| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "MyStart by Incredibar" entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.07.2012, 14:25
| #1 |
| |  "MyStart by Incredibar" entfernen Hallo liebe Community, ich habe mir vorkurzem diese überflüssige Toolbar von MyStart eingefangen und werde sie alleine nicht mehr los. Bis jetzt habe ich alles mit dem Namen "Incredibar" oder "MyStart" und was offensichtlich sichbar war über die Systemsteuerung gelöscht. Meine Browser werden leider immer noch davon beeinflusst. Das einzige Vorkommen ist, wenn ich einen neuen Tab öffne, dann erscheint anstatt der Startseite diese Toolbar und die soll weg. Ich habe mir bereits eure Regeln und Beiträge durchgelesen, aber ab einem gewissen Punkt, wird die Beratung sehr maßgeschneidert, desswegen erstelle ich diesen neuen Beitrag. Bis jetzt habe ich die von euch vorgeschlagenen Programme runtergeladen und die Scanns gestartet. Die Log-Files dazu s.u. Ich hoffe ihr könnt auch mir helfen. Im Voraus schonmal vielen Dank an euch Profis  MfG MK AdwCleaner[R1].txt: Code:
ATTFilter A# AdwCleaner v1.703 - Logfile created 07/20/2012 at 19:14:41
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : MK-ASUS - MK-ASUS-PC
# Running from : E:\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Found : C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}
Folder Found : C:\Users\MK-ASUS\AppData\LocalLow\Incredibar.com
Folder Found : C:\Users\MK-ASUS\AppData\Roaming\pdfforge
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Program Files (x86)\SweetIM
File Found : C:\Users\MK-ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\76ry637e.default\searchplugins\MyStart Search.xml
File Found : C:\Users\MK-ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\76ry637e.default\searchplugins\SweetIm.xml
***** [Registry] *****
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb139?a=6PQCdZRFR3&i=26
-\\ Mozilla Firefox v12.0 (de)
Profile name : default
File : C:\Users\MK-ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\76ry637e.default\prefs.js
Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb139?a=6PQCdZRFR3&loc=FF_NT");
Found : user_pref("browser.search.defaultenginename", "MyStart Search");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.did", "10669");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "0BE9D29A08051BDEE6C785E75DD9B082");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.id", "b88e4380000000000000f46d04e315e7");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15523");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", true);
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1410:14:39");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "123%5F1");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.propectorlck", 79776921);
Found : user_pref("extensions.incredibar.prtkHmpg", 1);
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCdZRFR3&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6PQCdZRFR3");
Found : user_pref("extensions.incredibar.upn2n", "92543159854761605");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1410:14:39");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10669");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "b88e4380000000000000f46d04e315e7");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15523");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "123%5F1");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQCdZRFR3&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6PQCdZRFR3");
Found : user_pref("extensions.incredibar_i.upn2n", "92543159854761605");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1410:14:39");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQCdZRFR3&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v18.0.1025.162
File : C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "description": "SweetIm for Facebook",
Found : "name": "SweetIM for Facebook",
Found : "homepage": "hxxp://mystart.incredibar.com/mb139?a=6PQCdZRFR3&i=26",
*************************
AdwCleaner[R1].txt - [7966 octets] - [20/07/2012 19:14:41]
########## EOF - C:\AdwCleaner[R1].txt - [8094 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.21.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MK-ASUS :: MK-ASUS-PC [Administrator] Schutz: Aktiviert 21.07.2012 13:57:28 mbam-log-2012-07-21 (13-57-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206651 Laufzeit: 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 21.07.2012 14:21:31 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = E:\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,13 Gb Available Physical Memory | 76,78% Memory free 15,95 Gb Paging File | 14,02 Gb Available in Paging File | 87,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 19,22 Gb Free Space | 34,44% Space Free | Partition Type: NTFS Drive D: | 244,14 Gb Total Space | 218,34 Gb Free Space | 89,43% Space Free | Partition Type: NTFS Drive E: | 585,94 Gb Total Space | 284,65 Gb Free Space | 48,58% Space Free | Partition Type: NTFS Drive F: | 387,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 8,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MK-ASUS-PC | User Name: MK-ASUS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.21 14:17:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.11 11:53:36 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\MK-ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.05.14 15:31:16 | 000,094,408 | ---- | M] () -- D:\Allway Sync\Bin\syncappw.exe PRC - [2012.05.14 14:46:14 | 000,182,784 | ---- | M] () -- D:\Allway Sync\Bin\SyncService.exe PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe PRC - [2010.12.07 16:32:24 | 001,097,344 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe PRC - [2010.12.02 10:37:22 | 001,425,536 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe PRC - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe PRC - [2010.11.26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.10 11:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010.10.12 16:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe PRC - [2010.09.24 21:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- D:\VPN\cvpnd.exe ========== Modules (No Company Name) ========== MOD - [2012.05.14 15:31:16 | 000,094,408 | ---- | M] () -- D:\Allway Sync\Bin\syncappw.exe MOD - [2012.05.14 14:45:54 | 007,793,664 | ---- | M] () -- D:\Allway Sync\Bin\syncapp.dll MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll MOD - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe MOD - [2011.02.07 06:14:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll MOD - [2011.02.07 06:14:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2011.02.07 06:14:16 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll MOD - [2011.02.07 06:14:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll MOD - [2010.12.30 22:15:40 | 001,656,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll MOD - [2010.12.03 16:12:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll MOD - [2010.12.02 17:28:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll MOD - [2010.12.01 12:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll MOD - [2010.11.19 10:55:00 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll MOD - [2010.11.19 10:53:34 | 000,963,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2010.10.15 17:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll MOD - [2010.09.27 20:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2010.09.27 20:51:12 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2010.09.19 21:52:50 | 000,094,208 | ---- | M] () -- C:\Windows\SysWOW64\IccLibDll.dll MOD - [2010.08.23 04:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll MOD - [2010.08.06 18:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2010.08.06 18:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll MOD - [2009.08.12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll MOD - [2009.05.21 10:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll MOD - [2009.05.21 04:14:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.11 11:53:36 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.05.14 14:46:14 | 000,182,784 | ---- | M] () [Auto | Running] -- D:\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService) SRV - [2012.04.28 18:32:16 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2012.04.28 18:32:15 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.01.08 08:17:46 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- D:\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost) SRV - [2010.12.28 00:27:52 | 051,727,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\VPN\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.04.29 15:51:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.11.22 09:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.08 15:52:38 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R) DRV:64bit: - [2010.08.17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb139?a=6PQCdZRFR3&i=26 IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQCdZRFR3&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQCdZRFR3&&i=26&search=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Java\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\VLC\npvlc.dll (VideoLAN) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.09 08:39:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Firefox\components [2012.07.18 16:40:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Components: D:\Thunderbird\components [2012.06.29 11:09:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Plugins: D:\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Firefox\components [2012.07.18 16:40:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: D:\Thunderbird\components [2012.06.29 11:09:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: D:\Thunderbird\plugins [2012.04.28 13:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MK-ASUS\AppData\Roaming\mozilla\Extensions [2012.07.19 23:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MK-ASUS\AppData\Roaming\mozilla\Firefox\Profiles\76ry637e.default\extensions [2012.07.19 23:42:59 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\MK-ASUS\AppData\Roaming\mozilla\Firefox\Profiles\76ry637e.default\extensions\foxmarks@kei.com [2012.05.17 16:39:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MK-ASUS\AppData\Roaming\mozilla\Firefox\Profiles\76ry637e.default\extensions\ich@maltegoetz.de [2012.07.02 10:14:20 | 000,002,203 | ---- | M] () -- C:\Users\MK-ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\76ry637e.default\searchplugins\MyStart Search.xml [2012.06.03 13:41:22 | 000,003,915 | ---- | M] () -- C:\Users\MK-ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\76ry637e.default\searchplugins\sweetim.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://mystart.incredibar.com/mb139?a=6PQCdZRFR3&i=26 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = D:\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = D:\Java\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = D:\VLC\npvlc.dll CHR - Extension: YouTube = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: SweetIM for Facebook = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: New tab for Chrome\u2122 = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: Google Mail = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: YouTube = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: SweetIM for Facebook = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: New tab for Chrome\u2122 = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: Google Mail = C:\Users\MK-ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [BCSSync] D:\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe Reader\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKCU..\Run: [Allway Sync] D:\Allway Sync\Bin\syncappw.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\MK-ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MK-ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38473F27-BB30-446E-8C57-E2D98BDBD9FD}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.30 13:09:27 | 000,000,044 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2011.11.23 18:38:29 | 000,000,000 | ---D | M] - G:\AutoPlay -- [ CDFS ] O32 - AutoRun File - [2011.11.23 18:38:29 | 006,567,544 | R--- | M] (UBISOFT) - G:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2011.11.23 18:38:29 | 000,147,034 | R--- | M] () - G:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2011.11.23 18:38:29 | 000,000,047 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{700e0788-b916-11e1-ad5a-f46d04e308e3}\Shell - "" = AutoRun O33 - MountPoints2\{700e0788-b916-11e1-ad5a-f46d04e308e3}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\{98ffc76e-91d8-11e1-8265-f46d04e315e7}\Shell - "" = AutoRun O33 - MountPoints2\{98ffc76e-91d8-11e1-8265-f46d04e315e7}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2011.11.23 18:38:29 | 006,567,544 | R--- | M] (UBISOFT) O33 - MountPoints2\{b2936b6a-9120-11e1-8699-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b2936b6a-9120-11e1-8699-806e6f6e6963}\Shell\AutoRun\command - "" = F:\START.EXE -- [2011.03.11 00:00:49 | 003,167,429 | R--- | M] (Macromedia, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.21 14:17:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Desktop\OTL.exe [2012.07.21 13:56:16 | 000,000,000 | ---D | C] -- C:\Users\MK-ASUS\AppData\Roaming\Malwarebytes [2012.07.21 13:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.21 13:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.21 13:56:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.21 13:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.20 19:27:20 | 000,000,000 | ---D | C] -- E:\Desktop\MyStartDreck [2012.07.16 12:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.02 10:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.07.02 10:14:49 | 000,000,000 | ---D | C] -- C:\Users\MK-ASUS\AppData\Roaming\pdfforge [2012.07.02 10:14:48 | 000,095,232 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.07.02 10:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012.07.02 10:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion [2012.07.02 10:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate ========== Files - Modified Within 30 Days ========== [2012.07.21 14:17:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe [2012.07.21 14:16:06 | 000,000,128 | ---- | M] () -- C:\Users\MK-ASUS\defogger_reenable [2012.07.21 14:14:05 | 000,050,477 | ---- | M] () -- E:\Desktop\Defogger.exe [2012.07.21 13:56:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.21 13:09:02 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job [2012.07.21 13:01:07 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.21 13:01:07 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.21 13:01:07 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.21 13:01:07 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.21 13:01:07 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.21 12:59:08 | 000,032,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.21 12:59:08 | 000,032,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.21 12:54:08 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2012.07.21 12:52:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.21 12:52:01 | 2129,211,391 | -HS- | M] () -- C:\hiberfil.sys [2012.07.16 12:53:49 | 000,000,561 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.13 07:19:30 | 000,362,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.09 08:39:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.07.03 16:31:53 | 000,005,472 | ---- | M] () -- C:\Users\MK-ASUS\AppData\Local\recently-used.xbel [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.03 10:10:46 | 000,013,168 | ---- | M] () -- E:\Desktop\Klausuren.ods [2012.07.02 10:17:11 | 000,109,897 | ---- | M] () -- E:\Desktop\Getriebe_020712Druck - Blatt1.pdf [2012.07.02 10:14:39 | 000,000,454 | ---- | M] () -- C:\user.js [2012.07.02 10:09:00 | 000,000,000 | ---- | M] () -- C:\Users\MK-ASUS\AppData\Local\Temptable.xml [2012.07.02 10:08:43 | 003,854,336 | ---- | M] () -- E:\Desktop\Getriebe_020712Druck.slddrw ========== Files Created - No Company Name ========== [2012.07.21 14:16:06 | 000,000,128 | ---- | C] () -- C:\Users\MK-ASUS\defogger_reenable [2012.07.21 14:14:05 | 000,050,477 | ---- | C] () -- E:\Desktop\Defogger.exe [2012.07.21 13:56:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.16 12:53:49 | 000,000,561 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.03 16:31:53 | 000,005,472 | ---- | C] () -- C:\Users\MK-ASUS\AppData\Local\recently-used.xbel [2012.07.03 10:10:41 | 000,013,168 | ---- | C] () -- E:\Desktop\Klausuren.ods [2012.07.02 10:17:10 | 000,109,897 | ---- | C] () -- E:\Desktop\Getriebe_020712Druck - Blatt1.pdf [2012.07.02 10:14:39 | 000,000,454 | ---- | C] () -- C:\user.js [2012.07.02 09:58:35 | 003,854,336 | ---- | C] () -- E:\Desktop\Getriebe_020712Druck.slddrw [2012.06.17 20:54:59 | 001,014,176 | ---- | C] () -- C:\Windows\PE_Rom.dll [2012.06.11 11:53:37 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.11 11:53:36 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.03 14:33:30 | 000,081,920 | ---- | C] () -- C:\Users\MK-ASUS\AppData\Roaming\chrtmp [2012.06.03 13:36:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2012.05.18 09:54:30 | 000,000,000 | ---- | C] () -- C:\Users\MK-ASUS\AppData\Local\Temptable.xml [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.05.07 19:11:35 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini [2012.05.06 23:53:35 | 000,000,369 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.04.28 18:36:25 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2012.04.28 17:17:25 | 000,000,352 | ---- | C] () -- C:\Users\MK-ASUS\AppData\Roaming\Network Meter_Settings.ini [2012.04.28 13:23:49 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll [2012.04.28 13:22:12 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.04.28 13:22:07 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.04.28 13:05:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.04.28 13:05:36 | 000,031,365 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.08.03 07:21:24 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys ========== LOP Check ========== [2012.04.29 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\DAEMON Tools Lite [2012.04.28 18:35:48 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\DassaultSystemes [2012.07.21 13:34:48 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\Dropbox [2012.06.10 13:31:26 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\EDrawings [2012.05.18 12:11:43 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\inkscape [2012.05.06 19:22:08 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\Kalypso Media [2012.07.02 10:14:49 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\pdfforge [2012.06.07 14:52:07 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\PersBackup5 [2012.06.11 11:53:35 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\PunkBuster [2012.06.12 15:12:24 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\SKAT [2012.06.07 15:07:49 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\Sync App Settings [2012.04.28 13:54:13 | 000,000,000 | ---D | M] -- C:\Users\MK-ASUS\AppData\Roaming\Thunderbird [2012.07.21 12:54:08 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job [2012.07.21 13:09:02 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job [2012.06.15 06:59:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.07.2012 14:21:31 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = E:\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,13 Gb Available Physical Memory | 76,78% Memory free
15,95 Gb Paging File | 14,02 Gb Available in Paging File | 87,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 19,22 Gb Free Space | 34,44% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 218,34 Gb Free Space | 89,43% Space Free | Partition Type: NTFS
Drive E: | 585,94 Gb Total Space | 284,65 Gb Free Space | 48,58% Space Free | Partition Type: NTFS
Drive F: | 387,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 8,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MK-ASUS-PC | User Name: MK-ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0055388B-E4E4-4640-BA40-F66EBEE76C51}" = lport=2869 | protocol=6 | dir=in | app=system |
"{02CD8F6C-E3B5-4ED3-ACB9-32362B1FC0ED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B1F7A48-73B0-4A7D-A16B-9079D3779D25}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1DB9BC72-1B26-42D0-BA6A-0E06424551A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C9EB4E9-12FF-429E-ACC7-044575C85996}" = rport=137 | protocol=17 | dir=out | app=system |
"{2DDC4DBC-7E91-463E-A014-983E516DAB76}" = lport=10243 | protocol=6 | dir=in | app=system |
"{46D88111-69A1-4F6F-A5F2-A6F5220EEAEE}" = lport=445 | protocol=6 | dir=in | app=system |
"{4741F485-7EF3-4B5F-92B7-5C857C0C9E85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C251000-2616-437A-B2CA-F0808D2CAE20}" = lport=137 | protocol=17 | dir=in | app=system |
"{5218F0CE-7C47-46B8-8077-6C935DB6E7C1}" = rport=138 | protocol=17 | dir=out | app=system |
"{533FB400-C83B-45B3-A830-B67E5C4752F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{563A4A0D-83B0-4BA3-8002-739F5EDA81D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CA2E2D8-78B9-440A-9990-A0B6151EFA64}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BC3AB5C-4D94-479A-BF0F-A1CDC46B1A98}" = lport=138 | protocol=17 | dir=in | app=system |
"{8A4198F6-6233-48D0-A1B7-37B939EB3EA0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2292163-5CCC-4D46-AE3B-17D497334488}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB6ABF09-0442-494B-8F85-0D46C3163254}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC21F6F8-FCF5-4799-A831-42092AC8A20B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCDD3DE9-9569-4B2A-B5AD-382031728C9E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D5336439-2270-45D9-BF3F-7132B42ACF8E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E73EF0C8-F53C-40BD-A922-12D373EB28ED}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7BE7255-7B5D-46BC-98E9-603E1675F819}" = lport=139 | protocol=6 | dir=in | app=system |
"{F8CFFA35-C758-4664-9217-A0DC7ECEE2AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055DCACD-C8E4-4176-AE1F-AAAD2A8E2B1C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{076F3C38-4EB3-44E1-ABB0-90E579CEE1C3}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{0BDE5414-D4F4-4955-BBCB-2B241B06E95F}" = protocol=6 | dir=out | app=system |
"{126ECEB2-C4C0-4C80-9D78-5C2EBBE05CD4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13339433-83B3-415E-A36D-F618DF69034C}" = protocol=17 | dir=in | app=c:\users\mk-asus\appdata\roaming\dropbox\bin\dropbox.exe |
"{140E161F-41DF-493E-B184-6F3CE1D920B4}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{21FAEBF8-C148-4995-B8BB-81831B4F1114}" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"{222D6620-B645-4584-B991-85B32C5F9FF2}" = protocol=17 | dir=in | app=d:\solidworks\solidworks\photoview\photoview360_cl.exe |
"{24ACBD6B-90D8-408E-8D5E-E5C0D361FF96}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2ABBE8A1-34C0-4E61-9516-D309F9D11AB8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{34461C0C-6B32-49CD-8978-E11B86C01483}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34C2511D-DD00-4BCC-8332-1EC0AF2FFFF2}" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"{3CF9CB21-F648-4A5B-ACA7-AE1CF1974236}" = protocol=6 | dir=in | app=d:\spiele\assassins creed\revelations\acrmp.exe |
"{4D96BB3F-9A4B-4744-9A87-7AD994111893}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EFCB85A-6737-4972-B75A-EB696205A7A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56B6A7B2-FA33-4BB5-B7C6-81053EE232DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59FF3073-2E38-4A37-8B19-2B8CA49E0153}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AF104E8-D3F0-42F4-83B2-7E50FE8223BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5E5D639B-88FB-4FA6-8458-01F20F3BF579}" = protocol=6 | dir=in | app=d:\solidworks\solidworks\photoview\photoview360.exe |
"{65F3F517-C298-4DF4-B4A4-948F46D1B82A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6FEF0DFC-1D39-4305-B4E4-5D2FC81C8754}" = protocol=17 | dir=in | app=d:\solidworks\solidworks\swscheduler\dtscoordinatorservice.exe |
"{7259B656-0AC9-48CB-82E3-FB8129B7B317}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8083053F-41E9-4352-A1EB-F42DD64D2C14}" = protocol=6 | dir=in | app=c:\users\mk-asus\appdata\roaming\dropbox\bin\dropbox.exe |
"{86B28784-B240-43FB-AF24-4972EC43B95F}" = protocol=6 | dir=in | app=d:\solidworks\solidworks\swscheduler\dtscoordinatorservice.exe |
"{89083881-7E9C-42B0-9FB4-6187B8B83F1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E93BF6C-021C-4505-B6B5-293F24071490}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8EDA7D42-E9B8-4892-8FA4-3713D2B771C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B297FFD-2D97-440B-9D93-C1F57141E33A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A641D23C-3FDB-4121-91D1-4A69E31F9128}" = protocol=17 | dir=in | app=d:\spiele\assassins creed\revelations\acrsp.exe |
"{AB1677C6-2E35-4E7F-AA75-81DB950835DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B440774B-5A37-4F4F-BA7D-6A64119939F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8591BBD-0960-467F-88AE-4574352EBEBA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BDD85A23-83CA-4F80-941C-EB695F9E1CF8}" = protocol=17 | dir=in | app=d:\spiele\assassins creed\revelations\assassinscreedrevelations.exe |
"{BE2E8FA1-3086-43F3-9A4C-A704441ABA77}" = protocol=17 | dir=in | app=d:\solidworks\solidworks\photoview\photoview360.exe |
"{C13B52B0-6FCD-4CC1-9678-608456469057}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C59F737E-B830-490B-B6E7-4BC7CA79CD42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6C9CDA3-A7A4-4134-8BFD-B598E8670C82}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CD31155D-6117-48EE-B341-C002EDCD8B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{CE371C6E-AE7E-44D7-9562-C16C0F15E5DD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D15B8A68-6C7F-487A-B919-F942A1053118}" = protocol=6 | dir=in | app=d:\microsoft office 2010\office14\groove.exe |
"{D69AB1FE-DEF2-423D-9E01-89A91EB867A2}" = protocol=6 | dir=in | app=d:\spiele\assassins creed\revelations\acrsp.exe |
"{DC0EB99B-1CAC-4537-BE8C-5BE0ECEF538C}" = protocol=17 | dir=in | app=d:\microsoft office 2010\office14\groove.exe |
"{DC183ED7-476C-4538-8714-837B98AFD816}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{E73B5B87-AEE2-419E-8045-8FDC76640DC8}" = protocol=6 | dir=in | app=d:\solidworks\solidworks\photoview\photoview360_cl.exe |
"{F398BEFB-7DB1-4EB4-866B-F7A33F154F29}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3FC346A-2963-4A8E-9EB8-237EF15E3A9B}" = protocol=17 | dir=in | app=d:\spiele\assassins creed\revelations\acrmp.exe |
"{F92EBC24-CA6B-4D8E-A7CA-5EBF3F4B1F5F}" = protocol=6 | dir=in | app=d:\spiele\assassins creed\revelations\assassinscreedrevelations.exe |
"TCP Query User{482ACDFB-79A1-41B0-AA8E-721A0FAE4B44}C:\users\mk-asus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mk-asus\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4B09E538-BCBC-43DD-AA61-5293081BAF87}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"TCP Query User{4F0D986C-8B7F-4D0E-9869-0844C95E1B1A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{8CE5FAAD-C345-41D0-AC28-5B55C1A8A22A}D:\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\java\bin\javaw.exe |
"UDP Query User{545DD2C0-B2E0-41A3-8277-AE499BD849E2}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"UDP Query User{92979C35-0446-4831-A585-A07078FA0442}D:\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\java\bin\javaw.exe |
"UDP Query User{C6B79C6E-076C-49F7-8D28-295B8B439395}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{F778BEFD-86DD-4E52-B0E4-02CEC15D8049}C:\users\mk-asus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mk-asus\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{455804F2-70A9-46BD-BEB8-957000EC20D4}" = SolidWorks eDrawings 2011 x64 Edition SP02
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F113377-0BA1-4552-9ABB-9BF220FAF132}" = SolidWorks 2011 x64 Edition SP02
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{CEF0C5DA-21C5-4FA7-AD05-5D21C525543C}" = SolidWorks 2011 x64 German Resources
"{EAFC065C-0576-4DE9-8FDB-4D943367506E}" = Oracle VM VirtualBox 3.2.10
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Matlab R2012a" = MATLAB R2012a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{651CAB7C-9349-487C-BB4E-EEBB4BC67982}" = Skat 9.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Afterburner" = MSI Afterburner 2.1.0
"Allway Sync_is1" = Allway Sync version 12.1.1
"avast" = avast! Free Antivirus
"Caesar 3" = Caesar 3
"Cities XL 2012" = Cities XL 2012
"DAEMON Tools Lite" = DAEMON Tools Lite
"Der VerkehrsGigant-Gold Edition" = Der VerkehrsGigant-Gold Edition
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"Macro Express Pro" = Macro Express Pro
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0 (x86 de)" = Mozilla Thunderbird 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Personal Backup 5_is1" = Personal Backup 5.3
"PunkBusterSvc" = PunkBuster Services
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SolidWorks Installation Manager 20110-40200-1100-100" = SolidWorks 2011 x64 Edition SP02
"SumatraPDF" = SumatraPDF
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 2.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.07.2012 06:53:22 | Computer Name = MK-ASUS-PC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C020 SKU-ID=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Error - 21.07.2012 06:53:30 | Computer Name = MK-ASUS-PC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0xC004C020
Error - 21.07.2012 06:53:30 | Computer Name = MK-ASUS-PC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C020 SKU-ID=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Error - 21.07.2012 06:53:50 | Computer Name = MK-ASUS-PC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0xC004C020
Error - 21.07.2012 06:53:50 | Computer Name = MK-ASUS-PC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C020 SKU-ID=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Error - 21.07.2012 06:53:53 | Computer Name = MK-ASUS-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.07.2012 06:54:00 | Computer Name = MK-ASUS-PC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0xC004C020
Error - 21.07.2012 06:54:00 | Computer Name = MK-ASUS-PC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C020 SKU-ID=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Error - 21.07.2012 06:54:08 | Computer Name = MK-ASUS-PC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0xC004C020
Error - 21.07.2012 06:54:08 | Computer Name = MK-ASUS-PC | Source = Software Protection Platform Service | ID = 1014
Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C020 SKU-ID=9abf5984-9c16-46f2-ad1e-7fe15931a8dd
[ System Events ]
Error - 19.07.2012 12:18:44 | Computer Name = MK-ASUS-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 19.07.2012 12:18:44 | Computer Name = MK-ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 20.07.2012 02:25:01 | Computer Name = MK-ASUS-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 20.07.2012 02:25:01 | Computer Name = MK-ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 20.07.2012 10:25:22 | Computer Name = MK-ASUS-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 20.07.2012 10:25:22 | Computer Name = MK-ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 21.07.2012 02:39:37 | Computer Name = MK-ASUS-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 21.07.2012 02:39:37 | Computer Name = MK-ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 21.07.2012 06:54:15 | Computer Name = MK-ASUS-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 21.07.2012 06:54:15 | Computer Name = MK-ASUS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
| Themen zu "MyStart by Incredibar" entfernen |
| antivirus, autorun, bho, browser, document, entfernen, error, fehler, firefox, flash player, google, helper, heuristiks/extra, heuristiks/shuriken, homepage, installation, internet, internet explorer, jdownloader, logfile, microsoft office 2003, microsoft office word, monitor.exe, mozilla, msiexec.exe, nvidia update, plug-in, realtek, registry, scan, searchscopes, security, software, svchost.exe, usb, usb 3.0, virtualbox, visual studio, windows |
Baum-Darstellung