| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Incredibar löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.07.2012, 13:34
| #1 | |
| |  Incredibar löschen Ich habe mir über Softonic den Incredibar Trojaner gefangen und habe wie beschrieben die Malware laufen lassen hier ist jetzt der dazugehörige Bericht Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.06.05 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 JDL :: JDL-PC [Administrator] Schutz: Aktiviert 06.07.2012 14:15:14 mbam-log-2012-07-06 (14-15-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 192963 Laufzeit: 8 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\JDL\AppData\Local\Temp\1491619.Uninstall\Uninstall.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\JDL\AppData\Local\Temp\is1293846689\IWantThisAD_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\JDL\AppData\Local\Temp\is-IE9IJ.tmp\rkverify.exe (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\JDL\Downloads\SoftonicDownloader_fuer_ulead-gif-animator(1).exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\JDL\Downloads\SoftonicDownloader_fuer_ulead-gif-animator.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hier die OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 06.07.2012 14:47:59 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\JDL\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,68% Memory free 5,98 Gb Paging File | 4,44 Gb Available in Paging File | 74,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,97 Gb Total Space | 108,53 Gb Free Space | 23,96% Space Free | Partition Type: NTFS Computer Name: JDL-PC | User Name: JDL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.06 14:37:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JDL\Downloads\OTL.exe PRC - [2012.06.23 13:36:15 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe PRC - [2012.06.21 07:16:14 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.06.06 09:16:00 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\JDL\AppData\Local\Akamai\netsession_win.exe PRC - [2012.05.22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.05.09 22:41:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 22:41:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 22:41:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 22:41:35 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.15 05:13:20 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.02.15 05:12:48 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2007.08.17 11:50:00 | 000,483,144 | ---- | M] (Corel, Inc.) -- C:\Programme\Corel\Corel MediaOne\Corel Photo Downloader.exe PRC - [2007.08.02 21:08:00 | 000,095,504 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2012.06.23 13:36:15 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll MOD - [2012.06.21 07:16:13 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.13 19:40:52 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\961b28b18dc304d4434ca9938abd1d60\WindowsFormsIntegration.ni.dll MOD - [2012.06.13 18:25:02 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012.06.13 18:24:48 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll MOD - [2012.06.13 18:24:29 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.13 18:24:21 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.06.13 18:24:14 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll MOD - [2012.05.10 11:40:51 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll MOD - [2012.05.10 10:08:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll MOD - [2012.05.10 10:08:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 10:07:30 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012.05.10 10:07:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.10 10:07:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.10 10:07:18 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.10 10:07:09 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.02.14 22:13:24 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.11.09 09:55:02 | 000,016,384 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 10:47:12 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2007.08.02 21:07:56 | 000,034,064 | ---- | M] () -- C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.23 13:36:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.21 07:16:13 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.10 15:35:59 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai) SRV - [2012.06.06 09:16:00 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.09 22:41:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.09 22:41:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.15 05:12:48 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.05.09 22:41:35 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 22:41:35 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.03.25 16:57:11 | 000,214,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink (TM) DRV - [2012.02.15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.02.15 04:12:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.12.05 21:47:16 | 000,086,032 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.17 22:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6PQCDz1tnW&i=26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 87 E5 DF 8C 0A CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&tt=050412_30b&babsrc=SP_ss&mntrId=62e084e300000000000000262d78e40a IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6PQCDz1tnW&i=26 IE - HKCU\..\SearchScopes\{F10F55C7-0702-4699-9241-182E0028AB20}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=ECF68516-9830-4097-AA1C-026C6A5B6EBE&apn_sauid=41435B0A-7561-47CE-A9B1-D3B8B59BEF21 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.meerschweinchenzucht-spessartzwerge.de/" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6PQCDz1tnW&&i=26&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.07.06 13:31:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 07:16:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 07:16:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.21 07:16:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.25 15:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JDL\AppData\Roaming\mozilla\Extensions [2012.07.06 13:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JDL\AppData\Roaming\mozilla\Firefox\Profiles\k9b2449c.default\extensions [2012.03.29 20:21:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\JDL\AppData\Roaming\mozilla\Firefox\Profiles\k9b2449c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.06.26 07:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.25 17:37:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.26 07:31:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.07.06 13:31:14 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.03.25 20:39:28 | 000,626,986 | ---- | M] () (No name found) -- C:\USERS\JDL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K9B2449C.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI [2012.05.17 18:46:39 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\JDL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K9B2449C.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.06.21 07:16:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.21 07:16:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.09 12:22:37 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.06.21 07:16:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.21 07:16:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 07:16:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 07:16:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 07:16:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\JDL\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - Startup: C:\Users\JDL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B080F46B-63E3-4BEC-8F05-A6BD5F052E57}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\RunGame.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.06 14:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.06 14:14:31 | 000,000,000 | ---D | C] -- C:\Users\JDL\AppData\Roaming\Malwarebytes [2012.07.06 14:14:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.06 14:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.06 14:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.06 14:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.06 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012.07.06 12:56:48 | 000,000,000 | ---D | C] -- C:\Windows\Noslip [2012.07.05 21:35:46 | 000,000,000 | ---D | C] -- C:\Users\JDL\AppData\Local\Microsoft_Corporation [2012.06.26 07:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.06.26 07:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.12 15:59:29 | 000,000,000 | ---D | C] -- C:\Users\JDL\AppData\Local\Diagnostics [2012.06.10 23:11:00 | 000,000,000 | ---D | C] -- C:\Users\JDL\AppData\Local\Macromedia [2012.03.26 14:17:43 | 011,360,024 | ---- | C] (Tracker Software Products Ltd.) -- C:\Program Files\PDFXCview.exe ========== Files - Modified Within 30 Days ========== [2012.07.06 14:36:47 | 000,000,000 | ---- | M] () -- C:\Users\JDL\defogger_reenable [2012.07.06 14:36:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.06 14:35:20 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 14:35:20 | 000,014,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 14:32:33 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.06 14:32:33 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.06 14:32:33 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.06 14:32:33 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.06 14:27:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.06 14:27:49 | 2406,875,136 | -HS- | M] () -- C:\hiberfil.sys [2012.07.06 13:31:19 | 000,000,698 | ---- | M] () -- C:\user.js [2012.07.06 12:56:56 | 000,000,024 | ---- | M] () -- C:\Windows\System32\Kene32.uns [2012.07.06 12:54:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.07.06 12:54:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.07.05 21:26:23 | 000,007,666 | ---- | M] () -- C:\Users\JDL\AppData\Local\Resmon.ResmonCfg [2012.06.13 18:22:11 | 000,442,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.06 14:36:47 | 000,000,000 | ---- | C] () -- C:\Users\JDL\defogger_reenable [2012.07.06 12:56:56 | 000,000,024 | ---- | C] () -- C:\Windows\System32\Kene32.uns [2012.07.06 12:54:03 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012.07.06 12:54:03 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012.07.06 11:51:29 | 000,032,960 | ---- | C] () -- C:\Users\JDL\Documents\avgr45w-webfont.ttf [2012.07.05 21:26:23 | 000,007,666 | ---- | C] () -- C:\Users\JDL\AppData\Local\Resmon.ResmonCfg [2012.04.06 20:01:43 | 000,023,552 | ---- | C] () -- C:\Users\JDL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.26 21:23:49 | 1799,350,784 | ---- | C] () -- C:\Windows\System32\MAESTIA_SETUP-1.bin [2012.03.26 21:22:54 | 1257,667,440 | ---- | C] () -- C:\Windows\System32\MAESTIA_SETUP-2.bin [2012.03.26 14:35:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.03.25 15:39:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.02.15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.02.14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat ========== LOP Check ========== [2012.04.09 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\JDL\AppData\Roaming\Babylon [2012.04.09 12:34:18 | 000,000,000 | ---D | M] -- C:\Users\JDL\AppData\Roaming\Canon [2012.07.06 14:04:09 | 000,000,000 | ---D | M] -- C:\Users\JDL\AppData\Roaming\FileZilla [2012.05.26 17:02:40 | 000,000,000 | ---D | M] -- C:\Users\JDL\AppData\Roaming\Gruen-Development [2012.07.06 10:41:05 | 000,000,000 | ---D | M] -- C:\Users\JDL\AppData\Roaming\IrfanView [2012.03.26 14:26:24 | 000,000,000 | ---D | M] -- C:\Users\JDL\AppData\Roaming\Leawo [2012.03.30 10:48:33 | 000,000,000 | ---D | M] -- C:\Users\JDL\AppData\Roaming\Notepad++ [2012.03.25 15:58:43 | 000,000,000 | ---D | M] -- C:\Users\JDL\AppData\Roaming\Thunderbird [2012.03.26 21:37:30 | 000,000,000 | ---D | M] -- C:\Users\JDL\AppData\Roaming\Ulead Systems [2012.04.15 18:21:20 | 000,000,000 | ---D | M] -- C:\Users\JDL\AppData\Roaming\Vso [2012.06.25 17:48:33 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Und die Extra TextdokumenteOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.07.2012 14:47:59 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\JDL\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,68% Memory free
5,98 Gb Paging File | 4,44 Gb Available in Paging File | 74,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,97 Gb Total Space | 108,53 Gb Free Space | 23,96% Space Free | Partition Type: NTFS
Computer Name: JDL-PC | User Name: JDL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0506EACB-D4C6-487E-8DD4-BCB6D0C50C80}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16E9D786-66A1-4CF9-B05B-65D1A4695197}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2B5C3F8A-3438-4838-AC2D-584CE5DC1568}" = rport=445 | protocol=6 | dir=out | app=system |
"{309C9074-12DD-423C-9412-0F3EC5A8A502}" = rport=137 | protocol=17 | dir=out | app=system |
"{423415A5-3C60-4E01-B3E0-3302DA5A8BA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E71B7CE-7860-46B3-88AC-BE99A1E6238A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FA64ACD-9A40-4733-81B8-0E81CB818A1F}" = lport=138 | protocol=17 | dir=in | app=system |
"{5588D275-CDF5-4F4E-A602-28D490916BCF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C2EADC9-C03B-4DF3-A0EF-16D7985AD25A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5D6D6094-0BCB-4A0A-8929-5C8E4C67CB81}" = rport=10243 | protocol=6 | dir=out | app=system |
"{70D0F6CE-911D-486E-BCA6-CDAEF5DF656B}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A54A52D-A45D-4943-8441-38AB54504DC1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9EB6048B-A58D-4CB7-8650-BC5244977A9F}" = lport=139 | protocol=6 | dir=in | app=system |
"{A01E135B-323D-45A0-BC50-DF5243AC2130}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A4A96B46-0A58-47B8-A037-F63F2445DAFE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{AEF2812C-251A-4DA2-9B25-E825B8D514A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B440F944-4CE3-46A5-8ADC-998FBB28519F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C841010C-4972-4F0E-A09A-E00C7A6C572A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1174E79-7D48-4703-B1EB-9F1571E6F7EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5591519-0794-4B7E-BC80-1BE1A121AC11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA8D97C9-DB09-4CB7-B933-2E5FC66A0188}" = rport=139 | protocol=6 | dir=out | app=system |
"{DFF8C539-FA5B-422B-ADD1-3DAEAB03410E}" = rport=138 | protocol=17 | dir=out | app=system |
"{F3EEF58E-0EEA-4BBD-9135-A2068F0E993D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFB124DD-45D4-440B-B1A7-0F7A09D6200E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AFAE239-AD51-44DB-965C-956C272DEE1C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21307FFD-CCA9-4B93-9681-8DEFD7CF9028}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B1209E3-A817-422B-A4ED-EB39873E42CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2ED96B6B-EC33-495C-AF12-0F022BC7974E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40FB6B64-2C1D-4599-BE19-7B8B2E719785}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43D49E0B-5F85-44AA-8D4D-6B59BA43040E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6A6FC631-447C-419C-9664-ACE1477C573D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6D4DCCB6-4353-4872-AC7B-A2AA787F7442}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F281E81-467C-41EF-A8B2-998DA1146355}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8202E97D-176D-40EC-8527-CF0CE39BDA34}" = protocol=6 | dir=in | app=c:\users\jdl\appdata\local\akamai\netsession_win.exe |
"{829DAD24-5D4F-44C9-936E-54D540A2CE79}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8831BFDF-0021-4B52-96D1-1F1BFD3F2103}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8FFD8D91-21E4-44C0-B44F-10933C1FC834}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9981F8E3-271B-4E05-81B0-6EB48D9F2A94}" = protocol=17 | dir=in | app=c:\users\jdl\appdata\local\akamai\netsession_win.exe |
"{9DD0D17D-313D-4842-8729-97C3C7FC939C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5E38E8B-0DB4-40DE-A339-B18CFA212C33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A6A0CE7A-F8E6-45D6-AB99-6221CD912091}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BC7DB7DF-526B-469F-A5DF-A693E13D22B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BE059A6F-1763-4A0C-9E13-723E485AA921}" = protocol=6 | dir=out | app=system |
"{D218CD54-4B37-4A47-97D1-45116ED825FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1E651BE-502F-4472-96D2-1B58E11D0649}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F61FD2D1-62F1-4D83-AA01-BF4091D003FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE3487D0-7749-4D2E-AD84-D81C9EBAB73F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{0207D0FB-9869-45A6-9574-EB48DD8B0C16}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"TCP Query User{7B4BF58C-4A39-46CA-BA6A-EBF30CBBE77E}C:\users\jdl\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jdl\appdata\local\akamai\netsession_win.exe |
"TCP Query User{90F9AEDA-D4FC-4E9A-86BA-00972CE9134F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{ACF425B0-2BFE-4A18-B1A9-90AD7BEDC14F}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{C7707362-9ED3-43B7-95A1-79F1607D6E00}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{1A0620B8-E1B5-44CD-ABF5-61711ECA8B66}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{3BD2B7CF-9EC4-44A8-9A0D-7CB2AD544CCE}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"UDP Query User{777A8E4A-8BB5-4A72-A6C6-27BAEE0945A9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{8A8E1FF1-49CF-48EA-8394-E5A0558B81DA}C:\users\jdl\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jdl\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BC1D79A1-DCE2-4C0E-82FD-A72973C72165}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{05DCB19F-234A-7E88-522D-4C90F3D501EE}" = CCC Help Chinese Standard
"{0825DB8F-54A6-1964-3E8E-D9548777447E}" = CCC Help Greek
"{0B0116D6-60DD-9DDB-39A3-B9E82EB82FFA}" = CCC Help Finnish
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0D6F13C8-83EE-5B1E-AFA2-D048118F8E17}" = CCC Help Swedish
"{0E9E7F27-15EA-C664-796F-BF0B51FAA8D2}" = CCC Help Danish
"{1204BC47-3822-B05A-ED32-987F3653A954}" = Catalyst Control Center Graphics Previews Common
"{1577F264-A7FC-5A53-823B-D1EDF32D611D}" = CCC Help Japanese
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26C5D4C6-E7EC-64B2-E119-549D9B271820}" = CCC Help Turkish
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28241D8C-C149-57A3-9659-6C1C2F3588C5}" = CCC Help Czech
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{32C09AEA-BCAE-4595-0A9E-1DA30A0CA936}" = CCC Help English
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.458
"{3880E12E-99E8-0191-B947-498F87E360E1}" = CCC Help Korean
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3C8BD1B0-5E91-573D-A5F5-B80430D30436}" = CCC Help Spanish
"{4026AEE5-528D-72E8-9A23-C51C7EBCB124}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8FD0B6-CFC9-E468-357C-E6EAA83EE2EB}" = CCC Help German
"{53A5DF5E-E0B2-64D7-9908-500B590B0C7F}" = CCC Help Polish
"{59C45031-B4B1-EAA3-01B3-23FF59A1DDB5}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A0F8AC-61F6-4C86-D448-7EB8C066A0F3}" = CCC Help French
"{75430901-2556-AAAF-C31A-CB35BEE5DB71}" = CCC Help Hungarian
"{782DADC3-C885-4572-8F6A-675304CA8782}" = ccc-utility
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" = Leawo AVI Converter version 5.0.0.0
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{84D08012-6671-406E-94E5-6EC55D20732E}" = AMD Accelerated Video Transcoding
"{8651BEDC-F331-8263-B856-696194F55B9A}" = CCC Help Russian
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8D4F1C64-4E17-9532-E0DC-A08E2A7A7502}" = CCC Help Chinese Traditional
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9071E805-03C7-BE11-430A-715ED82145A0}" = AMD Media Foundation Decoders
"{9BCA07A1-B626-0AFE-9D04-66C5E75AB15A}" = AMD Catalyst Install Manager
"{9FD17B01-2356-455D-5397-1BED89DFA07F}" = CCC Help Dutch
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB87040F-C72D-69D8-356B-F7ABE8FD792E}" = CCC Help Portuguese
"{C4625A3D-F9A3-D5F4-F60F-2BB24DCC1C01}" = Catalyst Control Center
"{C9CF43F4-CFFA-629E-C2EF-D5F330D593F4}" = Catalyst Control Center InstallProxy
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{DAB027A8-C68A-3D72-74F9-4F4A9FA0D61C}" = AMD Drag and Drop Transcoding
"{DFDDBC6C-54F0-A526-40C5-E3DC41BD4098}" = CCC Help Italian
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F06119B1-23C6-8EB7-D8B9-1EDBAC8B254A}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.0.11
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"61240c64869513c2" = Napster Download Manager
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.06.2012 08:34:29 | Computer Name = JDL-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x0016b4bd ID des fehlerhaften Prozesses: 0x14e4 Startzeit der fehlerhaften Anwendung:
0x01cd4d468efd7b55 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
f2215c7e-b941-11e1-b20c-00262d78e40a
Error - 21.06.2012 17:36:27 | Computer Name = JDL-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x001d4a67 ID des fehlerhaften Prozesses: 0xfc Startzeit der fehlerhaften Anwendung:
0x01cd4fe959c43012 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
279e68b6-bbe9-11e1-8733-00262d78e40a
Error - 23.06.2012 07:11:35 | Computer Name = JDL-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x0016b4bd ID des fehlerhaften Prozesses: 0xb88 Startzeit der fehlerhaften Anwendung:
0x01cd5130e60233ac Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
31811034-bd24-11e1-bccc-00262d78e40a
Error - 26.06.2012 05:51:06 | Computer Name = JDL-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pdf24-Editor.exe, Version: 4.6.0.0,
Zeitstempel: 0x4fbb3338 Name des fehlerhaften Moduls: pdf24-Editor.exe, Version:
4.6.0.0, Zeitstempel: 0x4fbb3338 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002d735
ID
des fehlerhaften Prozesses: 0xc20 Startzeit der fehlerhaften Anwendung: 0x01cd537c698bb12f
Pfad
der fehlerhaften Anwendung: C:\Program Files\PDF24\pdf24-Editor.exe Pfad des fehlerhaften
Moduls: C:\Program Files\PDF24\pdf24-Editor.exe Berichtskennung: 72921310-bf74-11e1-b64c-00262d78e40a
Error - 03.07.2012 08:16:01 | Computer Name = JDL-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 13.0.1.4548,
Zeitstempel: 0x4fda6075 Name des fehlerhaften Moduls: MSVCR71.dll, Version: 7.10.3052.4,
Zeitstempel: 0x3e561eac Ausnahmecode: 0xc0000005 Fehleroffset: 0x000128fe ID des fehlerhaften
Prozesses: 0x11c4 Startzeit der fehlerhaften Anwendung: 0x01cd5913daa593c4 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\MSVCR71.dll Berichtskennung: d9c5b6be-c508-11e1-870b-00262d78e40a
Error - 05.07.2012 01:24:04 | Computer Name = JDL-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 13.0.1.4548,
Zeitstempel: 0x4fda6075 Name des fehlerhaften Moduls: MSVCR71.dll, Version: 7.10.3052.4,
Zeitstempel: 0x3e561eac Ausnahmecode: 0xc0000005 Fehleroffset: 0x000128fe ID des fehlerhaften
Prozesses: 0x8c4 Startzeit der fehlerhaften Anwendung: 0x01cd5a6c0e070c53 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\MSVCR71.dll Berichtskennung: a278d44b-c661-11e1-b47b-00262d78e40a
Error - 05.07.2012 09:59:46 | Computer Name = JDL-PC | Source = Application Hang | ID = 1002
Description = Programm plugin-container.exe, Version 13.0.1.4548 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: e74 Startzeit: 01cd5ab4ee2b2d87 Endzeit: 16 Anwendungspfad:
C:\Program Files\Mozilla Firefox\plugin-container.exe Berichts-ID:
Error - 05.07.2012 10:17:51 | Computer Name = JDL-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Iedit_.exe, Version: 13.0.0.0, Zeitstempel:
0x47203be5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec49caf Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c33bb ID des fehlerhaften Prozesses:
0x1274 Startzeit der fehlerhaften Anwendung: 0x01cd5ab794b9fc14 Pfad der fehlerhaften
Anwendung: C:\Program Files\Corel\Ulead PhotoImpact X3\Iedit_.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 33c7844e-c6ac-11e1-8d1c-00262d78e40a
Error - 06.07.2012 08:41:05 | Computer Name = JDL-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.53.1 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1358 Startzeit:
01cd5b740e0faebe Endzeit: 10 Anwendungspfad: C:\Users\JDL\Downloads\OTL.exe Berichts-ID:
Error - 06.07.2012 08:45:30 | Computer Name = JDL-PC | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 5.9.0.123 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d08 Startzeit:
01cd5b72d86b65c1 Endzeit: 16 Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe
Berichts-ID:
[ System Events ]
Error - 03.07.2012 10:09:01 | Computer Name = JDL-PC | Source = bowser | ID = 8003
Description =
Error - 04.07.2012 12:56:40 | Computer Name = JDL-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.101 registriert werden. Der Computer mit IP-Adresse 192.168.2.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 05.07.2012 01:07:32 | Computer Name = JDL-PC | Source = bowser | ID = 8003
Description =
Error - 05.07.2012 01:55:37 | Computer Name = JDL-PC | Source = bowser | ID = 8003
Description =
Error - 05.07.2012 02:37:41 | Computer Name = JDL-PC | Source = bowser | ID = 8003
Description =
Error - 05.07.2012 04:51:28 | Computer Name = JDL-PC | Source = bowser | ID = 8003
Description =
Error - 05.07.2012 08:27:50 | Computer Name = JDL-PC | Source = bowser | ID = 8003
Description =
Error - 06.07.2012 03:04:06 | Computer Name = JDL-PC | Source = DCOM | ID = 10010
Description =
Error - 06.07.2012 03:04:27 | Computer Name = JDL-PC | Source = bowser | ID = 8003
Description =
Error - 06.07.2012 06:27:15 | Computer Name = JDL-PC | Source = bowser | ID = 8003
Description =
< End of report >
Ich wollte nun den hier angegebenen 2. Schritt durchführen, doch mir ist nun zweimal während des Scans durch GMER der PC komplett abgebrochen, beim ersten mal schon kurz nach dem start, beim zweiten mal lief der Scan schon gut 1,5 std., es kommt dann der blaue Bildschirmhintergrund (Windows7) mit der Meldung das zur Sicherheit vor Beschädigungen der PC runtergefahren wird, anschließend fährt er wieder hoch und es kommt die Auswahl in welchem Modus ich Windows 7 starten möchte (abgesicherter usw.) Zitat:
|
|
11.07.2012, 16:07
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Incredibar löschenZitat:
Irgendwie hast du dir selbst das Teil installiert, Software lädt man nicht von Softonic runter! Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
| Themen zu Incredibar löschen |
| administrator, anti-malware, appdata, autostart, branding, dateien, downloads, erfolgreich, explorer, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, install, install.exe, ip-adresse, langs, laufen, löschen, malware, microsoft, microsoft office word, minute, ntdll.dll, office 2007, plug-in, pup.adware.relevantknowledge, quarantäne, registrierung, searchscopes, softonic, software, speicher, temp, test, tracker, trojaner, uninstall.exe, version |
Linear-Darstellung
