| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU/BKA Trojaner entfernt und jetzt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
03.07.2012, 19:03
| #1 |
| |  GVU/BKA Trojaner entfernt und jetzt? Hallo zusammen, auch ich hatte das Erlebnis, das mir angezeigt wurde, dass mein PC gesperrt ist und ich dies gegen 100€ entsperren kann. Nach trennen der Internetverbindung blieb nur noch das Hintergrundbild. Der Taskmanager war nicht aufrufbar. Ich schaltete den PC aus und beim Herunterfahren sah ich von F-Secure die Info: "Virus bereinigt". Verblieben ist die beigefügte Fehlermeldung nach dem Neustart. Nun 2 Fragen: 1. Was muss ich noch tun? 2. Kann ich mit dem PC online gehen? Ach so, aktuell läuft noch der Komplettscan von F-Secure. Vielen Dank vorab für Hilfe! Für eine Antwort sind wohl noch die OTL-Dateien wichtig - tschuldigung hier kommen sie: OTL-TXT Code:
ATTFilter OTL logfile created on: 03.07.2012 21:18:24 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\******\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 62,11% Memory free 6,49 Gb Paging File | 4,98 Gb Available in Paging File | 76,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,84 Gb Total Space | 173,88 Gb Free Space | 57,23% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 11,91 Gb Free Space | 99,27% Space Free | Partition Type: NTFS Drive E: | 149,92 Gb Total Space | 32,97 Gb Free Space | 21,99% Space Free | Partition Type: NTFS Drive F: | 983,48 Mb Total Space | 982,89 Mb Free Space | 99,94% Space Free | Partition Type: FAT Drive W: | 48,83 Gb Total Space | 48,68 Gb Free Space | 99,69% Space Free | Partition Type: NTFS Drive X: | 118,90 Gb Total Space | 118,55 Gb Free Space | 99,71% Space Free | Partition Type: NTFS Drive Y: | 147,10 Gb Total Space | 126,44 Gb Free Space | 85,96% Space Free | Partition Type: NTFS Drive Z: | 150,93 Gb Total Space | 43,62 Gb Free Space | 28,90% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Users\*****\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Programme\F-Secure\apps\ComputerSecurity\Gadget\fsgadget.exe () PRC - C:\Programme\F-Secure\apps\ComputerSecurity\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Greenshot\Greenshot.exe () PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtGui4.dll () MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtCore4.dll () MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtScript4.dll () MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtCLucene4.dll () MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtNetwork4.dll () MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtSql4.dll () MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtHelp4.dll () MOD - C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtXml4.dll () MOD - C:\Programme\F-Secure\imageformats\qmng4.dll () MOD - C:\Programme\F-Secure\imageformats\qico4.dll () MOD - C:\Programme\F-Secure\imageformats\qgif4.dll () MOD - C:\Programme\F-Secure\apps\ComputerSecurity\Gadget\fsgadget.exe () MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\gres.dll () MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\flyerres.eng () MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng () MOD - C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Greenshot\Greenshot.exe () MOD - C:\Programme\Greenshot\GreenshotPlugin.dll () MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll () ========== Win32 Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (fshoster) -- C:\Programme\F-Secure\fshoster32.exe (F-Secure Corporation) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FSMA) -- C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Programme\F-Secure\apps\ComputerSecurity\FWES\program\fsdfwd.exe (F-Secure Corporation) SRV - (FSORSPClient) -- C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe (F-Secure Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2c\RpcAgentSrv.exe (SiSoftware) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (GPU-Z) -- C:\Users\Marc\AppData\Local\Temp\GPU-Z.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys () DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (fsccsys1338306419) -- C:\Windows\System32\drivers\fsccsys.sys (F-Secure Corporation) DRV - (fsbts) -- C:\Windows\System32\drivers\fsbts.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation) DRV - (fsvista) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys () DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2c\WNt500x86\sandra.sys (SiSoftware) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (878BDA) -- C:\Windows\System32\drivers\878BDA.sys (DVB-TV Provide) DRV - (RTCore32) -- C:\Programme\MSI Afterburner\RTCore32.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 24 C7 F6 B2 F6 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "GuildWiki (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.klamm.de/?id=16542" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Marc\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.18 18:13:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\apps\OnlineSafety\BPP\litmus-ff@f-secure.com\ [2012.05.29 17:46:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 19:07:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.15 22:22:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 19:07:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.15 22:22:01 | 000,000,000 | ---D | M] [2011.05.01 09:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2011.05.01 09:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.05.27 14:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions [2012.05.18 18:02:56 | 000,000,000 | ---D | M] (WOT) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.05.27 14:07:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 18:55:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.31 19:29:29 | 000,002,283 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\x7q0jt7o.default\searchplugins\guild-wars-2-wiki-de.xml [2012.05.31 19:29:42 | 000,002,276 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\x7q0jt7o.default\searchplugins\guild-wars-2-wiki-en.xml [2011.05.14 20:30:17 | 000,000,655 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\x7q0jt7o.default\searchplugins\guildwiki-de.xml [2012.03.18 15:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.01 19:23:58 | 000,000,000 | ---D | M] (G Data CloudSecurity) -- C:\Programme\Mozilla Firefox\extensions\cloudsecurity@gdata.de [2011.12.18 18:13:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2011.09.19 13:06:36 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI [2012.01.22 01:00:08 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI [2011.09.09 19:57:02 | 000,089,388 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI [2012.05.23 19:31:58 | 000,003,808 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\GUTSCHEINELIVE@KLAMM.DE.XPI [2012.06.18 19:07:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.06 23:34:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.06.21 22:14:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.06.21 22:14:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.06.21 22:14:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.21 22:14:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.21 22:14:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.06.21 22:14:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.06.14 20:33:36 | 000,435,030 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14970 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Programme\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Programme\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [F-Secure Hoster] C:\Program Files\F-Secure\fshoster32.exe (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Marc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [Greenshot] C:\Programme\Greenshot\Greenshot.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC1484F-6C6F-4D87-BD8A-741005EFECB4}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.03 21:16:38 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.06.28 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Rechnungen **** [2012.06.28 19:42:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\FreePDF_XP [2012.06.28 19:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF [2012.06.28 19:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\FreePDF_XP [2012.06.28 19:41:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\FreePDF [2012.06.28 19:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript [2012.06.28 19:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\gs [2012.06.24 13:43:44 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Steam-Games [2012.06.23 23:32:29 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.23 23:32:29 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.23 23:32:10 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.23 23:32:10 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.23 23:32:10 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.23 23:31:58 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.23 23:31:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.20 19:28:49 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Funcom [2012.06.14 18:06:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.06.14 18:06:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.06.14 18:06:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.06.14 18:06:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.06.14 18:06:57 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.06.14 18:06:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.06.14 18:06:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.06.14 18:06:03 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.06.14 17:39:18 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.06.14 17:39:15 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.06.14 17:39:14 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.06.14 17:39:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.06.14 17:36:13 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.07.03 21:17:16 | 000,701,892 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.03 21:17:16 | 000,657,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.03 21:17:16 | 000,150,384 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.03 21:17:16 | 000,123,338 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.03 21:16:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe [2012.07.03 21:13:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1600336387-3074769339-1932291018-1000UA.job [2012.07.03 20:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.03 19:40:37 | 000,014,249 | ---- | M] () -- C:\Users\*****\Desktop\Fehlernachricht_2012-07-03_19-39-39.jpg [2012.07.03 19:19:19 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.03 19:19:19 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.03 19:12:04 | 000,000,614 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job [2012.07.03 19:12:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.03 19:11:57 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys [2012.07.03 19:07:42 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012.07.02 18:53:00 | 000,001,879 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.01 16:23:53 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1600336387-3074769339-1932291018-1000Core.job [2012.07.01 10:26:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.27 19:42:00 | 000,084,569 | ---- | M] () -- C:\Users\*****\Desktop\Spielplan Bayer 04 (Saison 12_13).pdf [2012.06.23 23:54:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.06.23 23:54:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.06.19 18:59:45 | 000,021,501 | ---- | M] () -- C:\Users\*****\Desktop\PB_Überweisung_KtoNr*****_19-06-2012_1901.pdf [2012.06.14 18:15:17 | 000,418,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.09 14:06:10 | 000,005,744 | ---- | M] () -- C:\Users\*****\Desktop\Metallica shareonline.dlc [2012.06.06 19:42:10 | 000,109,060 | ---- | M] () -- C:\Users\*****\Desktop\GG S01-07 Netload.dlc ========== Files Created - No Company Name ========== [2012.07.03 19:40:35 | 000,014,249 | ---- | C] () -- C:\Users\*****\Desktop\Fehlernachricht_2012-07-03_19-39-39.jpg [2012.07.02 18:53:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.07.02 18:53:00 | 000,001,879 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.28 19:41:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.06.28 19:41:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2012.06.27 19:42:00 | 000,084,569 | ---- | C] () -- C:\Users\*****\Desktop\Spielplan Bayer 04 (Saison 12_13).pdf [2012.06.19 18:59:41 | 000,021,501 | ---- | C] () -- C:\Users\*****\Desktop\PB_Überweisung_KtoNr*****_19-06-2012_1901.pdf [2012.06.09 14:06:09 | 000,005,744 | ---- | C] () -- C:\Users\*****\Desktop\Metallica shareonline.dlc [2012.06.06 19:42:08 | 000,109,060 | ---- | C] () -- C:\Users\*****\Desktop\GG S01-07 Netload.dlc [2012.04.03 00:58:46 | 000,044,184 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys [2012.04.03 00:58:12 | 000,019,540 | ---- | C] () -- C:\Windows\prodsett_copy.ini [2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.02.23 20:13:39 | 002,515,790 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2011.10.20 21:06:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll [2011.06.14 20:35:12 | 011,124,736 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Sandra.mdb [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll [2011.04.12 18:22:11 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2011.04.09 16:55:29 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.04.09 16:55:27 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.09 16:55:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.04.09 15:09:44 | 000,006,144 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.07 13:11:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\FirmwareRecovery.exe [2011.01.04 14:17:12 | 000,237,637 | ---- | C] () -- C:\Windows\System32\nbt.exe [2010.12.21 04:15:18 | 000,231,936 | ---- | C] () -- C:\Windows\System32\3500_256.dll ========== LOP Check ========== [2012.01.01 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AAV [2012.02.11 20:18:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BigHugeEngine [2012.05.28 13:30:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft [2012.05.27 14:07:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.30 01:00:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\F-Secure [2011.12.21 22:05:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FOG Downloader [2012.06.28 19:41:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FreePDF [2011.04.12 20:26:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Greenshot [2011.04.09 15:31:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView [2012.06.18 19:39:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mp3tag [2011.11.01 22:05:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MusicNet [2011.04.12 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ScanSoft [2011.05.01 09:44:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TomTom [2012.02.05 14:32:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client [2011.08.31 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ts3overlay [2011.04.10 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Windows SideBar [2012.05.23 19:23:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.03 19:12:04 | 000,000,614 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.07.2012 21:18:24 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\*****\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 62,11% Memory free
6,49 Gb Paging File | 4,98 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 173,88 Gb Free Space | 57,23% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 11,91 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive E: | 149,92 Gb Total Space | 32,97 Gb Free Space | 21,99% Space Free | Partition Type: NTFS
Drive F: | 983,48 Mb Total Space | 982,89 Mb Free Space | 99,94% Space Free | Partition Type: FAT
Drive W: | 48,83 Gb Total Space | 48,68 Gb Free Space | 99,69% Space Free | Partition Type: NTFS
Drive X: | 118,90 Gb Total Space | 118,55 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive Y: | 147,10 Gb Total Space | 126,44 Gb Free Space | 85,96% Space Free | Partition Type: NTFS
Drive Z: | 150,93 Gb Total Space | 43,62 Gb Free Space | 28,90% Space Free | Partition Type: NTFS
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052D8DAF-A9E0-4F0E-9C67-6469D3743B15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20A4A2C4-FBB0-4136-82AB-2DB39F30B127}" = lport=138 | protocol=17 | dir=in | app=system |
"{2212582E-328A-479E-9450-D723FF139E22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26B9DE57-D1D3-4C53-ADB3-A3CBC44A521B}" = lport=137 | protocol=17 | dir=in | app=system |
"{29EB2ADC-CB05-4190-AEE2-4CE37E1016BE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{31629EFC-B771-4F54-AF54-C51A60EE2DEB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{43BB1F20-3E47-4C41-971C-A85E8C031D9C}" = rport=139 | protocol=6 | dir=out | app=system |
"{4B5C84CC-BF0A-4EED-84F5-C59E19172A73}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5449D666-6E47-4144-AF6D-DB199F5A3461}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54588CE7-2E63-48A4-B659-4EE601F7D47D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{594FFC6E-48D5-40A6-90BF-16680490D3D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{709AFA73-876A-4625-A1CA-D784E4B78C09}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2c\rpcagentsrv.exe |
"{7519D887-A09B-4D0C-B027-FD8079784CC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{878D4CF5-1FD3-4483-8AF6-12E05A6805E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{8FED5F42-D84F-42EC-8399-3BD79CF1934F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9398811C-1BFB-4042-A910-54C76F3B9812}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9A45693B-2017-4992-BE91-DDEB1DEAF91B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{9D27D436-B531-4994-8B78-4677F114C53F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A5CA3F6F-00B2-4F10-90D4-D488DF7512AA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A6209688-BB4C-4A9B-BB5A-4170EB14674F}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2A35086-833C-45F6-AC82-4B400C459827}" = rport=445 | protocol=6 | dir=out | app=system |
"{C2D00193-41EA-4DE7-BB64-3896488F3A52}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CE35575B-D149-4695-97EE-CEF36B62ED23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6580468-F523-4BBA-93C9-381D1012732A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D6FDFC32-9620-489A-BDFA-192DAA091D5C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2c\wnt500x86\rpcsandrasrv.exe |
"{D92B0153-EC0E-405C-8D06-AFE31E1BE923}" = lport=445 | protocol=6 | dir=in | app=system |
"{E038D917-10B4-4DC2-BAB0-AD41EB68A3A2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E138DAA6-9EE3-4FCF-9B9E-8D331641AF7E}" = rport=138 | protocol=17 | dir=out | app=system |
"{E9A16012-9946-4E0E-8435-2B17A46CE638}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EBA9ED7C-E3CE-4A0E-B1B6-483D45C43EAF}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0076925-0E8A-4713-9066-46D18B52E7AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA0638AF-669E-455F-9EF8-DABB2FD7EF67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB02CB0D-9F71-421A-B552-086C9B906044}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCF2116D-EAF0-4BB8-85BA-D4EAB377DDC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008BC234-D421-40E3-8593-F0F44E479D00}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{099D1800-D8E9-4F74-9655-FC2AE0990406}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{0A7E094E-A788-4E9E-942F-CE97BFDDDFB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0C885578-52E3-4369-ACB2-03CC710ABF2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1BC4F4DB-FD8F-440C-A398-954914D078AF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1EB38191-15DC-4F06-9E6C-91A16B6AE96E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24DDAB58-174E-471E-8DF7-0DDE63DEA8D3}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{29F681CD-2D25-49F4-99D8-658F1307D879}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{383BA05E-51C0-450B-9346-F6146F902D62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4037A7F2-93B1-4F7D-AED1-950D85E44BAE}" = protocol=6 | dir=out | app=system |
"{4119BD91-9D95-44EE-AD82-ADC453713085}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{4EA1FE11-22A5-469B-A5D5-9140531C71D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F5384FF-7727-4067-9EB2-52E6A1417FFF}" = protocol=17 | dir=in | app=c:\users\marc\appdata\local\akamai\netsession_win.exe |
"{4F8A4606-95BE-4A33-A1A1-1BA00A707BAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{54CD5F05-7AEA-4D5D-BE2D-C2769E3DE4AA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{553B3CC2-406F-4586-993E-202A7C31F750}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{5672BB14-F190-4E4B-87AD-621680F977CE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5CCD7F1E-DFF0-4E88-BF97-8DF46480AC89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5D67D4C9-1093-46FC-A310-0B0C0A23C6CE}" = dir=in | app=c:\program files\cyberlink\powerdirector10\pdr10.exe |
"{7457E795-508E-4C9C-A0F2-1FEB404EE14D}" = protocol=17 | dir=in | app=e:\nexon\vindictus eu\en-eu\nmservice.exe |
"{7831C6A9-C245-4278-8DB4-9A137C94FE29}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7A2FB4A4-873E-4D37-95C3-1C7EF5C110E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AFB0C55-411C-4BC0-B233-E2E3049601B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7BC65021-C393-421F-BA59-BC27F4EAF321}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{7CC40214-D2DE-4BC0-9A17-C6DDF1324556}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{81D5DFD1-61F3-42E2-AA50-671CE31973BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82F5B1BA-A3C9-46C0-8F97-5FAC670B600F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83B42A84-A8BB-4ACC-BDD3-34C468FF43F0}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{8512AA19-D159-402E-AA00-DC90AEA8B790}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8A4EA5D5-2B98-40C3-BD26-FBA7C1F344DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8EEAF345-455B-41D8-9AEA-D6A1D55FA1F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9049A188-9F60-4A6E-AFF7-85C32CB5DF55}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A337BA19-EA28-4DF9-857E-0BC814A879E6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AEE30D7F-06D0-4ABF-8679-D5818A4EAB34}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B5A7418A-ED10-4CEF-AF03-7637E1B8C4B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C420C974-8052-46D4-AA1F-FF6F4174727F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C823640D-D8B3-4E79-89F0-46F17D96D8C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAC9F87C-5B50-47A3-8D62-E499BD4FB1B8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D087B8DC-E3B4-42D8-BA06-E887EE0967A7}" = protocol=6 | dir=in | app=e:\program files\steam\steam.exe |
"{D12CFE81-C5F2-417F-B3B1-251B5E19834F}" = protocol=6 | dir=in | app=c:\users\marc\appdata\local\akamai\netsession_win.exe |
"{D1DBA12D-BB84-4136-8EED-2281B7284C75}" = protocol=6 | dir=in | app=e:\nexon\vindictus eu\en-eu\nmservice.exe |
"{D2AB96C1-84C9-41A3-91D4-DB3CD256DCD8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D63D416C-AC8F-40B2-B0A1-A73B4607C354}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E1A37B4C-E013-4C20-B9DA-B76E54A00D4E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EA0FB6C5-FCF4-4182-B76A-AAEECD812F8C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EB1C60C1-62D7-4119-9816-418831A74150}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EBA14601-CB03-4EBD-86D8-7FC82969DE9D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F11076D5-3DFA-4C73-8779-0EB78905B878}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F2BCE748-B05D-41EE-8501-48412CB12816}" = protocol=17 | dir=in | app=e:\program files\steam\steam.exe |
"{FA1D019F-0B6D-4AE4-B7C5-5159A02B6AF0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FA7EC063-7930-457F-B26A-E070C58F7455}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{1621182D-6C44-4898-85BC-3833E926A268}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{79D4E3B4-7DBC-4A98-BDFD-6AF1866170BC}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{1CA8B8B5-18E8-42C6-AD83-62A02FF131C7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DDE1BAF7-5D69-45E9-BBE5-61FA8890F937}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{13B61614-9B6B-4A45-A62A-D3272D53192F}" = G Data CloudSecurity
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4441574D-727E-4DD3-AAFD-4E240EE3B588}" = CyberLink Holiday Pack Vol. 3
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-385C
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C5B3FD3-AD62-478C-96B1-C2BD14ACBEA6}" = F-Secure Network CCF 1.02.106
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.49.104.0 (release)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{8376B00D-8A5D-4067-BC8E-904617D21113}" = F-Secure Launch pad
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE1D23A-F31E-59CF-A430-1193CD3FED82}" = Online Safety 1.49.32753.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AABB78C0-A435-486A-84E3-17E6684828C2}" = CyberLink PowerDirector 10 Content Pack II
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP2c
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"1489-3350-5074-6281" = JDownloader 0.9
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Akamai" = Akamai NetSession Interface
"Atlantica" = Atlantica
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.5.0
"FreePDF_XP" = FreePDF (Remove only)
"F-Secure ServiceEnabler" = F-Secure Launch pad
"GPL Ghostscript 9.04" = GPL Ghostscript
"Greenshot_is1" = Greenshot
"Guild Wars" = GUILD WARS
"InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{AABB78C0-A435-486A-84E3-17E6684828C2}" = CyberLink PowerDirector 10 Content Pack II
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.51
"MySSID_is1" = Vtune 7.20
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Steam App 240" = Counter-Strike: Source
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Veetle TV" = Veetle TV
"Vindictus EU" = Vindictus
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.03.2012 14:11:47 | Computer Name = Marc-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition:
NScCoreComponents,type="win32",version="5.3.0.0". Verwenden Sie das Programm "sxstrace.exe"
für eine detaillierte Diagnose.
Error - 30.03.2012 14:14:13 | Computer Name = Marc-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.03.2012 19:52:30 | Computer Name = Marc-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 01:52:30.383]: [00001964]: CUsbScnDev: DeviceIoControl
Illegal response
Error - 31.03.2012 20:06:17 | Computer Name = Marc-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/04/01 02:06:17.128]: [00002552]: lperrcode->api
= 3 , lperrcode->code = 995
Error - 01.04.2012 04:38:13 | Computer Name = *****-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 01.04.2012 04:38:13 | Computer Name = ***** | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition:
NScCoreComponents,type="win32",version="5.3.0.0". Verwenden Sie das Programm "sxstrace.exe"
für eine detaillierte Diagnose.
Error - 01.04.2012 04:40:24 | Computer Name = Marc-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.04.2012 21:29:10 | Computer Name = *****-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 01.04.2012 21:29:10 | Computer Name = *****-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition:
NScCoreComponents,type="win32",version="5.3.0.0". Verwenden Sie das Programm "sxstrace.exe"
für eine detaillierte Diagnose.
Error - 01.04.2012 21:31:22 | Computer Name = Marc-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Media Center Events ]
Error - 17.10.2011 09:17:10 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 15:17:09 - Fehler beim Herstellen der Internetverbindung. 15:17:10
- Serververbindung konnte nicht hergestellt werden..
Error - 17.10.2011 09:18:04 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 15:17:17 - Fehler beim Herstellen der Internetverbindung. 15:17:17
- Serververbindung konnte nicht hergestellt werden..
Error - 17.10.2011 10:18:41 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:18:41 - Fehler beim Herstellen der Internetverbindung. 16:18:41
- Serververbindung konnte nicht hergestellt werden..
Error - 17.10.2011 10:19:19 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:19:11 - Fehler beim Herstellen der Internetverbindung. 16:19:11
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 28.11.2011 14:03:37 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 29.11.2011 14:39:33 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 30.11.2011 13:38:00 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 01.12.2011 15:11:59 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 13.12.2011 15:20:14 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 13.12.2011 15:43:33 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 15.12.2011 15:12:13 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 16.12.2011 06:30:52 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 18.12.2011 12:11:03 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 19.12.2011 13:39:23 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
< End of report >
|
|
12.07.2012, 06:53
| #2 | ||||
| /// Helfer-Team    | GVU/BKA Trojaner entfernt und jetzt? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Zitat:
Code:
ATTFilter :OTL
[2012.07.03 19:07:42 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 18:53:00 | 000,001,879 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.02 18:53:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 18:53:00 | 000,001,879 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
4. erneut einen Scan mit OTL:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
17.07.2012, 20:24
| #3 |
| | GVU/BKA Trojaner entfernt und jetzt? Hallo Kira,
__________________vielen Dank für die Antwort! Bin leider erst heute dazu gekommen alles durchzuführen. Beim Script habe ich leider doch die Sternchen vergessen auszutauschen daher jetzt 2 Ergebnisse von 2 Läufen. Hat aus meiner Sicht alles gut geklappt. OTL 1 (mit Sternchen): Code:
ATTFilter All processes killed
========== OTL ==========
C:\ProgramData\l_u0_0.pad moved successfully.
File C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File C:\ProgramData\l_u0_0.pad not found.
File C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\******\Desktop\cmd.bat deleted successfully.
C:\Users\******\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ******
->Temp folder emptied: 40805008 bytes
->Temporary Internet Files folder emptied: 6521340 bytes
->Java cache emptied: 648117 bytes
->FireFox cache emptied: 55280232 bytes
->Flash cache emptied: 3848 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 546614 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 170274276 bytes
Total Files Cleaned = 262,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07172012_193300
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter All processes killed
========== OTL ==========
File C:\ProgramData\l_u0_0.pad not found.
C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
File C:\ProgramData\l_u0_0.pad not found.
File C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\******\Desktop\cmd.bat deleted successfully.
C:\Users\******\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ******
->Temp folder emptied: 17056 bytes
->Temporary Internet Files folder emptied: 66034 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5242912 bytes
->Flash cache emptied: 492 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07172012_193642
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Jetzt zum Malwarebytes Anti-Maleware Bericht: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.17.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ****** :: *****-PC [Administrator] 17.07.2012 19:43:00 mbam-log-2012-07-17 (19-43-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|W:\|X:\|Y:\|Z:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 474329 Laufzeit: 1 Stunde(n), 13 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter AAVUpdateManager Wolters Kluwer Deutschland GmbH 07.01.2012 32,0MB 18.00.0000 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.07.2012 6,00MB 11.3.300.265 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.07.2012 6,00MB 11.3.300.265 Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 12.04.2012 168MB 10.1.3 AION Free-To-Play Gameforge 25.02.2012 22,6MB 2.70.0000 Akamai NetSession Interface 22.06.2012 Akamai NetSession Interface Akamai Technologies, Inc 22.06.2012 Apple Application Support Apple Inc. 15.05.2012 60,9MB 2.1.7 Apple Software Update Apple Inc. 26.02.2012 2,38MB 2.1.3.127 Art Effects for PDR10 NewBlue 26.02.2012 2.0 Atlantica NEXON Europe S.A.R.L 09.04.2011 21662 Bandisoft MPEG-1 Decoder 15.09.2011 Brother MFL-Pro Suite DCP-385C Brother Industries, Ltd. 09.04.2011 1.0.1.0 CCleaner Piriform 22.06.2012 3.20 ConvertHelper 2.2 DownloadHelper 01.06.2011 Counter-Strike: Source Valve 19.08.2011 CyberLink Holiday Pack Vol. 3 CyberLink Corp. 26.02.2012 2.0 CyberLink PowerDirector 10 CyberLink Corp. 26.02.2012 592MB 10.0.0.1012 CyberLink PowerDirector 10 Content Pack II CyberLink Corp. 26.02.2012 916MB 10.0 CyberLink WaveEditor CyberLink Corp. 26.02.2012 23,7MB 1.0.1.3320 Diablo III Blizzard Entertainment 11.07.2012 1.0.3.10485 DivX-Setup DivX, LLC 23.06.2012 2.6.1.9 Dota 2 18.04.2012 F-Secure Launch pad F-Secure Corporation 10.05.2012 1.49.440.0 Free Studio version 5.5.0 DVDVideoSoft Ltd. 27.05.2012 825MB 5.5.0 FreePDF (Remove only) 28.06.2012 G Data CloudSecurity G Data Software AG 01.06.2011 1,96MB 2.00.0000 Google Earth Google 01.12.2011 92,7MB 6.1.0.5001 GPL Ghostscript Artifex Software Inc. 28.06.2012 9.04 Greenshot 12.04.2011 1,56MB GUILD WARS 10.04.2011 IrfanView (remove only) Irfan Skiljan 28.01.2012 1,50MB 4.32 Java(TM) 7 Update 5 Oracle 07.07.2012 99,3MB 7.0.50 JavaFX 2.1.1 Oracle Corporation 07.07.2012 20,8MB 2.1.1 JDownloader 0.9 AppWork GmbH 01.06.2011 0.9 MAESTIA Version 201201 RocWorks 12.02.2012 201201 Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 17.07.2012 18,7MB 1.62.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.04.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 09.04.2011 2,93MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 22.11.2011 51,9MB 4.0.30319 Microsoft Office Professional Plus 2010 Microsoft Corporation 12.08.2011 14.0.6029.1000 Microsoft Silverlight Microsoft Corporation 12.05.2012 120MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 12.04.2012 1,69MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 250KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 300KB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 09.04.2011 198KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 598KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 06.09.2011 234KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.04.2011 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 04.06.2011 224KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 25.12.2011 15,0MB 10.0.40219 Mozilla Firefox 13.0.1 (x86 de) Mozilla 18.06.2012 38,3MB 13.0.1 Mozilla Maintenance Service Mozilla 18.06.2012 309KB 13.0.1 Mp3tag v2.51 Florian Heidenreich 17.05.2012 v2.51 MSI Afterburner 2.1.0 MSI Co., LTD 20.10.2011 2.1.0 MSI Kombustor 2.0.0 MSI Co., LTD 21.10.2011 31,1MB MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.07.2011 35,0KB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14.07.2011 1,33MB 4.20.9876.0 NC Launcher (GameForge) NCsoft 25.02.2012 Nero 10 ClipartPack Nero AG 04.06.2011 26,5MB 10.2.10000.11.0 Nero 10 Menu TemplatePack 1 Nero AG 04.06.2011 59,7MB 10.2.10000.0.0 Nero 10 Menu TemplatePack 2 Nero AG 04.06.2011 182MB 10.2.10000.0.0 Nero 10 Menu TemplatePack 3 Nero AG 04.06.2011 241MB 10.2.10000.0.0 Nero 10 Movie ThemePack 1 Nero AG 04.06.2011 51,2MB 10.2.10000.11.0 Nero 10 Movie ThemePack 2 Nero AG 04.06.2011 313MB 10.2.10000.12.0 Nero 10 Movie ThemePack 3 Nero AG 04.06.2011 167MB 10.2.10000.0.0 Nero 10 Movie ThemePack 4 Nero AG 04.06.2011 100MB 10.2.10000.11.0 Nero 10 PiP EffectPack 1 Nero AG 04.06.2011 73,9MB 10.2.10000.0.0 Nero 10 Sample ImagePack Nero AG 04.06.2011 5,85MB 10.2.10000.11.0 Nero 10 Sample Videos Nero AG 04.06.2011 42,0MB 10.2.10000.11.0 Nero 10 Video TransitionPack 1 Nero AG 04.06.2011 32,6MB 10.2.10000.0.0 Nero BackItUp 10 Nero AG 04.06.2011 109MB 5.6.10600.6.100 Nero Burning ROM 10 Nero AG 04.06.2011 167MB 10.2.10500.7.100 Nero BurnRights 10 Nero AG 04.06.2011 6,14MB 4.2.10300.0.102 Nero CoverDesigner 10 Nero AG 04.06.2011 77,2MB 5.2.10400.4.100 Nero DiscCopy Gadget 10 Nero AG 04.06.2011 34,6MB 3.2.10300.5.100 Nero DiscSpeed 10 Nero AG 04.06.2011 7,20MB 6.2.10200.0.100 Nero Express 10 Nero AG 04.06.2011 164MB 10.2.10500.7.100 Nero InfoTool 10 Nero AG 04.06.2011 7,78MB 7.2.10200.4.100 Nero MediaHub 10 Nero AG 04.06.2011 178MB 1.2.10800.14.100 Nero Multimedia Suite 10 Platinum HD Nero AG 04.06.2011 2,65GB 10.5.10000 Nero Recode 10 Nero AG 04.06.2011 92,2MB 4.8.10400.3.100 Nero RescueAgent 10 Nero AG 04.06.2011 6,49MB 3.2.10300.3.100 Nero SoundTrax 10 Nero AG 04.06.2011 95,0MB 4.8.10200.1.100 Nero StartSmart 10 Nero AG 04.06.2011 143MB 10.2.10400.5.100 Nero Update Nero AG 04.06.2011 1,43MB 1.0.0018 Nero Vision 10 Nero AG 04.06.2011 223MB 7.2.14000.4.100 Nero WaveEditor 10 Nero AG 04.06.2011 75,9MB 5.8.10200.1.100 Nexon Game Manager 15.09.2011 Nexon Game Manager 15.09.2011 Nexus Mod Manager Black Tree Gaming 21.03.2012 13,0MB 0.16.4 NVIDIA 3D Vision Controller-Treiber 301.42 NVIDIA Corporation 13.07.2012 301.42 NVIDIA 3D Vision Treiber 301.42 NVIDIA Corporation 13.07.2012 301.42 NVIDIA Grafiktreiber 301.42 NVIDIA Corporation 13.07.2012 301.42 NVIDIA HD-Audiotreiber 1.3.16.0 NVIDIA Corporation 13.07.2012 1.3.16.0 NVIDIA PhysX-Systemsoftware 9.12.0213 NVIDIA Corporation 16.03.2012 9.12.0213 NVIDIA Update 1.8.15 NVIDIA Corporation 13.07.2012 1.8.15 Pando Media Booster Pando Networks Inc. 15.09.2011 5,46MB 2.3.6.0 PlayReady PC Runtime x86 Microsoft Corporation 05.07.2011 1,65MB 1.3.0 QuickTime Apple Inc. 15.05.2012 73,2MB 7.72.80.56 RedMon - Redirection Port Monitor 28.06.2012 ScanSoft PaperPort 11 Nuance Communications, Inc. 12.04.2011 131MB 11.1.0000 SiSoftware Sandra Lite 2011.SP2c SiSoftware 14.06.2011 103MB 17.60.2011.7 SmartSound Quicktracks 5 SmartSound Software Inc. 26.02.2012 50,1MB 5.1.8 Spybot - Search & Destroy Safer Networking Limited 09.04.2011 1.6.2 Steam Valve Corporation 19.08.2011 35,4MB 1.0.0.0 Steuer-Spar-Erklärung 2012 Wolters Kluwer Deutschland GmbH 07.01.2012 331MB 17.04 TeamSpeak 3 Client TeamSpeak Systems GmbH 09.04.2011 The Elder Scrolls V: Skyrim Bethesda Game Studios 24.12.2011 The Witcher 2 CD Projekt Red 22.10.2011 1.00.0000 TomTom HOME 2.8.3.2499 TomTom 28.02.2012 2.8.3.2499 TomTom HOME Visual Studio Merge Modules TomTom International B.V. 01.05.2011 1,88MB 1.0.2 USB Audio/Video Driver 04.02.2012 6,86MB 1.00.0000 Veetle TV Veetle, Inc 10.03.2012 0.9.19 Vindictus 15.09.2011 VLC media player 2.0.1 VideoLAN 27.05.2012 2.0.1 Vtune 7.20 17.10.2011 11,2MB Windows Live Essentials Microsoft Corporation 12.04.2012 15.4.3555.0308 Windows Mobile-Gerätecenter Microsoft Corporation 20.04.2011 27,4MB 6.1.6965.0 WinRAR 4.00 (32-Bit) win.rar GmbH 09.04.2011 4.00.0 OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.07.2012 21:00:02 - Run 3 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\******\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 46,33% Memory free 6,49 Gb Paging File | 4,68 Gb Available in Paging File | 72,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,84 Gb Total Space | 170,02 Gb Free Space | 55,96% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 11,91 Gb Free Space | 99,27% Space Free | Partition Type: NTFS Drive E: | 149,92 Gb Total Space | 32,96 Gb Free Space | 21,98% Space Free | Partition Type: NTFS Drive W: | 48,83 Gb Total Space | 48,68 Gb Free Space | 99,69% Space Free | Partition Type: NTFS Drive X: | 118,90 Gb Total Space | 118,55 Gb Free Space | 99,71% Space Free | Partition Type: NTFS Drive Y: | 147,10 Gb Total Space | 126,44 Gb Free Space | 85,96% Space Free | Partition Type: NTFS Drive Z: | 150,93 Gb Total Space | 43,62 Gb Free Space | 28,90% Space Free | Partition Type: NTFS Computer Name: ******-PC | User Name: ****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.13 12:30:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe PRC - [2012.06.27 18:48:06 | 001,027,792 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe PRC - [2012.06.27 18:48:06 | 000,560,848 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe PRC - [2012.06.18 19:07:00 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\******\AppData\Local\Akamai\netsession_win.exe PRC - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.05.15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.05.15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.02.28 11:56:14 | 000,161,248 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\fshoster32.exe PRC - [2012.01.23 06:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.19 05:28:02 | 000,310,936 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE PRC - [2011.12.19 05:28:02 | 000,212,632 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE PRC - [2011.12.19 05:27:58 | 000,249,496 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\Gadget\fsgadget.exe PRC - [2011.12.19 05:27:56 | 000,613,528 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\apps\ComputerSecurity\FWES\program\fsdfwd.exe PRC - [2011.12.12 11:27:54 | 000,061,120 | ---- | M] (F-Secure Corporation) -- C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.18 22:59:40 | 001,422,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\WINWORD.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.07.01 21:41:20 | 000,540,672 | ---- | M] () -- C:\Programme\Greenshot\Greenshot.exe PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== MOD - [2012.06.18 19:07:00 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.14 18:17:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 18:17:10 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2012.05.12 15:12:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.12 15:12:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.12 15:12:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.12 15:12:20 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.04.03 00:51:52 | 008,347,304 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtGui4.dll MOD - [2012.04.03 00:51:52 | 002,256,552 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtCore4.dll MOD - [2012.04.03 00:51:52 | 001,162,920 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtScript4.dll MOD - [2012.04.03 00:51:52 | 001,072,808 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtCLucene4.dll MOD - [2012.04.03 00:51:52 | 000,986,792 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtNetwork4.dll MOD - [2012.04.03 00:51:52 | 000,622,248 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtSql4.dll MOD - [2012.04.03 00:51:52 | 000,450,216 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtHelp4.dll MOD - [2012.04.03 00:51:52 | 000,372,392 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtXml4.dll MOD - [2012.02.28 11:56:14 | 000,243,168 | ---- | M] () -- C:\Programme\F-Secure\imageformats\qmng4.dll MOD - [2012.02.28 11:56:12 | 000,037,856 | ---- | M] () -- C:\Programme\F-Secure\imageformats\qico4.dll MOD - [2012.02.28 11:56:12 | 000,035,808 | ---- | M] () -- C:\Programme\F-Secure\imageformats\qgif4.dll MOD - [2011.12.19 05:27:58 | 000,249,496 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\Gadget\fsgadget.exe MOD - [2011.12.19 05:27:54 | 000,556,696 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\gres.dll MOD - [2011.12.19 05:27:54 | 000,143,360 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\flyerres.eng MOD - [2011.12.19 05:27:54 | 000,086,016 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng MOD - [2011.12.19 05:27:54 | 000,049,152 | ---- | M] () -- C:\Programme\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.01 21:41:20 | 000,540,672 | ---- | M] () -- C:\Programme\Greenshot\Greenshot.exe MOD - [2010.07.01 21:41:18 | 000,024,576 | ---- | M] () -- C:\Programme\Greenshot\GreenshotPlugin.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.07.11 20:54:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.10 19:59:45 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012.06.18 19:07:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.23 21:43:04 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.02.28 11:56:14 | 000,161,248 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Programme\F-Secure\fshoster32.exe -- (fshoster) SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.19 05:28:02 | 000,212,632 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Programme\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA) SRV - [2011.12.19 05:27:56 | 000,613,528 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Programme\F-Secure\apps\ComputerSecurity\FWES\program\fsdfwd.exe -- (FSDFWD) SRV - [2011.12.12 11:27:54 | 000,061,120 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Programme\F-Secure\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.10 00:15:36 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\******\AppData\Local\Temp\GPU-Z.sys -- (GPU-Z) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2012.06.27 18:52:26 | 000,144,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2012.06.27 18:48:07 | 000,072,976 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Programme\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2012.05.16 13:17:52 | 000,054,360 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fsccsys.sys -- (fsccsys1338306419) DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.05.02 16:02:21 | 000,044,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts) DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.12.19 05:27:56 | 000,072,600 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW) DRV - [2011.12.19 05:27:56 | 000,036,984 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES) DRV - [2011.12.19 05:27:48 | 000,013,464 | ---- | M] () [Kernel | System | Running] -- C:\Programme\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2011.06.01 14:21:28 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2c\WNt500x86\sandra.sys -- (SANDRA) DRV - [2008.05.14 20:32:42 | 000,535,040 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA) DRV - [2008.05.14 20:32:24 | 000,286,208 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM) DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2006.04.04 18:29:56 | 000,086,016 | ---- | M] (DVB-TV Provide) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\878BDA.sys -- (878BDA) DRV - [2005.05.25 05:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MSI Afterburner\RTCore32.sys -- (RTCore32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 24 C7 F6 B2 F6 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "GuildWiki (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.klamm.de/?id=16542" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Marc\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.18 18:13:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\apps\OnlineSafety\BPP\litmus-ff@f-secure.com\ [2012.05.29 17:46:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 19:07:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.07 17:52:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 19:07:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.07 17:52:15 | 000,000,000 | ---D | M] [2011.05.01 09:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions [2011.05.01 09:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.05.27 14:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions [2012.05.18 18:02:56 | 000,000,000 | ---D | M] (WOT) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.05.27 14:07:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 18:55:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\x7q0jt7o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.31 19:29:29 | 000,002,283 | ---- | M] () -- C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\x7q0jt7o.default\searchplugins\guild-wars-2-wiki-de.xml [2012.05.31 19:29:42 | 000,002,276 | ---- | M] () -- C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\x7q0jt7o.default\searchplugins\guild-wars-2-wiki-en.xml [2011.05.14 20:30:17 | 000,000,655 | ---- | M] () -- C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\x7q0jt7o.default\searchplugins\guildwiki-de.xml [2012.03.18 15:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.01 19:23:58 | 000,000,000 | ---D | M] (G Data CloudSecurity) -- C:\Programme\Mozilla Firefox\extensions\cloudsecurity@gdata.de [2011.12.18 18:13:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2011.09.19 13:06:36 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI [2012.01.22 01:00:08 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI [2011.09.09 19:57:02 | 000,089,388 | ---- | M] () (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI [2012.05.23 19:31:58 | 000,003,808 | ---- | M] () (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X7Q0JT7O.DEFAULT\EXTENSIONS\GUTSCHEINELIVE@KLAMM.DE.XPI [2012.06.18 19:07:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.06.21 22:14:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.06.21 22:14:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.06.21 22:14:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.21 22:14:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.21 22:14:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.06.21 22:14:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.04 19:32:56 | 000,443,048 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15219 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Programme\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (G Data CloudSecurity) - {AADAC261-4EE9-473A-AB95-D8E153424C38} - C:\Programme\G Data\G Data CloudSecurity\CloudSecurityIE.dll (G Data Software AG) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [F-Secure Hoster] C:\Program Files\F-Secure\fshoster32.exe (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Marc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [Greenshot] C:\Programme\Greenshot\Greenshot.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC1484F-6C6F-4D87-BD8A-741005EFECB4}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.17 19:33:00 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.15 20:23:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2012.07.13 19:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.07.13 19:30:43 | 000,148,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2012.07.13 19:30:43 | 000,027,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2012.07.13 19:30:42 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2012.07.13 19:30:42 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2012.07.13 19:30:42 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2012.07.13 19:30:42 | 011,354,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2012.07.13 19:30:42 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2012.07.13 19:30:42 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2012.07.13 19:30:42 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2012.07.13 19:30:42 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll [2012.07.13 19:30:42 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll [2012.07.13 19:18:29 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\F-Secure Support [2012.07.12 18:16:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.12 18:16:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.12 18:16:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.12 18:16:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.12 18:16:19 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.12 18:16:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.12 18:16:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.12 18:13:33 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.12 17:23:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.12 17:23:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012.07.12 17:23:06 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2012.07.07 17:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.07.07 17:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.07.07 17:52:15 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.07.07 17:52:15 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.07.04 18:04:11 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes [2012.07.04 18:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.04 18:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.04 18:04:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.04 18:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.28 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Rechnungen ****** [2012.06.28 19:42:59 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\FreePDF_XP [2012.06.28 19:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF [2012.06.28 19:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\FreePDF_XP [2012.06.28 19:41:48 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\FreePDF [2012.06.28 19:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript [2012.06.28 19:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\gs [2012.06.24 13:43:44 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Steam-Games [2012.06.23 23:32:29 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.23 23:32:29 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.23 23:32:10 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.23 23:32:10 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.23 23:32:10 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.23 23:31:58 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.23 23:31:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.20 19:28:49 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Funcom ========== Files - Modified Within 30 Days ========== [2012.07.17 20:54:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.17 20:13:08 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1600336387-3074769339-1932291018-1000UA.job [2012.07.17 19:44:58 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.17 19:44:58 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.17 19:41:17 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.17 19:37:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.17 19:37:30 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys [2012.07.17 19:18:10 | 000,000,614 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job [2012.07.15 20:27:30 | 000,701,892 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.15 20:27:30 | 000,657,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.15 20:27:30 | 000,150,384 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.15 20:27:30 | 000,123,338 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.15 16:13:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1600336387-3074769339-1932291018-1000Core.job [2012.07.13 19:14:26 | 356,273,245 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.13 12:30:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2012.07.12 18:18:55 | 000,418,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.11 20:54:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.11 20:54:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.07 17:51:56 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.07.07 17:51:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.07.07 17:51:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.07.04 19:32:56 | 000,443,048 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.01 10:26:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.27 19:42:00 | 000,084,569 | ---- | M] () -- C:\Users\******\Desktop\Spielplan (Saison 12_13).pdf ========== Files Created - No Company Name ========== [2012.07.13 19:14:26 | 356,273,245 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.07.04 18:04:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.28 19:41:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.06.28 19:41:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2012.06.27 19:42:00 | 000,084,569 | ---- | C] () -- C:\Users\******\Desktop\Spielplan (Saison 12_13).pdf [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.04.03 00:58:46 | 000,044,184 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys [2012.04.03 00:58:12 | 000,019,540 | ---- | C] () -- C:\Windows\prodsett_copy.ini [2012.02.23 20:13:39 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2011.10.20 21:06:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll [2011.06.14 20:35:12 | 011,124,736 | ---- | C] () -- C:\Users\******\AppData\Roaming\Sandra.mdb [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll [2011.04.12 18:22:11 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2011.04.09 16:55:29 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.04.09 16:55:27 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.09 16:55:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.04.09 15:09:44 | 000,006,144 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.07 13:11:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\FirmwareRecovery.exe [2011.01.04 14:17:12 | 000,237,637 | ---- | C] () -- C:\Windows\System32\nbt.exe [2010.12.21 04:15:18 | 000,231,936 | ---- | C] () -- C:\Windows\System32\3500_256.dll ========== LOP Check ========== [2012.01.01 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\AAV [2012.02.11 20:18:38 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\BigHugeEngine [2012.05.28 13:30:34 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft [2012.05.27 14:07:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.30 01:00:01 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\F-Secure [2011.12.21 22:05:02 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FOG Downloader [2012.06.28 19:41:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FreePDF [2011.04.12 20:26:41 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Greenshot [2011.04.09 15:31:38 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\IrfanView [2012.06.18 19:39:56 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Mp3tag [2011.11.01 22:05:27 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\MusicNet [2011.04.12 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ScanSoft [2011.05.01 09:44:56 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TomTom [2012.02.05 14:32:29 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TS3Client [2011.08.31 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ts3overlay [2011.04.10 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Windows SideBar [2012.05.23 19:23:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.17 19:18:10 | 000,000,614 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job ========== Purity Check ========== < End of report > OTL-Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.07.2012 21:00:02 - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\******\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 46,33% Memory free
6,49 Gb Paging File | 4,68 Gb Available in Paging File | 72,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 170,02 Gb Free Space | 55,96% Space Free | Partition Type: NTFS
Drive D: | 12,00 Gb Total Space | 11,91 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive E: | 149,92 Gb Total Space | 32,96 Gb Free Space | 21,98% Space Free | Partition Type: NTFS
Drive W: | 48,83 Gb Total Space | 48,68 Gb Free Space | 99,69% Space Free | Partition Type: NTFS
Drive X: | 118,90 Gb Total Space | 118,55 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive Y: | 147,10 Gb Total Space | 126,44 Gb Free Space | 85,96% Space Free | Partition Type: NTFS
Drive Z: | 150,93 Gb Total Space | 43,62 Gb Free Space | 28,90% Space Free | Partition Type: NTFS
Computer Name: ******-PC | User Name: ******| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052D8DAF-A9E0-4F0E-9C67-6469D3743B15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20A4A2C4-FBB0-4136-82AB-2DB39F30B127}" = lport=138 | protocol=17 | dir=in | app=system |
"{2212582E-328A-479E-9450-D723FF139E22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26B9DE57-D1D3-4C53-ADB3-A3CBC44A521B}" = lport=137 | protocol=17 | dir=in | app=system |
"{29EB2ADC-CB05-4190-AEE2-4CE37E1016BE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{31629EFC-B771-4F54-AF54-C51A60EE2DEB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{43BB1F20-3E47-4C41-971C-A85E8C031D9C}" = rport=139 | protocol=6 | dir=out | app=system |
"{4B5C84CC-BF0A-4EED-84F5-C59E19172A73}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5449D666-6E47-4144-AF6D-DB199F5A3461}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54588CE7-2E63-48A4-B659-4EE601F7D47D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{594FFC6E-48D5-40A6-90BF-16680490D3D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{709AFA73-876A-4625-A1CA-D784E4B78C09}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2c\rpcagentsrv.exe |
"{7519D887-A09B-4D0C-B027-FD8079784CC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{878D4CF5-1FD3-4483-8AF6-12E05A6805E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{8FED5F42-D84F-42EC-8399-3BD79CF1934F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9398811C-1BFB-4042-A910-54C76F3B9812}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9A45693B-2017-4992-BE91-DDEB1DEAF91B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{9D27D436-B531-4994-8B78-4677F114C53F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A5CA3F6F-00B2-4F10-90D4-D488DF7512AA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A6209688-BB4C-4A9B-BB5A-4170EB14674F}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2A35086-833C-45F6-AC82-4B400C459827}" = rport=445 | protocol=6 | dir=out | app=system |
"{C2D00193-41EA-4DE7-BB64-3896488F3A52}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CE35575B-D149-4695-97EE-CEF36B62ED23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6580468-F523-4BBA-93C9-381D1012732A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D6FDFC32-9620-489A-BDFA-192DAA091D5C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2c\wnt500x86\rpcsandrasrv.exe |
"{D92B0153-EC0E-405C-8D06-AFE31E1BE923}" = lport=445 | protocol=6 | dir=in | app=system |
"{E038D917-10B4-4DC2-BAB0-AD41EB68A3A2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E138DAA6-9EE3-4FCF-9B9E-8D331641AF7E}" = rport=138 | protocol=17 | dir=out | app=system |
"{E9A16012-9946-4E0E-8435-2B17A46CE638}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EBA9ED7C-E3CE-4A0E-B1B6-483D45C43EAF}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0076925-0E8A-4713-9066-46D18B52E7AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA0638AF-669E-455F-9EF8-DABB2FD7EF67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB02CB0D-9F71-421A-B552-086C9B906044}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCF2116D-EAF0-4BB8-85BA-D4EAB377DDC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008BC234-D421-40E3-8593-F0F44E479D00}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{099D1800-D8E9-4F74-9655-FC2AE0990406}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{0A7E094E-A788-4E9E-942F-CE97BFDDDFB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0C885578-52E3-4369-ACB2-03CC710ABF2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1BC4F4DB-FD8F-440C-A398-954914D078AF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1EB38191-15DC-4F06-9E6C-91A16B6AE96E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24DDAB58-174E-471E-8DF7-0DDE63DEA8D3}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{29F681CD-2D25-49F4-99D8-658F1307D879}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{383BA05E-51C0-450B-9346-F6146F902D62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4037A7F2-93B1-4F7D-AED1-950D85E44BAE}" = protocol=6 | dir=out | app=system |
"{4119BD91-9D95-44EE-AD82-ADC453713085}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{4EA1FE11-22A5-469B-A5D5-9140531C71D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F5384FF-7727-4067-9EB2-52E6A1417FFF}" = protocol=17 | dir=in | app=c:\users\marc\appdata\local\akamai\netsession_win.exe |
"{4F8A4606-95BE-4A33-A1A1-1BA00A707BAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{54CD5F05-7AEA-4D5D-BE2D-C2769E3DE4AA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{553B3CC2-406F-4586-993E-202A7C31F750}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{5672BB14-F190-4E4B-87AD-621680F977CE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5CCD7F1E-DFF0-4E88-BF97-8DF46480AC89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5D67D4C9-1093-46FC-A310-0B0C0A23C6CE}" = dir=in | app=c:\program files\cyberlink\powerdirector10\pdr10.exe |
"{7457E795-508E-4C9C-A0F2-1FEB404EE14D}" = protocol=17 | dir=in | app=e:\nexon\vindictus eu\en-eu\nmservice.exe |
"{7831C6A9-C245-4278-8DB4-9A137C94FE29}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7A2FB4A4-873E-4D37-95C3-1C7EF5C110E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AFB0C55-411C-4BC0-B233-E2E3049601B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7BC65021-C393-421F-BA59-BC27F4EAF321}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{7CC40214-D2DE-4BC0-9A17-C6DDF1324556}" = protocol=17 | dir=in | app=e:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{81D5DFD1-61F3-42E2-AA50-671CE31973BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82F5B1BA-A3C9-46C0-8F97-5FAC670B600F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83B42A84-A8BB-4ACC-BDD3-34C468FF43F0}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{8512AA19-D159-402E-AA00-DC90AEA8B790}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8A4EA5D5-2B98-40C3-BD26-FBA7C1F344DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8EEAF345-455B-41D8-9AEA-D6A1D55FA1F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9049A188-9F60-4A6E-AFF7-85C32CB5DF55}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A337BA19-EA28-4DF9-857E-0BC814A879E6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AEE30D7F-06D0-4ABF-8679-D5818A4EAB34}" = protocol=6 | dir=in | app=e:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B5A7418A-ED10-4CEF-AF03-7637E1B8C4B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C420C974-8052-46D4-AA1F-FF6F4174727F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C823640D-D8B3-4E79-89F0-46F17D96D8C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAC9F87C-5B50-47A3-8D62-E499BD4FB1B8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D087B8DC-E3B4-42D8-BA06-E887EE0967A7}" = protocol=6 | dir=in | app=e:\program files\steam\steam.exe |
"{D12CFE81-C5F2-417F-B3B1-251B5E19834F}" = protocol=6 | dir=in | app=c:\users\marc\appdata\local\akamai\netsession_win.exe |
"{D1DBA12D-BB84-4136-8EED-2281B7284C75}" = protocol=6 | dir=in | app=e:\nexon\vindictus eu\en-eu\nmservice.exe |
"{D2AB96C1-84C9-41A3-91D4-DB3CD256DCD8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D63D416C-AC8F-40B2-B0A1-A73B4607C354}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E1A37B4C-E013-4C20-B9DA-B76E54A00D4E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EA0FB6C5-FCF4-4182-B76A-AAEECD812F8C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EB1C60C1-62D7-4119-9816-418831A74150}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EBA14601-CB03-4EBD-86D8-7FC82969DE9D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F11076D5-3DFA-4C73-8779-0EB78905B878}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F2BCE748-B05D-41EE-8501-48412CB12816}" = protocol=17 | dir=in | app=e:\program files\steam\steam.exe |
"{FA1D019F-0B6D-4AE4-B7C5-5159A02B6AF0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FA7EC063-7930-457F-B26A-E070C58F7455}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{79D4E3B4-7DBC-4A98-BDFD-6AF1866170BC}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{DDE1BAF7-5D69-45E9-BBE5-61FA8890F937}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13B61614-9B6B-4A45-A62A-D3272D53192F}" = G Data CloudSecurity
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4441574D-727E-4DD3-AAFD-4E240EE3B588}" = CyberLink Holiday Pack Vol. 3
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-385C
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C5B3FD3-AD62-478C-96B1-C2BD14ACBEA6}" = F-Secure Network CCF 1.02.106
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.49.104.0 (release)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{8376B00D-8A5D-4067-BC8E-904617D21113}" = F-Secure Launch pad
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BE1D23A-F31E-59CF-A430-1193CD3FED82}" = Online Safety 1.49.32753.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AABB78C0-A435-486A-84E3-17E6684828C2}" = CyberLink PowerDirector 10 Content Pack II
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP2c
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"1489-3350-5074-6281" = JDownloader 0.9
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Akamai" = Akamai NetSession Interface
"Atlantica" = Atlantica
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.5.0
"FreePDF_XP" = FreePDF (Remove only)
"F-Secure ServiceEnabler" = F-Secure Launch pad
"GPL Ghostscript 9.04" = GPL Ghostscript
"Greenshot_is1" = Greenshot
"Guild Wars" = GUILD WARS
"InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{AABB78C0-A435-486A-84E3-17E6684828C2}" = CyberLink PowerDirector 10 Content Pack II
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.51
"MySSID_is1" = Vtune 7.20
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Steam App 240" = Counter-Strike: Source
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Veetle TV" = Veetle TV
"Vindictus EU" = Vindictus
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.04.2012 13:47:48 | Computer Name = Marc-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.04.2012 14:20:59 | Computer Name = ******-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/04 20:20:59.846]: [00000332]: CBrUsbSti: GetDevCapa
Failed.
Error - 04.04.2012 14:20:59 | Computer Name = ******-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/04 20:20:59.852]: [00000332]: CBrUsbSti: GetDevCapa
Failed.
Error - 04.04.2012 14:20:59 | Computer Name = ******-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/04 20:20:59.858]: [00000332]: CBrUsbSti: GetDevCapa
Failed.
Error - 04.04.2012 14:20:59 | Computer Name = ******-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/04 20:20:59.963]: [00000332]: CBrUsbSti: GetDevCapa
Failed.
Error - 04.04.2012 14:21:00 | Computer Name = ******-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/04/04 20:21:00.075]: [00000332]: CBrUsbSti: GetDevCapa
Failed.
Error - 04.04.2012 14:21:18 | Computer Name = ******-PC | Source = Brother BrLog | ID = 1001
Description = WIA BrtWIA: [2012/04/04 20:21:18.157]: [00000332]: ChkMk:: ED Error[-4]
Error - 04.04.2012 14:21:18 | Computer Name = ******-PC | Source = Brother BrLog | ID = 1001
Description = WIA BrtWIA: [2012/04/04 20:21:18.157]: [00000332]: ChkMk:: ES Error[-4]
Error - 04.04.2012 14:21:18 | Computer Name = ******-PC | Source = Brother BrLog | ID = 1001
Description = WIA BrtWIA: [2012/04/04 20:21:18.157]: [00000332]: Unlinking WIA item
tree
Error - 04.04.2012 14:21:18 | Computer Name = ******-PC | Source = Brother BrLog | ID = 1001
Description = WIA BrtWIA: [2012/04/04 20:21:18.157]: [00000332]: Releasing IDrvItemRoot
interface
[ Media Center Events ]
Error - 17.10.2011 09:17:10 | Computer Name = ******-PC | Source = MCUpdate | ID = 0
Description = 15:17:09 - Fehler beim Herstellen der Internetverbindung. 15:17:10
- Serververbindung konnte nicht hergestellt werden..
Error - 17.10.2011 09:18:04 | Computer Name = ******-PC | Source = MCUpdate | ID = 0
Description = 15:17:17 - Fehler beim Herstellen der Internetverbindung. 15:17:17
- Serververbindung konnte nicht hergestellt werden..
Error - 17.10.2011 10:18:41 | Computer Name = ******-PC | Source = MCUpdate | ID = 0
Description = 16:18:41 - Fehler beim Herstellen der Internetverbindung. 16:18:41
- Serververbindung konnte nicht hergestellt werden..
Error - 17.10.2011 10:19:19 | Computer Name = ******-PC | Source = MCUpdate | ID = 0
Description = 16:19:11 - Fehler beim Herstellen der Internetverbindung. 16:19:11
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 28.11.2011 14:03:37 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 29.11.2011 14:39:33 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 30.11.2011 13:38:00 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 01.12.2011 15:11:59 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 13.12.2011 15:20:14 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 13.12.2011 15:43:33 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 15.12.2011 15:12:13 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 16.12.2011 06:30:52 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 18.12.2011 12:11:03 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 19.12.2011 13:39:23 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
< End of report >
Zu guter letzt noch 2 wichtige Hinweise auch für Mitleser. Bevor ich diese Anleitung durchgeführt habe, habe ich mit der Rescue CD von F-Secure einen Check durchgeführt. Hierbei wurden im Java Verzeichnis weitere 10 Malware Infektionen gefunden und entfernt! Ob dies mit dem Trojaner zusammenhängt weiß ich nicht würde den Check aber jedem empfehlen, da er Windows unabhängig ist. Anschließend habe ich die Java Version auf den aktuellen Stand gebracht und die alte Version deinstalliert! Hoffe wir haben nun alles eleminiert und danke schon jetzt für eine hoffentlich positive Rückmeldung! |
|
19.07.2012, 06:15
| #4 | ||
| /// Helfer-Team | GVU/BKA Trojaner entfernt und jetzt? Systemreinigung und Prüfung: 1. Zitat:
► Falls Du doch es behalten möchtest: Stelle bitte den TeaTimer ab: Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident. Deaktiviere hier den "Resident TeaTimer aktiv". (Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben! 2. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2011.06.21 22:14:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.21 22:14:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.21 22:14:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.21 22:14:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.21 22:14:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2012.07.17 20:13:08 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1600336387-3074769339-1932291018-1000UA.job
[2012.07.15 16:13:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1600336387-3074769339-1932291018-1000Core.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!) - zeitweise kontrollieren: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 4. reinige dein System mit CCleaner:
5. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 6. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
19.07.2012, 22:12
| #5 |
| | GVU/BKA Trojaner entfernt und jetzt? Hallo Kira, vielen Dank für deine Rückmeldung. Hier nochmal meine: 1. erledigt (Spybot) - welche Alternative empfiehlst du bei Deinstallation? 2. OTL-Fix erledigt Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1600336387-3074769339-1932291018-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1600336387-3074769339-1932291018-1000Core.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Marc\Desktop\cmd.bat deleted successfully.
C:\Users\Marc\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marc
->Temp folder emptied: 23928 bytes
->Temporary Internet Files folder emptied: 2903957 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54832671 bytes
->Flash cache emptied: 776 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57777 bytes
RecycleBin emptied: 781493 bytes
Total Files Cleaned = 56,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07192012_211840
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
4. Mit CC-Cleaner 1 x gereinigt Den Registry Clean musste ich 3 x machen bis keine Fehler mehr kamen 5. Ext. Datenträger prüfe ich in Kürze 6. Der ESET Online Scanner hat keine befallenen Dateien mehr gefunden Abschließend denke ich das alles wieder sauber ist und der Fehler ist ja auch weg - es sei denn dir fällt noch etwas auf oder ein . Vielen Dank also nochmal für deine tolle Unterstützung!!!  |
|
20.07.2012, 06:42
| #6 | |||
| /// Helfer-Team | GVU/BKA Trojaner entfernt und jetzt?Zitat:
** Lass dein System in der nächste Zeit noch unter Beobachtung! 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ --> GVU/BKA Trojaner entfernt und jetzt? |
|
| Themen zu GVU/BKA Trojaner entfernt und jetzt? |
| aktuell, angezeigt, bereinigt, blieb, document, entfernt, fehlermeldung, frage, fragen, gesperrt, google earth, gvu/bka, hallo zusammen, herunterfahren, hilfe!, install.exe, interne, internetverbindung, jdownloader, langs, microsoft office word, neustart., nexus, nvidia update, online, plug-in, richtlinie, safer networking, scan, searchscopes, sperre, sperren, taskhost.exe, taskmanager, troja, trojaner, verbindung, virus, visual studio, zusammen |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse. 
Hybrid-Darstellung
