| |
| |||||||
Log-Analyse und Auswertung: WIN 7 Home Premium GVU Trojaner mit Webcam-BildWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.07.2012, 13:55
| #1 |
| |  WIN 7 Home Premium GVU Trojaner mit Webcam-Bild Hallöchen, eine Freundin von mir hat sich anscheinend den GVU Trojaner eingefangen. Da ich nicht genau wusste um was es sich handelt, hab ich die aktuelle Desinfec't CD reingemacht, geupdated und durchlaufen lassen. Es wurde jedoch nur eine Datei von HP als bösartig identifiziert. Da ich noch nichts von diesem Board wusste, hab ich über andere Foren erfahren, dass man den Rechner in einen früheren Systemwiederherstellungspunkt laden, sowie Malwarebytes und ein Antiviren Programm (in diesem Fall Avast mit aktuellen Signaturen) drüber laufen lassen soll. Leider konnte nichts gefunden werden auf dem System. Ebenfalls hab ich Hijack This laufen lassen, den Log auswerten lassen und alle als schädlich eingestuften Einträge gelöscht. Das Problem ist, dass der Rechner zwar ins Windows startet, jedoch sich kein Browser öffnen lässt. Der GVU Trojaner taucht jedoch auch nicht mehr auf. Im Abgesicherten Modus lassen sich alle Browser öffnen. Jetzt hab ich von der OTL.exe gehört und die Auswertung im Abgesicherten Modus generieren lassen. Ich poste sie mal in der Hoffnung das mir, bzw. ihr, jemand helfen kann: OTL.txt: OTL logfile created on: 10.07.2012 14:21:37 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = F:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 3,08 Gb Available Physical Memory | 82,37% Memory free 7,49 Gb Paging File | 6,86 Gb Available in Paging File | 91,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282,01 Gb Total Space | 136,32 Gb Free Space | 48,34% Space Free | Partition Type: NTFS Drive D: | 15,78 Gb Total Space | 2,28 Gb Free Space | 14,42% Space Free | Partition Type: NTFS Drive E: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 14,90 Gb Total Space | 14,41 Gb Free Space | 96,71% Space Free | Partition Type: FAT32 Computer Name: ****** | User Name: ******i | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\OTL.com (OldTimer Tools) PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - c:\users\***~1\appdata\local\temp\teamviewer\version5\TeamViewer_Desktop.exe (TeamViewer GmbH) PRC - C:\Users\***~1\AppData\Local\Temp\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (WajamUpdater) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV - (RtVOsdService) -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FAD8BFD0-47B0-4A01-9C01-676B8F4180BD} IE:64bit: - HKLM\..\SearchScopes\{494F1A5D-6B87-4C45-84C2-A128D92711E9}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{681EB2BE-D97C-4D05-9412-A2BDC6DD4C2E}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{FAD8BFD0-47B0-4A01-9C01-676B8F4180BD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {FAD8BFD0-47B0-4A01-9C01-676B8F4180BD} IE - HKLM\..\SearchScopes\{494F1A5D-6B87-4C45-84C2-A128D92711E9}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{681EB2BE-D97C-4D05-9412-A2BDC6DD4C2E}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{FAD8BFD0-47B0-4A01-9C01-676B8F4180BD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={57FBD0B3-4490-4658-8085-58EA293DF196}&mid=90531576ff2147d08f0941b2e04805b4-995d9e17af9e5a5e68dc44b2869eedd73914d3dc&lang=en&ds=ft011&pr=sa&d=2012-07-10 12:43:19&v=11.1.0.12&sap=hp IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\SearchScopes\{494F1A5D-6B87-4C45-84C2-A128D92711E9}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\SearchScopes\{681EB2BE-D97C-4D05-9412-A2BDC6DD4C2E}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\SearchScopes\{79041748-814F-4529-BDB8-C16EFD377FAF}: "URL" = hxxp://yandex.ru/yandsearch?clid=143436&text={searchTerms} IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\SearchScopes\{89D3324F-ED2A-4995-BC0E-4C1926096711}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=38d4556b-5e24-4a63-8967-ec6ff522906e&apn_sauid=A88479BF-B7A1-427E-99FE-F7A4777BC3E4 IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={57FBD0B3-4490-4658-8085-58EA293DF196}&mid=90531576ff2147d08f0941b2e04805b4-995d9e17af9e5a5e68dc44b2869eedd73914d3dc&lang=en&ds=ft011&pr=sa&d=2012-07-10 12:43:19&v=11.1.0.12&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\SearchScopes\{FAD8BFD0-47B0-4A01-9C01-676B8F4180BD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\SearchScopes\Moikrug: "URL" = hxxp://moikrug.ru/persons/?clid=143436&charset=utf-8&keywords={searchTerms}&submitted=1 IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\SearchScopes\Yandex: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com?cid=%7Bfd4f87de-7215-40cd-b3fb-84c018aea681%7D&mid=90531576ff2147d08f0941b2e04805b4-995d9e17af9e5a5e68dc44b2869eedd73914d3dc&ds=ft011&v=11.1.0.12&lang=en&pr=sa&d=2012-07-10%2012%3A43%3A19&sap=hp" FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bfd4f87de-7215-40cd-b3fb-84c018aea681%7D&mid=90531576ff2147d08f0941b2e04805b4-995d9e17af9e5a5e68dc44b2869eedd73914d3dc&ds=ft011&v=11.1.0.12&lang=en&pr=sa&d=2012-07-10%2012%3A43%3A19&sap=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.01.25 22:31:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.08 20:04:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.10 12:43:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.09 09:49:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.09 00:23:15 | 000,000,000 | ---D | M] [2011.10.06 14:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******i\AppData\Roaming\mozilla\Extensions [2012.07.10 12:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******i\AppData\Roaming\mozilla\Firefox\Profiles\wxknut7p.default\extensions [2011.12.12 23:08:35 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******i\AppData\Roaming\mozilla\Firefox\Profiles\wxknut7p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.09 00:23:15 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\******i\AppData\Roaming\mozilla\Firefox\Profiles\wxknut7p.default\extensions\software@loadtubes.com [2012.07.08 21:14:05 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\******i\AppData\Roaming\mozilla\Firefox\Profiles\wxknut7p.default\extensions\toolbar@ask.com [2012.06.09 18:20:43 | 000,000,000 | ---D | M] (ЯндекÑ.Бар) -- C:\Users\******i\AppData\Roaming\mozilla\Firefox\Profiles\wxknut7p.default\extensions\yasearch@yandex.ru [2012.07.09 23:41:33 | 000,002,413 | ---- | M] () -- C:\Users\******i\AppData\Roaming\Mozilla\Firefox\Profiles\wxknut7p.default\searchplugins\askcom.xml [2012.04.08 00:00:46 | 000,002,167 | ---- | M] () -- C:\Users\******i\AppData\Roaming\Mozilla\Firefox\Profiles\wxknut7p.default\searchplugins\ybqs-yandex.xml [2012.07.09 09:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.03 11:01:22 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2012.07.08 20:04:54 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.07.10 12:43:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12 [2012.07.10 12:43:12 | 000,036,333 | ---- | M] () (No name found) -- C:\USERS\******I\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXKNUT7P.DEFAULT\EXTENSIONS\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.18 14:43:36 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.10 12:43:14 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: No name found = C:\Users\******i\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\ CHR - Extension: No name found = C:\Users\******i\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\******i\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\******i\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: No name found = C:\Users\******i\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: No name found = C:\Users\******i\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcpopggjcjkiicpenikeogioednjeac\1.2.118_0\ CHR - Extension: No name found = C:\Users\******i\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\******i\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\******i\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-312950599-2391981125-4048363924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5853C1BE-DB78-4EA6-91A5-5A3ABA0C2E1F}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.10 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\******i\Desktop\OTH [2012.07.10 12:43:28 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\AVG Secure Search [2012.07.10 12:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012.07.10 12:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012.07.10 12:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012.07.10 12:42:45 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam [2012.07.10 12:42:43 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\Wajam [2012.07.10 12:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam [2012.07.09 09:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.07.09 02:10:27 | 000,000,000 | ---D | C] -- C:\Geld [2012.07.09 02:02:48 | 000,000,000 | ---D | C] -- C:\Identität [2012.07.09 02:01:16 | 000,000,000 | ---D | C] -- C:\UniScheiß [2012.07.09 00:23:15 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Roaming\convert [2012.07.08 21:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.07.08 21:28:01 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.07.08 21:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.08 21:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.08 20:20:15 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Roaming\TeamViewer [2012.07.08 20:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.07.08 20:00:16 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Roaming\Malwarebytes [2012.07.08 20:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.08 20:00:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.08 20:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.08 19:28:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.07.08 19:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.07.08 18:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.07.08 18:14:52 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Roaming\TestApp [2012.07.08 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{C2DC897F-3C50-4892-B947-146F6F69DF66} [2012.07.08 18:11:08 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{A9E49D41-122B-46FF-9964-880DAB47EDE7} [2012.07.08 01:48:12 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Roaming\Avira [2012.07.08 01:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.08 01:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.07.08 01:12:00 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\APN [2012.07.08 01:11:45 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.08 01:11:44 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.08 01:11:44 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.08 01:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.08 01:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.07.08 00:50:57 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{DD0DA26F-DEF8-4FCC-BD05-F834C7C92294} [2012.07.08 00:49:17 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{CCE63CC0-BFB3-4D93-8370-95E13865BC89} [2012.07.08 00:36:45 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{1256E9DA-F34A-4387-A9E4-4A121C682DBA} [2012.07.07 23:58:49 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.07.07 12:30:33 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{68CCBA49-1BED-4B79-B317-1327D737E03E} [2012.07.06 13:02:55 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{9F4D00A7-666A-46B9-BB55-84642F47D308} [2012.07.05 23:54:21 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{26D3C09E-730B-4E3A-9F1E-D29DFEFD7006} [2012.07.05 17:54:30 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Roaming\DivX [2012.07.05 11:53:51 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{22028661-A0C2-4F10-B37D-E40A97AE1324} [2012.07.05 11:52:59 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{AF3200D0-C003-412D-839C-F5170F7E42A5} [2012.07.04 18:29:11 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{FAA28DA8-9EE5-4177-A0DA-342FBD690AC5} [2012.07.04 18:28:39 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{74497D37-25FA-4A55-B2DB-C076C9CA0293} [2012.07.03 22:58:24 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{92550980-6063-48A0-9AE4-FEDAF73EFC13} [2012.07.03 22:58:12 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{B54BCD30-77C5-4F77-9F2D-B419B2D1D8D8} [2012.07.03 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Roaming\Nitro PDF [2012.07.03 22:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF [2012.07.03 22:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF [2012.07.03 22:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF [2012.07.03 22:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF [2012.07.03 22:27:44 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Roaming\Downloaded Installations [2012.07.03 11:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.07.03 11:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar [2012.07.03 11:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.07.03 10:57:30 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{E1122081-1657-4DAD-B2F4-B00B0F42B05B} [2012.07.03 10:56:52 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{8163D21A-D96F-42BC-A2D3-B0A33DD0B021} [2012.07.02 20:55:31 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{9CA3B3CE-92FB-4ABE-B1E4-159D39513502} [2012.07.02 20:55:03 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{39EAFB17-F196-4D6D-BB89-9364F90CAAFF} [2012.07.02 08:54:32 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{24B06A80-1BE3-4B6A-A253-30A83F2EFA72} [2012.07.02 08:53:36 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{2DB8953B-3564-465A-B240-73BF60AE6AC5} [2012.07.01 16:57:25 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{A5B3219B-2748-431A-A6A7-C133DE010E6E} [2012.07.01 16:56:49 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{133EB800-E501-4628-9C79-B586D6EA191C} [2012.06.30 14:16:48 | 000,000,000 | ---D | C] -- C:\Users\******i\Documents\Citavi 3 [2012.06.30 13:17:24 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{2FB837B5-FC8E-4C68-B2F2-B1C25A65E823} [2012.06.30 13:16:56 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{86877870-260D-4603-B7FD-C3918D145757} [2012.06.30 01:16:22 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{C31D0D61-1D0E-4D18-A525-5B0B43D91D06} [2012.06.30 01:15:49 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{76AA047B-D4B3-4D5E-9F28-EA6EA5619B2B} [2012.06.29 10:57:18 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{6C16CD26-7565-4D28-80DF-3B37310AF46F} [2012.06.29 10:56:31 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{4DD201F5-C493-4195-AE45-A1A98A1AB74B} [2012.06.28 12:08:32 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{EF8B2FE9-0B2D-452C-88AF-1B09FE8AF32C} [2012.06.28 12:07:50 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{A4129C6D-4B87-4F60-91D1-89B774A2F1D5} [2012.06.27 22:05:49 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{E0F39080-213C-46C6-B2BA-ECA6C4F25288} [2012.06.27 10:05:22 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{7ACC9CB9-8891-4FC6-BEBC-00230541EFC4} [2012.06.27 10:04:54 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{C85C2872-F2C2-4C86-B57D-94E53C499D77} [2012.06.26 21:50:12 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{F72D7F94-8DFA-4FF0-8024-907D1D33D811} [2012.06.26 21:49:30 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{1512870A-F508-4FBB-81F2-C19791294DCF} [2012.06.26 09:48:58 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{763BB805-8CFD-4AEB-B8A1-103FC59E2D7D} [2012.06.26 09:48:26 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{7AB2E7AB-8C4B-4908-B1D9-874CCEB88278} [2012.06.25 20:58:44 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{A0A6FAFE-6C6D-41A3-A6D5-52BB3963F49E} [2012.06.25 20:58:14 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{67581415-3BB7-47E4-9B8D-91FD6D768159} [2012.06.25 08:57:48 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{0F6B89AE-9DD5-41DC-BA26-4D957C92A2CB} [2012.06.25 08:57:20 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{8DA2D7C0-C73B-4BD3-B5E5-50954433CF34} [2012.06.24 12:54:56 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{C4DD2F0B-C52B-4A5F-A7FE-A49A05A3AF51} [2012.06.24 12:54:43 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{0A62DA1F-5770-41C0-983D-EEB8F01F8043} [2012.06.24 00:54:12 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{CEECFDA0-E0BF-434B-897E-0C2B1F837CB2} [2012.06.23 21:58:45 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Roaming\com.goplayalong.41DF8ADAAE31CA841C48A6C358D6E3DCCEC38798.1 [2012.06.23 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guitar Explorer 1.0 [2012.06.23 21:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Explorer 1.0 [2012.06.23 21:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Explorer [2012.06.23 12:53:41 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{BF694A5C-3A6E-411D-928A-7EB5EAC4BC6D} [2012.06.23 12:52:38 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{0990C089-42FE-40A6-A574-EDBCE32BFD5C} [2012.06.22 11:22:44 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{365477CE-A842-41B1-8426-B64EE852C3C6} [2012.06.22 11:22:12 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{8239EA49-BF25-49EA-8589-A8C5ED0E985C} [2012.06.21 19:48:25 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{D9AA6171-098D-44CA-84B4-CAB2AE3B8F6F} [2012.06.21 19:48:14 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{D6B88E1B-5403-44DC-8E8F-09F19AB8912E} [2012.06.21 18:40:48 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.21 18:40:48 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.21 18:40:48 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.21 18:40:29 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.21 18:40:28 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.21 18:40:28 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.21 18:39:57 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.21 18:39:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.21 07:47:46 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{8213E696-50CB-4A34-A9C5-B95E481D42E4} [2012.06.20 18:18:13 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{20CE4953-1FD5-4902-B88B-9242C6B0D9D0} [2012.06.20 18:18:00 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{89D874A1-D4A6-44B3-86EA-207AE3C45AAB} [2012.06.19 22:51:08 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.06.19 22:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012.06.19 22:36:09 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{899FF9D8-A21B-4909-A151-2CA627CF5712} [2012.06.19 22:35:56 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{C9FE1266-2405-4D8C-A0EC-0764C68AE716} [2012.06.19 12:46:54 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{612F60C0-E941-4F65-9075-AA407BEA9F12} [2012.06.19 12:46:37 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{752CA206-4EB8-489E-A1D0-C43D19544DC4} [2012.06.18 06:26:32 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{ACC04C2F-B7A6-44EF-AB35-C0E736B70902} [2012.06.17 02:36:28 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{4236B12C-E933-4C13-8B23-33933397823A} [2012.06.15 22:38:23 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{4D97F249-3676-4DF6-B41C-7D97BE359089} [2012.06.15 01:01:51 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{93BF5717-9B1C-4C9B-8B7E-C2C88A2F1F15} [2012.06.15 01:01:41 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{7E47FD0C-93A4-4A7E-AC31-534603ADC8DE} [2012.06.14 11:46:31 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.14 11:46:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 11:46:07 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.14 11:45:59 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.14 11:45:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.14 11:45:52 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.14 11:45:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.14 11:45:50 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.14 11:45:50 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.14 11:45:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.14 11:45:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.14 11:45:45 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.14 11:45:27 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.14 11:45:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.14 11:45:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.14 11:45:12 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.14 11:44:55 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.14 11:44:51 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.14 11:35:07 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{0CBA71CC-2CBB-4DCA-9A7D-C11D7C5E1056} [2012.06.14 11:34:55 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{7437369E-2156-44D4-8A63-BEFFCDF29E0C} [2012.06.13 15:24:23 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{0844FF47-1956-47EF-870B-6BD380AFF557} [2012.06.13 15:24:12 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{0A7BE22F-581C-4185-B5EA-29EFAA0D4CA0} [2012.06.12 16:42:47 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{27689B1F-E063-4C7C-8C58-4D444A9B50CE} [2012.06.12 16:42:33 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{09CFFB43-F818-4FA3-86DD-D2AD9782700C} [2012.06.12 08:12:10 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{F0586DB4-B649-4C30-B7D6-D514BBC0A5AF} [2012.06.12 08:12:01 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{81EA55FA-39DD-4A81-955C-DF9E4004EEC3} [2012.06.11 12:17:23 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{E24A738E-CACA-406D-BFF1-6CC4BBF28869} [2012.06.11 12:17:11 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{70057184-44D2-4CA5-8A90-9ECD8E9BF9CE} [2012.06.11 08:22:03 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{C6260C9A-96DD-43B8-A478-CA5E0C39B3FA} [2012.06.11 08:21:52 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{57044225-8034-42F3-B1E7-F6A8FE8EF128} [2012.06.11 00:19:01 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{ADEAA00D-9351-465C-AFDE-124D7CBBEFE8} [2012.06.11 00:18:43 | 000,000,000 | ---D | C] -- C:\Users\******i\AppData\Local\{A9C3E3EB-E4D3-4AB5-8FFF-A8CC77FDF42E} [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\******i\Documents\*.tmp files -> C:\Users\******i\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.10 14:12:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.10 14:12:13 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2012.07.10 13:17:34 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 13:17:34 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 12:58:07 | 000,000,524 | ---- | M] () -- C:\Users\******i\Desktop\spywareDoctor9setup.exe.lnk [2012.07.10 12:49:43 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.10 12:49:43 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.10 12:49:43 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.10 12:49:43 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.10 12:49:43 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.10 12:49:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.10 12:45:20 | 000,000,733 | ---- | M] () -- C:\Users\******i\Desktop\Resume OTC download.lnk [2012.07.10 02:30:03 | 000,694,354 | ---- | M] () -- C:\Users\******i\Documents\PersönlichkeitspsychologieZusammenfassung.odt [2012.07.10 02:29:40 | 000,063,369 | ---- | M] () -- C:\Users\******i\Documents\ICF-Modell.png [2012.07.10 01:19:26 | 000,000,162 | -H-- | M] () -- C:\Users\******i\Documents\~$rsönlichkeitspsychologieZusammenfassung.odt [2012.07.09 21:10:50 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.07.09 09:49:28 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.08 21:26:54 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.08 20:05:08 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.07.08 20:05:07 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job [2012.07.08 20:05:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.07.08 01:12:44 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.07 22:24:28 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.07.03 15:12:33 | 000,004,636 | ---- | M] () -- C:\Users\******i\Documents\vklastfm.playlist [2012.07.02 00:31:58 | 001,746,322 | ---- | M] () -- C:\Users\******i\Documents\PsychiatriePrüfung2.pdf [2012.06.30 14:05:26 | 000,336,905 | ---- | M] () -- C:\Users\******i\Documents\nalogi.pdf [2012.06.30 11:18:44 | 003,516,152 | ---- | M] () -- C:\Users\******i\Documents\PsychiatriePrüfung.odt [2012.06.28 12:50:12 | 000,084,276 | ---- | M] () -- C:\Users\******i\Documents\Psychiatrie2.odt [2012.06.24 19:09:35 | 001,558,698 | ---- | M] () -- C:\Users\******i\Documents\PsychiatriePrüfung.pdf [2012.06.23 21:13:42 | 000,000,859 | ---- | M] () -- C:\Users\******i\Desktop\Guitar Explorer.lnk [2012.06.21 13:12:42 | 000,171,131 | ---- | M] () -- C:\Users\******i\Documents\Zwangsmassnahmen_und_Gewalt_in_der_Psychiatrie.pdf [2012.06.20 00:53:36 | 000,021,359 | ---- | M] () -- C:\Users\******i\Documents\mein protokoll.odt [2012.06.20 00:24:52 | 000,078,042 | ---- | M] () -- C:\Users\******i\Documents\Protokoll Kant Nr.4.pdf [2012.06.19 17:02:02 | 000,095,897 | ---- | M] () -- C:\Users\******i\Documents\Präsentation, Autonomie2.pdf [2012.06.19 01:34:54 | 000,014,729 | ---- | M] () -- C:\Users\******i\Documents\a.odt [2012.06.18 08:14:29 | 000,075,760 | ---- | M] () -- C:\Users\******i\Documents\HandoutAngst.pdf [2012.06.18 08:14:14 | 000,029,484 | ---- | M] () -- C:\Users\******i\Documents\HandoutAngst.odt [2012.06.18 00:36:37 | 000,027,512 | ---- | M] () -- C:\Users\******i\Documents\aaa.odt [2012.06.17 23:34:53 | 002,423,115 | ---- | M] () -- C:\Users\******i\Documents\Ansgstreferat_KOMPLETT.odp [2012.06.17 12:33:41 | 002,418,848 | ---- | M] () -- C:\Users\******i\Documents\Angstreferat.odp [2012.06.17 11:09:44 | 000,079,617 | ---- | M] () -- C:\Users\******i\Documents\BSu2A.png [2012.06.17 11:04:27 | 000,060,528 | ---- | M] () -- C:\Users\******i\Documents\BSU1a.png [2012.06.16 16:36:56 | 000,094,121 | ---- | M] () -- C:\Users\******i\Documents\BSU4.png [2012.06.16 16:27:54 | 000,093,887 | ---- | M] () -- C:\Users\******i\Documents\BSU3.png [2012.06.16 16:14:07 | 000,101,349 | ---- | M] () -- C:\Users\******i\Documents\BSU2.png [2012.06.16 15:58:07 | 000,124,572 | ---- | M] () -- C:\Users\******i\Documents\BSU1.png [2012.06.16 15:42:41 | 000,027,877 | ---- | M] () -- C:\Users\******i\Documents\BSU_Petermann_D7.pdf [2012.06.16 15:35:33 | 000,025,969 | ---- | M] () -- C:\Users\******i\Documents\D.odt [2012.06.15 22:56:51 | 000,000,162 | -H-- | M] () -- C:\Users\******i\Documents\~$D.odt [2012.06.15 00:59:37 | 000,304,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.14 15:45:46 | 000,071,052 | ---- | M] () -- C:\Users\******i\Documents\Präsentation, Autonomie 2.pdf [2012.06.14 15:42:05 | 000,027,516 | ---- | M] () -- C:\Users\******i\Documents\Präsentation, Autonomie.odt [2012.06.12 13:21:19 | 000,020,899 | ---- | M] () -- C:\Users\******i\Documents\diagnostik.odt [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\******i\Documents\*.tmp files -> C:\Users\******i\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.10 12:45:20 | 000,000,733 | ---- | C] () -- C:\Users\******i\Desktop\Resume OTC download.lnk [2012.07.10 01:19:26 | 000,000,162 | -H-- | C] () -- C:\Users\******i\Documents\~$rsönlichkeitspsychologieZusammenfassung.odt [2012.07.09 21:10:50 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.07.09 09:49:28 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.07.09 09:49:28 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.08 21:26:54 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.08 20:05:07 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job [2012.07.08 20:00:05 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.08 18:14:54 | 000,000,524 | ---- | C] () -- C:\Users\******i\Desktop\spywareDoctor9setup.exe.lnk [2012.07.08 01:12:44 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.05 17:54:01 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.07.02 00:31:52 | 001,746,322 | ---- | C] () -- C:\Users\******i\Documents\PsychiatriePrüfung2.pdf [2012.06.30 14:05:26 | 000,336,905 | ---- | C] () -- C:\Users\******i\Documents\nalogi.pdf [2012.06.27 01:19:46 | 000,694,354 | ---- | C] () -- C:\Users\******i\Documents\PersönlichkeitspsychologieZusammenfassung.odt [2012.06.26 00:32:16 | 000,084,276 | ---- | C] () -- C:\Users\******i\Documents\Psychiatrie2.odt [2012.06.24 19:09:28 | 001,558,698 | ---- | C] () -- C:\Users\******i\Documents\PsychiatriePrüfung.pdf [2012.06.23 21:13:42 | 000,000,859 | ---- | C] () -- C:\Users\******i\Desktop\Guitar Explorer.lnk [2012.06.23 19:28:42 | 003,516,152 | ---- | C] () -- C:\Users\******i\Documents\PsychiatriePrüfung.odt [2012.06.23 19:27:07 | 000,063,369 | ---- | C] () -- C:\Users\******i\Documents\ICF-Modell.png [2012.06.21 13:12:42 | 000,171,131 | ---- | C] () -- C:\Users\******i\Documents\Zwangsmassnahmen_und_Gewalt_in_der_Psychiatrie.pdf [2012.06.20 00:24:49 | 000,078,042 | ---- | C] () -- C:\Users\******i\Documents\Protokoll Kant Nr.4.pdf [2012.06.19 17:02:00 | 000,095,897 | ---- | C] () -- C:\Users\******i\Documents\Präsentation, Autonomie2.pdf [2012.06.18 08:11:24 | 000,075,760 | ---- | C] () -- C:\Users\******i\Documents\HandoutAngst.pdf [2012.06.18 00:36:35 | 000,027,512 | ---- | C] () -- C:\Users\******i\Documents\aaa.odt [2012.06.17 23:55:57 | 000,029,484 | ---- | C] () -- C:\Users\******i\Documents\HandoutAngst.odt [2012.06.17 21:09:56 | 002,423,115 | ---- | C] () -- C:\Users\******i\Documents\Ansgstreferat_KOMPLETT.odp [2012.06.17 12:33:38 | 002,418,848 | ---- | C] () -- C:\Users\******i\Documents\Angstreferat.odp [2012.06.17 11:09:44 | 000,079,617 | ---- | C] () -- C:\Users\******i\Documents\BSu2A.png [2012.06.17 11:04:27 | 000,060,528 | ---- | C] () -- C:\Users\******i\Documents\BSU1a.png [2012.06.16 16:36:56 | 000,094,121 | ---- | C] () -- C:\Users\******i\Documents\BSU4.png [2012.06.16 16:27:54 | 000,093,887 | ---- | C] () -- C:\Users\******i\Documents\BSU3.png [2012.06.16 16:14:07 | 000,101,349 | ---- | C] () -- C:\Users\******i\Documents\BSU2.png [2012.06.16 15:58:07 | 000,124,572 | ---- | C] () -- C:\Users\******i\Documents\BSU1.png [2012.06.16 15:42:41 | 000,027,877 | ---- | C] () -- C:\Users\******i\Documents\BSU_Petermann_D7.pdf [2012.06.15 22:56:51 | 000,000,162 | -H-- | C] () -- C:\Users\******i\Documents\~$D.odt [2012.06.15 19:28:42 | 000,025,969 | ---- | C] () -- C:\Users\******i\Documents\D.odt [2012.06.14 15:45:44 | 000,071,052 | ---- | C] () -- C:\Users\******i\Documents\Präsentation, Autonomie 2.pdf [2012.06.14 00:57:38 | 000,027,516 | ---- | C] () -- C:\Users\******i\Documents\Präsentation, Autonomie.odt [2012.06.12 17:34:37 | 000,021,359 | ---- | C] () -- C:\Users\******i\Documents\mein protokoll.odt [2012.06.12 13:14:03 | 000,020,899 | ---- | C] () -- C:\Users\******i\Documents\diagnostik.odt [2012.06.10 18:48:20 | 000,014,729 | ---- | C] () -- C:\Users\******i\Documents\a.odt [2011.12.09 11:14:38 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.24 22:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.24 22:29:18 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2010.09.24 22:28:28 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2010.09.24 22:28:28 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2010.09.24 22:26:23 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.07.20 13:47:35 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2010.07.20 12:57:16 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010.07.20 11:16:40 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini ========== LOP Check ========== [2012.03.12 19:55:22 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\Belastingdienst [2011.10.06 15:40:13 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.06.23 21:58:45 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\com.goplayalong.41DF8ADAAE31CA841C48A6C358D6E3DCCEC38798.1 [2012.07.09 00:23:15 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\convert [2012.07.03 22:27:44 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\Downloaded Installations [2011.12.12 23:08:41 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\DVDVideoSoft [2011.12.12 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.10 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\foobar2000 [2012.07.09 00:23:16 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\loadtbs [2012.07.06 20:03:44 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\Nitro PDF [2011.10.20 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\OpenOffice.org [2012.04.07 20:11:08 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\Opera [2012.07.10 01:19:28 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\SoftGrid Client [2012.06.30 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\Swiss Academic Software [2012.07.08 21:17:15 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\TeamViewer [2012.07.08 18:14:52 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\TestApp [2011.10.15 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\Tific [2011.12.09 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\TP [2012.05.29 18:32:06 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\VKDJ [2012.04.24 12:27:42 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\Windows Live Writer [2012.07.09 09:59:15 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\Yandex [2011.10.06 15:40:55 | 000,000,000 | ---D | M] -- C:\Users\******i\AppData\Roaming\_MDLogs [2012.07.08 20:05:07 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\avast! Emergency Update.job [2012.06.11 00:17:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012.02.26 11:40:53 | 000,269,204 | ---- | M] ()(C:\Users\******i\Documents\gesamt ??????????.pdf) -- C:\Users\******i\Documents\gesamt пуыуенигср.pdf [2012.02.26 11:40:53 | 000,269,204 | ---- | C] ()(C:\Users\******i\Documents\gesamt ??????????.pdf) -- C:\Users\******i\Documents\gesamt пуыуенигср.pdf ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp  FC5A2B2< End of report > Extras.txt: OTL Extras logfile created on: 10.07.2012 14:21:37 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = F:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 3,08 Gb Available Physical Memory | 82,37% Memory free 7,49 Gb Paging File | 6,86 Gb Available in Paging File | 91,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282,01 Gb Total Space | 136,32 Gb Free Space | 48,34% Space Free | Partition Type: NTFS Drive D: | 15,78 Gb Total Space | 2,28 Gb Free Space | 14,42% Space Free | Partition Type: NTFS Drive E: | 3,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 14,90 Gb Total Space | 14,41 Gb Free Space | 96,71% Space Free | Partition Type: FAT32 Computer Name: ****** | User Name: ****** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-312950599-2391981125-4048363924-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00B10A70-CF7C-418F-B936-C7B33996872B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{02316F2C-3DF9-4618-823A-FAB359E7C2D1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{0909953D-D91A-4FD4-A975-A0C77BDC07F9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{0B19F299-A8D0-4AE6-9200-F169496E534B}" = lport=139 | protocol=6 | dir=in | app=system | "{18B247C6-4D2D-4FCB-9267-31ED18944C88}" = rport=137 | protocol=17 | dir=out | app=system | "{24AB3EEA-A565-493E-8AAE-6F8B92EDD565}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2729E456-22D2-44F1-B8B4-19D14C54A575}" = rport=138 | protocol=17 | dir=out | app=system | "{2D9A6FFA-D37B-4A38-9D31-9F5DB6C6A0DA}" = lport=137 | protocol=17 | dir=in | app=system | "{3295057E-69C8-4844-AA89-21472A688479}" = lport=138 | protocol=17 | dir=in | app=system | "{48AE3184-ED5A-4260-8F14-9DAB85250EB0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{563E5D2A-110E-420D-9206-1E6ED5048356}" = rport=139 | protocol=6 | dir=out | app=system | "{5D55AB86-E14E-452E-BA2B-C9F3228C7B97}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{619F0587-4704-43A0-B700-68498110D15C}" = rport=10243 | protocol=6 | dir=out | app=system | "{65DD33CE-B428-4E53-B0C4-F20652076814}" = rport=445 | protocol=6 | dir=out | app=system | "{6DA7D441-04E3-4B5B-BD7D-98D43332D911}" = lport=445 | protocol=6 | dir=in | app=system | "{7263EAAC-53C6-4243-A8F7-2D387BC4AAA1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{97B698A6-E354-4ACB-88B7-B7637762F2F7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A42D4EDE-E3DC-4098-9530-881F150E99B9}" = lport=2869 | protocol=6 | dir=in | app=system | "{AD4E866B-20AB-440C-9DC1-6638AB7737A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B9DC32B3-8653-4977-8C6A-82E9C27EE472}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BCC55534-2A0C-4831-BDC1-BE16E4C41DAB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C147FACB-9E78-4054-B77A-3B6FBE6362F9}" = lport=2869 | protocol=6 | dir=in | app=system | "{C5F7CE67-2D88-4D54-B2A3-CF8DA68A85E7}" = lport=10243 | protocol=6 | dir=in | app=system | "{DD75BAF6-12C6-4014-B8D3-AF56DEC10FDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E4EB227D-FECE-4B16-B5EF-5B6094128DE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06724E63-DF93-4316-AB91-EB897DBBB37A}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{083B0C28-C040-46C5-9B44-EE0319C222AA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{10408137-9C88-408C-AB3D-86C2CA544EBE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{2498C2AC-BA44-43B3-BF34-AA8EBC86F42B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{291F3A08-BEA1-4E5B-9437-5F4F1BD012D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{32BF9054-91EA-4F2F-BCD8-AACE8DC44745}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{37F287EA-C5A9-4A5C-9305-5AB826F6F813}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{380C6C89-0B9B-4EC0-BDA7-7708CF4DF3DE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3DBED004-7C19-4188-A227-DCDF70F228F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4774B65E-2DA3-4BC2-927F-CFC880B5A9A4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{48297EDF-1A5E-41D5-A85F-6E553CF5225F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{60542C29-B614-475C-90E7-1A277C071BCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6A5DAB6A-13DE-4AFB-B309-DED3C004938B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6FCAB492-1338-4EA4-B0BF-8E5C46F88511}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7B8FF0CB-E011-4AB0-880C-0B574A43C19B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7DCAD77A-A4DF-4DAC-9294-ECF661D6E19F}" = protocol=6 | dir=out | app=system | "{8C699C97-B6B7-43EB-B266-3F2F6581CC79}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{8CA8C8F2-4050-438A-84F9-A5B344119F3E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{90CC2AE1-72D4-4AAC-AD88-27DAA1894D12}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B4F255B4-5334-4BDE-AD93-4C68829A3B64}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BF3E137B-B292-4755-A731-1538A74886D1}" = protocol=6 | dir=in | app=e:\alicecd.exe | "{CE22A2CE-C2CB-4BBA-91C2-0A841DF1E9E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D34655F5-4EA4-4A23-8252-01065633CD0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D40E8E0F-9B1F-47FE-A023-6F86326377D7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E32D84F7-7242-43A7-9D73-13AC3323422D}" = protocol=17 | dir=in | app=e:\alicecd.exe | "{EFF22BD2-1499-4024-93DE-B5A2E99145A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F255A92D-E899-4065-AC5F-ACFBF8E3EB35}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F836EC9D-071B-4C40-8EF1-A0BA0E30A2C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FA3FB06A-F0FC-403A-AB07-31D56DFC2F5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit) "{42081A74-B2BB-B64E-ABF5-9CEE13974355}" = ATI Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{E0A6C0AA-8580-82CF-3D5F-5F32F8DE9A01}" = ccc-utility64 "{E342EC6B-5F25-47FE-B92C-DE616149B430}" = HP Wireless Assistant "{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "R for Windows 2.15.0_is1" = R for Windows 2.15.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{093B1CF6-C00F-BD98-A8B7-C20D0AB36074}" = Catalyst Control Center Graphics Light "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D901B50-9D9C-64A2-136E-7CC4DD9FBDB4}" = CCC Help German "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{303D7F80-2108-9679-149F-64A7AEF13C26}" = CCC Help Czech "{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3B7301EA-5833-CDAC-E4A4-6442EEDEBD87}" = CCC Help Korean "{3CD48ADA-3A4F-999C-2BAA-64DF229FF839}" = CCC Help Turkish "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{553EFB44-564E-2F68-9A24-A59765B81000}" = CCC Help Russian "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{590E3295-A11B-4C9F-9F88-399397EE393D}" = YouTube Downloader Toolbar v6.0 "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{671BF921-422D-BA7E-5158-5264ACE51C9D}" = CCC Help Portuguese "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup "{7A65C27A-830B-77E6-43D1-52F236AF9A16}" = CCC Help Greek "{7F75DDF4-09D6-7ED2-8DA9-61F0B57FCF81}" = CCC Help Dutch "{8064A439-ACA7-3E32-3630-FC22155FEB4E}" = CCC Help English "{810005FC-9F35-5EAB-1479-B1E7DEAB44D5}" = CCC Help Norwegian "{820F8A24-8C77-3B64-D90A-C23D211BEDA9}" = Catalyst Control Center Graphics Previews Common "{825C4BE0-5C73-4B05-A0BC-CB16F0C100D3}" = HP Software Framework "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89C0094C-9508-6BE5-8445-4ADDC9BD2681}" = CCC Help Italian "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DAD8A5E-6B6A-C4DC-D2A7-02CD66702F31}" = Catalyst Control Center Core Implementation "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EEA74DA-5E7E-5E51-817C-FFAEACEBF3B3}" = CCC Help Chinese Traditional "{8F8EDCB5-1042-4598-D413-1DD04FC7EA27}" = CCC Help Hungarian "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{96EB53BC-8225-A97A-FF5C-B33F85DD5B86}" = CCC Help French "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DBDA769-3D13-095F-77BA-35AED9D54D4C}" = CCC Help Thai "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB418F5A-4AB2-999B-19EA-8BB9C311B70C}" = Catalyst Control Center Graphics Full Existing "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B360E24A-BF25-4353-AA79-1B54F509024A}" = HP Documentation "{BCE6F36E-4FA9-C700-CA8F-04EE0702FB32}" = CCC Help Spanish "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5755376-76B8-52F7-7357-3E7CA61C7168}" = CCC Help Finnish "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CA12CCA6-A4C8-5796-C29E-4ADA9E5DE596}" = Catalyst Control Center Graphics Previews Vista "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE0F869E-2504-4F92-2BD2-DD996E7010B7}" = CCC Help Danish "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2CB8122-63AF-D5C8-299F-C67A1EF343C3}" = CCC Help Polish "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{DEEF336C-5C79-3846-7AD1-7693CCA99659}" = CCC Help Chinese Standard "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E103722E-7E7F-5783-3685-DE7370908470}" = Catalyst Control Center InstallProxy "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6E7A082-A47D-7059-ACBD-36FDA02695EC}" = Catalyst Control Center Graphics Full New "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EF83E9E7-FFE9-B86A-94C9-95D8F5EF2320}" = Catalyst Control Center Localization All "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0CDD8A0-5E3B-F975-AA54-C725477E5067}" = ccc-core-static "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FD71BC19-4A59-75F5-E4EF-4AEC3E6BF12E}" = CCC Help Japanese "{FEC06A8C-01A7-5CF5-923F-CD2D34229E4B}" = CCC Help Swedish "7-Zip" = 7-Zip 9.20 "Aangifte voor buitenlandse belastingplichtigen 2011" = Aangifte voor buitenlandse belastingplichtigen 2011 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "avast" = avast! Free Antivirus "AVG Secure Search" = AVG Security Toolbar "Avira AntiVir Desktop" = Avira Free Antivirus "EasyBits Magic Desktop" = Magic Desktop "foobar2000" = foobar2000 v1.1.8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206 "Guitar Explorer 1.0" = Guitar Explorer 1.0 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "LastFM_is1" = Last.fm 1.5.4.27091 "loadtbs-2.1" = loadtbs-2.1 "loadtbs-3.0" = loadtbs-3.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "My HP Game Console" = HP Game Console "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "VkontakteDJ" = VkontakteDJ "VLC media player" = VLC media player 1.1.11 "Wajam" = Wajam "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-Bit) "WT087361" = FATE "WT087380" = John Deere Drive Green "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087420" = Agatha Christie - Death on the Nile "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087480" = Insaniquarium Deluxe "WT087485" = Jewel Quest II "WT087490" = Jewel Quest Solitaire "WT087501" = Plants vs. Zombies "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087519" = Wedding Dash "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-312950599-2391981125-4048363924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.05.2012 07:44:00 | Computer Name = ****** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 01.05.2012 07:44:21 | Computer Name = ****** | Source = Microsoft Office 14 | ID = 2001 Description = Error - 01.05.2012 08:50:41 | Computer Name = ****** | Source = Microsoft Office 14 | ID = 2001 Description = Error - 01.05.2012 08:55:44 | Computer Name = ****** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 01.05.2012 09:17:01 | Computer Name = ****** | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.0\Tcl\bin64\tk85.dll" in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig. Error - 01.05.2012 16:11:23 | Computer Name = ****** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 01.05.2012 16:11:32 | Computer Name = ****** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 01.05.2012 16:16:16 | Computer Name = ****** | Source = CVHSVC | ID = 100 Description = Nur zur Information. Too many failures while downloading ranges: 2 Error - 01.05.2012 16:19:28 | Computer Name = ****** | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed Error - 01.05.2012 16:21:31 | Computer Name = ****** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . [ Hewlett-Packard Events ] Error - 29.10.2011 11:13:21 | Computer Name = ****** | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/c875a3f4_416b_484b_8ff9_f9da4ead572f/jblxp5kz25frzjlnvolouitf_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String) Error - 07.01.2012 20:36:46 | Computer Name = ****** | Source = HPSF.exe | ID = 4000 Description = Error - 08.06.2012 10:08:55 | Computer Name = ****** | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Das Objekt "/6f4e4b98_edd9_4b67_b468_748583fe0381/wnjwhzd8qkpv+7pb09qpsvjj_5.rem" wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String) Error - 07.07.2012 18:37:42 | Computer Name = ****** | Source = HPSFMsgr.exe | ID = 2000 Description = [ HP Wireless Assistant Events ] Error - 06.10.2011 09:57:53 | Computer Name = ****** | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 06.10.2011 09:59:01 | Computer Name = ****** | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 06.10.2011 10:00:09 | Computer Name = ****** | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 06.10.2011 10:01:16 | Computer Name = ****** | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 06.10.2011 10:02:24 | Computer Name = ****** | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 06.10.2011 10:03:32 | Computer Name = ****** | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 12.05.2012 20:48:28 | Computer Name = ****** | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 07.07.2012 18:38:44 | Computer Name = ****** | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 07.07.2012 18:38:44 | Computer Name = ****** | Source = HP WA Service | ID = 0 Description = System.Exception Register() failed : e_GENERAL_EXCEPTION bei HP_Common.CaslWrapper.Register(EventArrivedEventHandler handler) bei HPPA_Service.CurrentConfiguration..ctor() Error - 07.07.2012 18:38:55 | Computer Name = ****** | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() [ System Events ] Error - 10.07.2012 08:19:50 | Computer Name = ****** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 10.07.2012 08:21:56 | Computer Name = ****** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 10.07.2012 08:21:56 | Computer Name = ****** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 10.07.2012 08:21:56 | Computer Name = ****** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 10.07.2012 08:26:56 | Computer Name = ****** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 10.07.2012 08:26:56 | Computer Name = ****** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 10.07.2012 08:26:56 | Computer Name = ****** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 10.07.2012 08:29:04 | Computer Name = ****** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 10.07.2012 08:29:04 | Computer Name = ****** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 10.07.2012 08:29:04 | Computer Name = ****** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Vielen Dank für eure Hilfe! |
|
11.07.2012, 01:00
| #2 |
| /// Malware-holic   | WIN 7 Home Premium GVU Trojaner mit Webcam-Bild hi
__________________was hast du mit hjt gefixt, das sollte man nicht tun, wenn man nicht weis was man da macht. klicke auf misk sektions, backups poste was du da entfernt hast außerdem: für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel
__________________ |
|
| Themen zu WIN 7 Home Premium GVU Trojaner mit Webcam-Bild |
| 7-zip, alternate, auswerten, avg secure search, avg security toolbar, avira, avira searchfree toolbar, bingbar, browser, browser.exe, cid, converter, diner dash, downloader, error, firefox, flash player, google, hijack, hijack this, home, install.exe, launch, loadtbs-3.0, logfile, microsoft office starter 2010, mp3, plug-in, problem, programm, realtek, richtlinie, scan, searchscopes, secure search, security, software, svchost.exe, trojaner, usb 2.0, vtoolbarupdater, windows, youtube downloader |
Linear-Darstellung
