:12:44 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{8CC12D50-8AA7-42AD-AA0A-FEDB4AFD55F2} [2012.06.02 12:16:50 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{175E944F-9998-4841-B172-159F53D6DF02} [2012.06.02 12:16:34 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{88E4EC9E-55C8-4115-A293-418124930BA7} [2012.06.01 12:14:21 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{55BB213E-75E4-455C-8042-2CB0063C59C9} [2012.06.01 12:14:10 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{3B2311DF-2F9A-4FE5-8A09-ADEA31F5CC12} [2012.05.31 12:16:17 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{F2AB7E07-0A97-4FF5-9458-D2D9B5C0898B} [2012.05.31 12:16:06 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{1DB292CD-DC0E-4398-BA77-531783999748} [2012.05.31 00:15:29 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{7B1E8537-8510-4B1D-B3AD-00B8AA080A13} [2012.05.31 00:15:18 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{A8CCAA14-969D-43A3-B41C-3FEDDFAEC571} [2012.05.30 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\TrueCrypt [2012.05.30 22:32:32 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012.05.30 22:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt [2012.05.30 22:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt [2012.05.30 12:15:06 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{FD31B5E2-C99E-44E4-B704-0720AF06F150} [2012.05.30 12:14:55 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{CB8C1DA5-7B43-424E-9FEE-B058165C91E1} [2012.05.30 00:06:18 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{6663366B-42BE-4082-A591-F278682CE7C7} [2012.05.30 00:06:03 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{C28535D9-76C5-4BFF-AE14-633B3DEF68E8} [2012.05.29 12:05:50 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{8CAF28A1-50D4-4C2C-9050-C67BF0EE4AC6} [2012.05.29 12:05:35 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{45A17EB6-19A4-47D7-8BC7-63023D158AF9} [2012.05.28 12:31:28 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{923C6588-8827-407F-A97C-10D79FD846A5} [2012.05.28 12:31:13 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{1B8AFD07-9F36-441B-B263-BF00947CA06C} [2012.05.27 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{65D03188-929F-49FA-A199-DE4EB7F79618} [2012.05.27 12:24:20 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{26A04B67-E95C-4360-B9E4-E7F551F9C6AB} [2012.05.26 12:25:06 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{37A46D26-4CF2-4563-95BA-5D5627DF39D1} [2012.05.26 12:24:53 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{71254047-5AFB-4369-8C09-2A2763451496} [2012.05.25 12:41:00 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{547FA520-826C-47AC-AC04-BADBECAF8BAA} [2012.05.25 12:40:49 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{7C2FCAD4-482F-43DE-BED9-A9C5DF0F2C30} [2012.05.24 18:21:18 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\Thunderbird [2012.05.24 18:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.05.24 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{074CC885-6827-478B-B0BD-D0983DF74D68} [2012.05.24 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{93D0D493-81A8-48FC-8F96-8AA3729514A0} [2012.05.23 12:38:07 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{ABA1D10D-5FEE-42B2-8EF9-0BB550170DA7} [2012.05.23 12:37:51 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{804B10D6-F5A1-4EBC-A746-8B59A99E3F27} [2012.05.22 12:27:17 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.05.22 12:26:37 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{EAD37A08-B12E-4A12-9EEE-5F0CAC738230} [2012.05.22 12:26:26 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{D0504D5A-255E-450C-8AF9-563DD07C34B8} [2012.05.21 15:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.05.21 15:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.05.21 15:00:21 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{241D7A01-328E-4953-AA16-82F83B7B7C22} [2012.05.21 15:00:04 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{A819F99E-1AE8-49E5-B920-208DDCBFE782} [2012.05.20 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{9C268E40-8F93-455F-B333-297086905782} [2012.05.20 12:28:24 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{C2D13A6E-9568-4CFA-B0FD-9538734D8D6A} [2012.05.19 12:31:08 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{4FAC0DD9-8F88-4277-BFBE-F35C7E0B91CD} [2012.05.19 12:30:57 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{FBB08FA1-1ADA-4F52-A4C3-1FB1A02AF223} [2012.05.18 23:38:34 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{218FC2B2-A21F-4700-A4A9-0337CCE59FF8} [2012.05.18 23:38:12 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{9C823DF8-B28C-4DCB-8C4D-044215788969} [2012.05.18 11:37:59 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{2913348B-CA92-4C8F-876C-5A5C100C39BD} [2012.05.18 11:37:44 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\{D5E854C4-8AE5-402E-BC16-643DCD9C937B} ========== Files - Modified Within 30 Days ========== [2012.06.16 13:20:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.16 12:55:06 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.16 12:55:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.16 12:39:51 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 12:39:51 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 12:37:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.16 12:37:31 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.16 12:37:31 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.16 12:37:31 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.16 12:37:31 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.16 12:32:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.16 12:32:20 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys [2012.06.16 12:28:52 | 000,000,000 | ---- | M] () -- C:\Users\Uwe\defogger_reenable [2012.06.14 23:04:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe [2012.06.14 23:02:36 | 000,050,477 | ---- | M] () -- C:\Users\Uwe\Desktop\Defogger.exe [2012.06.14 09:57:50 | 000,309,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.11 12:25:53 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.11 12:25:53 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.30 22:32:32 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys [2012.05.18 04:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.05.18 03:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.05.18 03:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.05.18 03:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.05.18 03:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.05.18 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.05.18 03:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.05.18 00:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.05.18 00:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.05.18 00:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll ========== Files Created - No Company Name ========== [2012.06.16 12:28:52 | 000,000,000 | ---- | C] () -- C:\Users\Uwe\defogger_reenable [2012.06.14 23:02:35 | 000,050,477 | ---- | C] () -- C:\Users\Uwe\Desktop\Defogger.exe [2012.05.24 18:21:15 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.08 23:34:13 | 000,122,880 | ---- | C] () -- C:\Windows\rm305.exe [2012.03.08 23:34:13 | 000,000,900 | ---- | C] () -- C:\Windows\rm305.ini [2012.03.08 22:07:15 | 000,000,165 | ---- | C] () -- C:\Windows\Lexstat.ini [2012.03.08 22:07:03 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll [2012.03.08 22:07:03 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll [2012.03.08 22:07:03 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll [2012.03.08 22:07:03 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll [2012.03.08 22:07:03 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll [2012.03.08 22:07:03 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll [2012.03.08 22:07:03 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe [2012.03.08 22:07:03 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll [2012.03.08 22:07:03 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll [2012.03.08 22:07:03 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll [2012.03.08 22:07:03 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll [2012.03.08 22:07:03 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe [2012.03.08 22:07:03 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe [2012.03.08 22:07:03 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll [2012.03.08 22:07:03 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe [2012.03.08 22:07:03 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll [2012.03.08 22:07:03 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll [2012.03.08 21:23:42 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.03.08 21:05:57 | 000,017,408 | ---- | C] () -- C:\Users\Uwe\AppData\Local\WebpageIcons.db [2012.03.08 20:47:51 | 000,200,704 | R--- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2012.03.08 20:47:51 | 000,143,360 | R--- | C] () -- C:\Windows\SysWow64\VmixP6.dll [2012.03.08 20:47:48 | 000,000,353 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl [2012.03.08 20:47:42 | 000,003,518 | R--- | C] () -- C:\Windows\Cmicnfg3.ini.cfg [2012.03.08 20:47:42 | 000,000,538 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi [2012.03.08 20:19:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.03.08 21:48:58 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Duden [2012.03.16 17:45:54 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DVDVideoSoft [2012.03.08 23:24:47 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.08 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\FileZilla [2012.03.08 22:24:00 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\GetRightToGo [2012.03.16 17:48:36 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\HandBrake [2012.03.08 22:02:36 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\IrfanView [2012.03.08 22:33:40 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\MS-Buchhalter [2012.03.08 23:13:40 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\NetMedia Providers [2012.03.10 17:46:31 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\PDF Software [2012.03.08 23:13:40 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Publish Providers [2012.03.08 23:16:35 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Sony [2012.03.08 23:17:01 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Sony Creative Software Inc [2012.05.24 18:21:18 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\Thunderbird [2012.05.30 22:40:54 | 000,000,000 | ---D | M] -- C:\Users\Uwe\AppData\Roaming\TrueCrypt [2012.05.30 12:14:18 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.06.2012 13:38:06 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Uwe\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,32% Memory free
7,99 Gb Paging File | 5,83 Gb Available in Paging File | 72,93% Paging File free
Paging file location(s): h:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 81,23 Gb Free Space | 68,13% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS
Drive E: | 465,66 Gb Total Space | 461,56 Gb Free Space | 99,12% Space Free | Partition Type: NTFS
Drive G: | 111,76 Gb Total Space | 23,54 Gb Free Space | 21,06% Space Free | Partition Type: FAT32
Drive H: | 465,76 Gb Total Space | 412,41 Gb Free Space | 88,55% Space Free | Partition Type: NTFS
Drive I: | 463,87 Gb Total Space | 357,96 Gb Free Space | 77,17% Space Free | Partition Type: NTFS
Drive J: | 463,87 Gb Total Space | 443,80 Gb Free Space | 95,67% Space Free | Partition Type: NTFS
Drive K: | 463,87 Gb Total Space | 463,77 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive L: | 471,41 Gb Total Space | 206,13 Gb Free Space | 43,73% Space Free | Partition Type: NTFS
Computer Name: UWESEIN-PC | User Name: Uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0735FD7A-E73E-4AF7-9C85-D28BB0BB5D10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0762B52B-BF7A-4E40-A7C0-C5828D05C95D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{15100D43-A70A-4ED4-B45B-9F2178447859}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19880DE7-005D-4A48-85D5-C3A986B842D7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FA6A3A2-367A-4DE4-9249-6C17A1004BC6}" = rport=139 | protocol=6 | dir=out | app=system |
"{2054430A-7D05-4B38-96F0-BE1030858AB8}" = rport=138 | protocol=17 | dir=out | app=system |
"{2816CAFF-DB87-4D1C-AAAE-BB3D051B5AF2}" = lport=137 | protocol=17 | dir=in | app=system |
"{32233981-58CC-4C79-A8C6-797A31F7537D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3B7F4212-8636-4A39-BE92-ED1BB812ACAD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{547E82D4-0BFA-4E9F-9AEF-D099D94A38FB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{697E008A-AB59-4645-AC19-2BC6DAE2A21D}" = lport=445 | protocol=6 | dir=in | app=system |
"{7447CE14-F240-47AE-80FF-C16F7E3124D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{96112D4D-FCF0-4135-978F-D20168DC2041}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99C5A373-1D1D-416C-B61F-462E2D73923E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C725D5E-3D65-405B-9FB9-A7D9F02AE3FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B37D2B40-A6F8-4BB9-99BB-8C08E8CB9249}" = rport=445 | protocol=6 | dir=out | app=system |
"{B561D60C-5B1F-43D6-9AFA-EA4006573F4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCC6A485-FF3B-42F0-99CA-953A5594F7AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{C49E2EEE-D2D6-4777-805E-0DADCBEF375B}" = lport=138 | protocol=17 | dir=in | app=system |
"{C83A30A8-AC54-4766-86AC-4673BAA4FCC0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9519961-AA5A-4480-81D0-C21D89E82948}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DCE7865B-8937-4261-82FC-25AC4D9D2CDC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E823FF85-878B-4FC8-858D-6C5F06476FFE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051E464C-5341-485A-ABB8-4F3CE0060519}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B158D3D-7D90-4C9D-9780-1D648B1DFF4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22CEDE06-58C4-4F40-B909-41DE2FD5A5A3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{2DDA6B42-06B5-4C68-A0D4-BCDCD2CFF22B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3FABFCC4-C5DA-428F-8A92-BAA98857E611}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41FC3F8F-51B9-43B1-A27D-062FEC29FF4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D28B40A-0E99-4E29-9A44-DED9A3CB5F20}" = protocol=6 | dir=out | app=system |
"{5622CD2B-A849-4335-8074-B3E60CA79E8D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60145433-AB59-41A5-BB63-A318391990F4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{6142164E-B4E4-4172-8F61-98A39105C3A4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{64320D1E-0FFB-45FD-A5D5-6DB1D703BC9A}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{64B66718-C837-488A-9412-BBE64DA4EB7A}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{6688D856-46BA-41FE-8DA6-F00EF9359909}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{681DD46E-23D1-4104-AA8D-9C4908E2FB1B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{68F91DA5-042C-4612-B4BD-002CC268A123}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{6F51C476-5176-4A43-9ECA-57C95D3C33CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72294A48-8299-4FA3-AB1E-F36EF732D330}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{74E8A23C-94CE-411B-ABBC-5E9CD89C200B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8713D04A-4E0E-42BD-A9AE-B693F7A26030}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{9C27DA03-9307-46FF-9B35-9CF50FC7202C}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe |
"{BE71047C-062F-4429-9447-7070F26BEA14}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C74BCE0B-686D-4CA2-93B2-EF9D7C8BB6FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC54E51B-50FB-4FAF-AD88-FEB147BA975D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CDD89D84-64AE-43A9-A70E-E2BE55A41459}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E145ECD0-BF54-4996-9B41-53CE3FD67101}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E29C5CA2-0C99-4F95-A5E0-03F9E350116F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E4490262-809B-44BE-A069-926FF6083927}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F07BCD93-D488-42F5-A923-08D441577352}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3F87603-1D48-4AA0-A873-D368BE4872EB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{F69C7CCB-4CE4-412B-8FEF-0E64092A5CE2}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{FB6A073C-A683-41A7-8E8F-B245D5E0D893}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{FC69604E-2592-4A48-A1D7-2F7B16166E97}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FD9E5D01-4803-4A63-8668-0B8BC2104548}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{FFE699CA-ECD3-45AC-8022-3BC648C79063}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{251481E4-723F-492F-F5C1-3424FB2EF44E}" = AMD Drag and Drop Transcoding
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"C-Media PCI Audio Driver" = Theatron Agrippa
"Defraggler" = Defraggler
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011E92F1-AF76-4983-8707-79F8F1956439}" = Nero Prerequisite Installer 1.0
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{31832C70-2FA4-4C99-BA99-94A5EF7A1184}" = PDF Suite 2010
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5870DF31-7BF8-4635-B708-7695CBCD5D48}" = DesignCAD 20
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71c64b8b-67a6-4d9a-8f60-56a148bf46ee}" = Nero MediaHome 4
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{8292F88E-2DB7-456B-A8F1-9079B7432A1E}" = DVD Architect Studio 5.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0305}" = USB PC Camera VC305
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}" = Duden-Rechtschreibprüfung
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{E97C937C-AE21-453D-86A0-A231507543D1}" = ACID Music Studio 8.0
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.5.3
"Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.2.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 10.0.5 (x86 de)" = Mozilla Firefox 10.0.5 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"OpenAL" = OpenAL
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.06.2012 04:14:35 | Computer Name = Uwesein-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 14.06.2012 04:23:34 | Computer Name = Uwesein-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 14.06.2012 04:25:06 | Computer Name = Uwesein-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 14.06.2012 08:27:04 | Computer Name = Uwesein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 10.0.5.4534,
Zeitstempel: 0x4fc84ad9 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x61e59903 ID des fehlerhaften Prozesses: 0x3b8 Startzeit der fehlerhaften Anwendung:
0x01cd4a28e9fa1c0b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll Berichtskennung:
3f6c241c-b61c-11e1-8758-00252206585a
Error - 14.06.2012 12:30:02 | Computer Name = Uwesein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 10.0.5.4534,
Zeitstempel: 0x4fc84ad9 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x633e2fe6 ID des fehlerhaften Prozesses: 0x16e4 Startzeit der fehlerhaften Anwendung:
0x01cd4a4abf739943 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll Berichtskennung:
309b53f6-b63e-11e1-8758-00252206585a
Error - 14.06.2012 12:30:57 | Computer Name = Uwesein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 10.0.5.4534,
Zeitstempel: 0x4fc84ad9 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x61e59903 ID des fehlerhaften Prozesses: 0x1b10 Startzeit der fehlerhaften Anwendung:
0x01cd4a4aff18d38b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll Berichtskennung:
50f8d215-b63e-11e1-8758-00252206585a
Error - 14.06.2012 16:54:19 | Computer Name = Uwesein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 10.0.5.4534,
Zeitstempel: 0x4fc84ad9 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x61cc9903 ID des fehlerhaften Prozesses: 0xc60 Startzeit der fehlerhaften Anwendung:
0x01cd4a6fc2065d8d Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll Berichtskennung:
1bf546c7-b663-11e1-8758-00252206585a
Error - 14.06.2012 17:56:55 | Computer Name = Uwesein-PC | Source = Application Hang | ID = 1002
Description = Programm msnmsgr.exe, Version 15.4.3555.308 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: e08 Startzeit: 01cd4a03724c24c4 Endzeit: 0 Anwendungspfad: C:\Program
Files (x86)\Windows Live\Messenger\msnmsgr.exe Berichts-ID: d032b0e6-b66b-11e1-8758-00252206585a
Error - 15.06.2012 11:16:03 | Computer Name = Uwesein-PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\adxloader.dll.Manifest"
in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 15.06.2012 11:16:22 | Computer Name = Uwesein-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 15.06.2012 17:43:22 | Computer Name = Uwesein-PC | Source = DCOM | ID = 10016
Description =
Error - 16.06.2012 06:20:40 | Computer Name = Uwesein-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 16.06.2012 06:21:16 | Computer Name = Uwesein-PC | Source = DCOM | ID = 10016
Description =
Error - 16.06.2012 06:21:39 | Computer Name = Uwesein-PC | Source = DCOM | ID = 10016
Description =
Error - 16.06.2012 06:21:45 | Computer Name = Uwesein-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 16.06.2012 06:29:37 | Computer Name = Uwesein-PC | Source = DCOM | ID = 10016
Description =
Error - 16.06.2012 06:30:27 | Computer Name = Uwesein-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 16.06.2012 06:32:19 | Computer Name = Uwesein-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 16.06.2012 06:33:21 | Computer Name = Uwesein-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2
Error - 16.06.2012 06:33:25 | Computer Name = Uwesein-PC | Source = DCOM | ID = 10016
Description =
< End of report >
So, ich hoffe, das alles zur Zufriedenheit erledigt ist.
__________________ |
|
16.06.2012, 21:20
| #4 | |
| /// Helfer-Team | Firefox bereitet Probleme, Malware vermutet 1. Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deES476
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.06.16 12:55:06 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.16 12:55:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 3. reinige dein System mit CCleaner:
4.
5. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 6. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
17.06.2012, 11:42
| #5 |
| | Firefox bereitet Probleme, Malware vermutet Hallo Kira, 1. Log des OTL-Fix: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Uwe\Desktop\cmd.bat deleted successfully.
C:\Users\Uwe\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NeroMediaHomeUser.4
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Public
User: Uwe
->Temp folder emptied: 311138 bytes
->Temporary Internet Files folder emptied: 1118323 bytes
->FireFox cache emptied: 145963104 bytes
->Flash cache emptied: 5200 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49632 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 197482 bytes
Total Files Cleaned = 141,00 mb
OTL by OldTimer - Version 3.2.48.0 log created on 06162012_223203
Files\Folders moved on Reboot...
C:\Users\Uwe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
3. System mit CCleaner gereinigt. (Anm.: Vielleicht solltest du in deiner Anleitung noch anmerken, das man auf jeden Fall die Registrysicherung im CCleaner in Anspruch nehmen soll, falls bei der Bereinigung der Registry etwas schief geht.) 4. Komplettscan mit SAS durchgeführt. 4 Tracking-Cookies gefunden und entfernt. 5. Die Autorun-Funktionenn werde ich, soweit noch nicht geschehen, ausschalten. 6. Eset Scan durchgeführt, Log hierunter: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ada350315aaa08408f10743c372eae37
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-16 11:16:46
# local_time=2012-06-17 01:16:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 6567470 6567470 0 0
# compatibility_mode=1280 16777215 100 0 8652512 8652512 0 0
# compatibility_mode=5893 16776573 100 94 122059 91512256 0 0
# compatibility_mode=8192 67108863 100 0 145 145 0 0
# scanned=164116
# found=0
# cleaned=0
# scan_time=6200
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ada350315aaa08408f10743c372eae37
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-17 09:42:00
# local_time=2012-06-17 11:42:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 6604865 6604865 0 0
# compatibility_mode=1280 16777215 100 0 8689907 8689907 0 0
# compatibility_mode=5893 16776573 100 94 159454 91549651 0 0
# compatibility_mode=8192 67108863 100 0 37540 37540 0 0
# scanned=169723
# found=0
# cleaned=0
# scan_time=6319
1. Nachdem du beim ersten OTL-Fix den IE auf die Original-Startseite zurückgesetzt hast, hast du ihm beim zweiten Fix die Startseite ganz genommen. War das geplant? Wenn ja, warum? (Das neu einstellen der Startseite (wenn nötig) macht mir keine Problem) 2. Hast du sonst irgend etwas schädliches auf meinem System gefunden, oder waren das alles nur "Schönheitsänderungen"? Irgend etwas schlechtes, was mit den Firefox-Problem zusammen hängen könnte? 3. Was mache ich jetzt mit dem Defogger? Muss ich da jetzt noch auf re-enable klicken?
__________________ Con saludos Uwe |
|
17.06.2012, 19:37
| #6 | |||
| /// Helfer-Team | Firefox bereitet Probleme, Malware vermutetZitat:
Zitat:
Zitat:
ja ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Firefox bereitet Probleme, Malware vermutet |
|
17.06.2012, 20:21
| #7 | |
| | Firefox bereitet Probleme, Malware vermutetZitat:
Gruß Uwe
__________________ Con saludos Uwe |
|
18.06.2012, 02:20
| #8 | ||
| /// Helfer-Team | Firefox bereitet Probleme, Malware vermutet ** Lass dein System in der nächste Zeit noch unter Beobachtung! 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
18.06.2012, 12:32
| #9 |
| | Firefox bereitet Probleme, Malware vermutet Hallo Kira, ich arbeite gerade deinen letzten Post durch, um festzustellen, was es für mich für Neuerungen gibt. Dabei ist mir eines aufgefallen: kurz vor Ende hast du einen Link: ->verschmutzte PCs sauber machen dieser Link ruft eine Fehlerseite auf, auf der nur das Inhaltsverzeichnis zu sehen ist mit der Meldung, das die aufgerufene Seite nicht mehr aktuell ist. ------ Unter Punkt 5 hast du einen Link: Brennpunkt: Bilder und Töne Gefährliche Bilder, schräge Töne/BSI Fehlermeldug-->gesuchte Seite wurde nicht gefunden ----- Auch hier: Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`) führt der Link ins Leere
__________________ Con saludos Uwe Geändert von Lloreter (18.06.2012 um 12:37 Uhr) |
|
09.07.2012, 08:07
| #10 |
| /// Helfer-Team | Firefox bereitet Probleme, Malware vermutet danke für Info! sollte ich mal öfters Kontroll machen... 
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Firefox bereitet Probleme, Malware vermutet |
| aufrufe, avp.exe, bho, error, excel, fehler, firefox, flash player, frage, helper, hijack, install.exe, kaspersky, langs, logfile, malware, mp3, plug-in, prozessor, realtek, registry, richtlinie, rundll, scan, searchscopes, secunia psi, security, software, svchost.exe, tastatur, updates, version=1.0, windows |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse. 
Linear-Darstellung
