| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: gvu 2.07 Befall entfernen Windows 7. aber wie?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.07.2012, 22:38
| #1 |
 |  gvu 2.07 Befall entfernen Windows 7. aber wie? Hallo Forum, Ziert einmal super das es eine solche Page mit Hilfe gibt und zum zweiten, sorry für die Rechtschreibung, Nähe alles grade von Handy. Also mein Problem ist, ich hatte heute den gvu Befall, wohl die neuste Version wegen dem videofenster. Habe mir über den anderen pc Kaspersky rescue geladen und gestartet, da allerdings keine Funde bei un Dr Eingabe von disabletaskmgr gefunden wurde, war das Problem noch da. Habe dann den letzen systemwiederherstellungspunkt gewählt und war wieder im Rennen. Dann noch anti marlware, cccleaner, spybot, Java Update und noskript durchlaufen lassen, ohne einen fund. Denke aber das wie bei jeder Art von Virus noch Reste drauf sind. Wie bekomme ich es nun weg?? Bin momentan arbeiten un kann erst morgen früh mit Pech erst Freitag etwas Posten ... Danke und Gruß So, ich hab mal schnell vorm schlafen gehen OTL durchlaufen lassen ...OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.07.2012 06:52:29 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,62% Memory free 15,96 Gb Paging File | 13,61 Gb Available in Paging File | 85,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,70 Gb Total Space | 9,77 Gb Free Space | 16,36% Space Free | Partition Type: NTFS Drive D: | 390,97 Gb Total Space | 302,32 Gb Free Space | 77,33% Space Free | Partition Type: NTFS Drive E: | 596,17 Gb Total Space | 293,26 Gb Free Space | 49,19% Space Free | Partition Type: NTFS Computer Name: SIR_KITTY | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Marthell Schiller\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Packardbell | MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Packardbell | MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Packardbell | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Packardbell | MSN IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Packardbell | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.21 23:51:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 14:14:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.25 19:49:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 14:14:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.25 19:49:32 | 000,000,000 | ---D | M] [2011.09.25 17:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012.07.25 19:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions [2012.01.06 01:58:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.29 14:26:05 | 000,000,853 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\searchplugins\11-suche.xml [2012.06.29 14:26:05 | 000,002,209 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\searchplugins\englische-ergebnisse.xml [2012.06.29 14:26:05 | 000,010,506 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\searchplugins\gmx-suche.xml [2012.06.29 14:26:05 | 000,002,368 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\searchplugins\lastminute.xml [2012.06.29 14:26:05 | 000,005,489 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\searchplugins\webde-suche.xml [2012.05.16 21:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.16 21:03:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.25 19:51:40 | 000,525,861 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.06.29 14:26:04 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.06.17 14:14:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.03 12:45:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.03 12:45:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.03 12:45:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.03 12:45:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.03 12:45:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.03 12:45:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\****\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Marthell Schiller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Instant File Name Search] C:\Program Files (x86)\Dateiesuche\App\ifns.exe () O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Steam] D:\Steam (Games)\steam.exe (Valve Corporation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Marthell Schiller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Marthell Schiller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marthell Schiller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{359E4F5A-1A40-464B-BD4A-2AF301A56293}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA3282F3-E9E0-4A28-A1CD-104E4DB74E18}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\Shell - "" = AutoRun O33 - MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\Shell\AutoRun\command - "" = I:\Startme.exe O33 - MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\Shell - "" = AutoRun O33 - MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\Shell\AutoRun\command - "" = I:\Startme.exe O33 - MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\Diablo III Setup.exe" O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.26 06:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.07.26 06:49:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.07.25 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Secunia PSI [2012.07.25 19:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.07.25 19:49:32 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.07.25 19:49:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.07.25 19:49:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.07.25 19:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.25 19:46:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2012.07.25 19:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.25 19:45:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.25 19:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.25 19:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2012.07.11 12:57:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.11 12:57:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.11 12:57:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.11 12:57:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.11 12:57:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.11 12:57:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.11 12:57:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.11 12:57:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.11 12:57:17 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.11 12:57:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.11 12:57:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.11 12:57:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 12:57:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 11:30:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 11:30:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 11:30:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 11:29:33 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 11:29:32 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.08 10:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.08 10:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.08 10:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.06.28 12:09:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.06.27 13:54:32 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\w [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.26 06:55:40 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.26 06:55:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 06:55:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 06:50:09 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001UA.job [2012.07.26 06:49:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.07.26 06:44:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.26 06:43:53 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys [2012.07.25 19:47:48 | 000,001,081 | ---- | M] () -- C:\Users\****\Desktop\Secunia PSI.lnk [2012.07.25 19:47:21 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.25 19:45:18 | 000,001,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.07.25 19:34:36 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad [2012.07.20 23:50:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001Core.job [2012.07.11 21:53:45 | 000,312,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.27 01:43:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.06.27 01:43:11 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.26 06:55:40 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.25 19:47:48 | 000,001,081 | ---- | C] () -- C:\Users\****\Desktop\Secunia PSI.lnk [2012.07.25 19:45:48 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.25 19:45:18 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.07.25 19:45:18 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.07.25 18:23:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.06 19:15:17 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.11.05 15:10:12 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011.11.05 15:10:12 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.26 08:48:28 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.09.26 08:19:01 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.09.25 17:34:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.09.25 17:07:18 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.02 20:51:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.02 20:35:17 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.12.07 16:46:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys < End of report > --------------------OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.07.2012 06:52:29 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,62% Memory free
15,96 Gb Paging File | 13,61 Gb Available in Paging File | 85,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,70 Gb Total Space | 9,77 Gb Free Space | 16,36% Space Free | Partition Type: NTFS
Drive D: | 390,97 Gb Total Space | 302,32 Gb Free Space | 77,33% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 293,26 Gb Free Space | 49,19% Space Free | Partition Type: NTFS
Computer Name: SIR_KITTY | User Name: Marthell Schiller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\SysWow64\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\SysWow64\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12790843-7874-40B4-AB5D-F4C688C4A8C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{33573061-9B8F-4473-8413-A7DBC94A0942}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3A1A7E87-4F5F-42AD-8C0B-2FEF40275838}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4793D313-1F71-465F-A212-4A4F3B7A1745}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4B7A3854-B133-4090-96EE-BF665508C71E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55301C10-F217-4605-A1AF-82298229364D}" = lport=445 | protocol=6 | dir=in | app=system |
"{57C4232F-57E4-485A-BB22-1ACF2B6D354C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68F01B4F-313C-475A-9E6D-4215E8703011}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6E7DF454-AE48-4B85-9F8A-B6C193957A6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7593DB02-A06D-4491-B37C-490A56296B76}" = rport=10243 | protocol=6 | dir=out | app=system |
"{768F328D-D864-451A-9B4B-FC73AA3A1F16}" = rport=139 | protocol=6 | dir=out | app=system |
"{76904722-9B08-4800-B81A-672201CDB473}" = lport=2869 | protocol=6 | dir=in | app=system |
"{866D5A60-B530-4F00-B09C-5A2E502225B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9EFB961C-85FD-4A2F-9857-49CF0A1FD4FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F4AA85A-72D6-4A27-9AFE-46BB187CF789}" = lport=139 | protocol=6 | dir=in | app=system |
"{A92139E6-DDCA-4AC8-9A21-337E1C3A6F85}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5112FF8-44EF-477B-8A5F-DF36D888FE6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B87735A8-DB5C-4BCA-8534-20BB54D15B71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BAE27FAC-D133-430D-AFEE-5D5B8C8A2BFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0C19CE7-4171-4BFD-B759-1736C7F14A55}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6867225-0372-4F88-AED4-E69BB4ACFB31}" = rport=138 | protocol=17 | dir=out | app=system |
"{D725A55C-7545-4AA9-A080-8967D1866111}" = lport=138 | protocol=17 | dir=in | app=system |
"{EE445C88-A012-41FE-87CC-1F3CB4F4694A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7D3366D-B132-430B-951C-AB27BD00659B}" = rport=445 | protocol=6 | dir=out | app=system |
"{FB9A8BBF-277C-4DCE-ACAD-F65DF9508EDE}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00211A45-66C4-485B-81B1-D07F15ED9E73}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{033AE19E-B836-4938-97EB-56AACD1C2A75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{084CB6C8-9F0E-4E74-BAF4-FBC5061F9367}" = protocol=17 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper.exe |
"{0C68B09B-5D09-4407-B2D4-06764267E0E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{12959D3E-F29E-4346-90D2-07051EA7B3E8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{14B502E9-8294-4F2D-88C2-8744D7E35DD4}" = protocol=6 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper.exe |
"{17BF77D8-C637-4D3A-B973-8CA1BAF07DBB}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe |
"{1AFB73F5-B8E0-46F6-BB47-69DD34CBA4B1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{1B34F916-3E3E-43E6-8159-F59CD11D4828}" = protocol=17 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{22F5902D-A4EB-484A-8DFF-6815B4262945}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{242306E7-4FAD-432C-B95B-37473C3392AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25567363-FA7B-4ECD-BC3A-35ECF11AF7F0}" = protocol=6 | dir=in | app=d:\steam (games)\steam.exe |
"{259CA523-6E4B-4F8E-97DB-97867B32A13A}" = protocol=6 | dir=in | app=d:\online games\diablo iii beta\diablo iii.exe |
"{28849D50-2D51-4EC6-95D1-D3BFD3D3B81B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{289DAC25-9296-46FD-A128-C7D1EFD7F768}" = protocol=6 | dir=in | app=d:\steam (games)\steamapps\common\rage\rage.exe |
"{291FFFFF-EC3F-4D9A-B3E4-B9B8788BB475}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31EB1A38-9BA2-45A0-80D2-F20D96F93DE0}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstar.exe |
"{345CB328-CF7E-4666-B28C-D342B46DF6CF}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstar.exe |
"{3A7E7F0A-381B-499F-A5B3-B433D244B2C2}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe |
"{3DA8D594-7A03-4E8E-A9F7-7CE3F4201373}" = protocol=17 | dir=in | app=d:\online games\diablo iii\diablo iii.exe |
"{40743B54-FC6F-4BF0-ACA6-ED5F7AEF06E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{45027BC4-0130-42FF-BA25-487FDD1C2BFD}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe |
"{46EAFCB4-2D9F-48D1-9465-EE715C02B8A2}" = protocol=6 | dir=in | app=c:\program files\opera next x64\opera.exe |
"{488B9B9F-AD92-4604-9541-48300D536336}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{4AA4CD3F-98D0-4838-8B9D-608BE64AECE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B2F0046-F203-41C1-B923-B1E0D3374640}" = protocol=17 | dir=in | app=d:\steam (games)\steam.exe |
"{4C4A42E2-B70B-4E4E-B06B-76647F7E07B8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{504C37FA-503D-498C-B4E1-18164C6D57D6}" = protocol=6 | dir=in | app=c:\program files\opera next x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{55AA62AA-FD49-43B9-855C-2A9172F552A8}" = protocol=6 | dir=in | app=d:\steam (games)\steamapps\common\rusty hearts\clientlauncher.exe |
"{5D08A7D0-00CC-4D22-B8D6-082706AF7776}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe |
"{624D52DD-9801-40D1-92B2-48BF446347F2}" = protocol=17 | dir=in | app=c:\program files\opera next x64\opera.exe |
"{6360719B-6693-4D75-9FE3-DCA67FE47C79}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{63D33849-035D-4417-848E-8EE790A75044}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{667FD851-107D-48F6-A867-5871E305D4A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66A6CC7D-E317-4B3F-B4FD-C4D137CAB374}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{6D21D9A4-AD43-4F61-BB1E-B137C9F5F15B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6FFB230C-DE51-4080-8472-8E4B4E273976}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7119B577-C8BB-43B2-9436-7833BBF5D9BF}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe |
"{72E8EFF7-615F-441F-8D02-4960E7D69E62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7966F76B-F8A6-43C8-A2A4-25F13EEA17DB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{81DE81A6-A779-4985-A7B0-AADFCC399EF1}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe |
"{84DFEE87-376E-4020-8F08-E1F04DB1F0B3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86F4239C-CBC2-4B8B-9798-C832EAB3D5DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{87F7D9FE-332E-4022-81EB-DFB4253FCE69}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe |
"{88EDB79A-7400-487F-B46A-954519E3BF26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89E57294-9CFD-45F3-8D77-09CDE0D9ACF5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CC3C4BE-6714-4F8F-B7C3-6B02A360CBF2}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{928AB83F-4A7E-4DC3-80F3-F913475B87F0}" = protocol=6 | dir=in | app=d:\online games\diablo iii\diablo iii.exe |
"{96065D83-75D4-481F-9740-E63E18E73EC3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{97105091-C97A-4E4C-A50D-4170F23ED466}" = protocol=17 | dir=in | app=d:\steam (games)\steamapps\common\rusty hearts\clientlauncher.exe |
"{97A97F33-7AD7-453B-BBC3-405191FC5EC8}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe |
"{9CE868D1-1AB3-4005-95F6-940F8C249E9A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{9E1DA9F4-7F5D-4E53-A8B5-8601C921B991}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{A36A10BB-684D-42AA-B7F4-A4BF73EE0076}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe |
"{A6FCE71F-8843-4BEA-A476-14D177844CD6}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe |
"{B3F7A04E-BAF2-476F-8560-5A7174D57D7F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5955F51-51D5-46F7-BBA5-684D460AD4F8}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe |
"{B6A56099-4814-4D26-B3F6-3799262C92EF}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcherloader.exe |
"{CBCBE18D-41CC-4366-AB25-8BCBC242216B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CC479D7A-7C7C-492F-A94D-AE530376A74F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CCAAB317-B6C0-4051-B34E-0B0682A1CAF5}" = protocol=17 | dir=in | app=d:\online games\golfstar\golfstar.exe |
"{D0761D19-EDB9-482B-9730-827C3671EB10}" = protocol=17 | dir=in | app=d:\steam (games)\steamapps\common\rage\rage.exe |
"{D14E4488-5A07-4315-B2DA-9F677F146727}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D2DB3702-C022-4A09-A323-47C3623896F8}" = protocol=17 | dir=in | app=d:\online games\diablo iii beta\diablo iii.exe |
"{D360150E-95BB-4381-A94A-752C07C9E1B7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DA8DAFBE-F236-4D5B-A4D1-EFEC8723CE1B}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstarpatcher.exe |
"{DB2E1C5C-3F0C-43DF-BA4E-AD075C9649F0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DCD1C1BA-2665-443E-A653-8AEBE90C5C00}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EDB7F7BA-66B6-4356-B229-716D27DCF83B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F0ACCE4C-EB8B-4899-B3F1-4AC328817015}" = protocol=6 | dir=in | app=d:\online games\golfstar\golfstar.exe |
"{FF4BA294-368E-4F86-91B9-42CFDCCAA319}" = protocol=6 | dir=out | app=system |
"TCP Query User{03957DCA-A213-4C74-BCE7-DDC440F67AC0}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{053294A6-42FA-4CC4-A328-021C8B9C6798}E:\games\q3a\quake3.exe" = protocol=6 | dir=in | app=e:\games\q3a\quake3.exe |
"TCP Query User{070990DB-8831-4EC7-A3B4-D6BD8818BF39}D:\online games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\online games\world_of_tanks\wotlauncher.exe |
"TCP Query User{3172BDD8-AAE0-49FF-A17D-E5831715DD39}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{8290C9F1-226B-43C6-898C-516FE9AF7C1D}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{A7A3CA4F-11A7-44E2-A895-A7776D141E1F}D:\online games\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\online games\diablo iii\diablo iii.exe |
"TCP Query User{C1550033-79A8-44BD-A7DA-6DB9B6B5D4BE}E:\games\medal of honor - reloaded\binaries\moh.exe" = protocol=6 | dir=in | app=e:\games\medal of honor - reloaded\binaries\moh.exe |
"TCP Query User{F662F23B-7EE9-45B4-A5AB-44173795FCC9}D:\online games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\online games\world_of_tanks\worldoftanks.exe |
"UDP Query User{8D7B69F1-B3E3-4049-8712-6A99C73BF70C}D:\online games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\online games\world_of_tanks\worldoftanks.exe |
"UDP Query User{99C63D99-9066-4005-990B-25519B43BE87}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{A5641CC9-DA3A-454E-80BD-5F2832F581C0}D:\online games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\online games\world_of_tanks\wotlauncher.exe |
"UDP Query User{A8841741-D529-40C7-B0B3-06AA00102E0F}E:\games\medal of honor - reloaded\binaries\moh.exe" = protocol=17 | dir=in | app=e:\games\medal of honor - reloaded\binaries\moh.exe |
"UDP Query User{C015688B-0C8A-432E-BB1B-71D5748D1A92}D:\online games\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\online games\diablo iii\diablo iii.exe |
"UDP Query User{D5D875A3-A468-4699-8F34-2117E5FFDBCA}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{F1DC8A96-CEC2-4569-89AC-14D63F46CB75}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{F9589E61-EED5-46BE-BAC5-BA6A85753CE1}E:\games\q3a\quake3.exe" = protocol=17 | dir=in | app=e:\games\q3a\quake3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{85C76689-536B-4CD4-AD94-2F5D259C084B}" = Free Launch Bar 64-bit Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EF15F75-3DA2-2167-CB03-D096BD1D96FE}" = AMD Accelerated Video Transcoding
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AFDF093E-7308-E1AD-DF23-7BE1B0382CF7}" = AMD AVIVO64 Codecs
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC0C2372-95DC-0BDF-D9F0-0183D60EDA7B}" = AMD Drag and Drop Transcoding
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Opera 12.00.1387" = Opera Next 12.00 beta build 1387
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{03148a20-37c5-4966-a0af-13cf1040e10f}" = Nero 9 Essentials
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}" = OpenOffice.org 3.1
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDDB05A-1B35-453B-47B5-AD75809BBBF9}" = PX Profile Update
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.11.0
"Alien Breed 3: Descent_is1" = Alien Breed 3: Descent
"Avira AntiVir Desktop" = Avira Free Antivirus
"CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.5.2
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps (remove only)
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free Image Convert and Resize_is1" = Free Image Convert and Resize version 2.1.15.221
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.6.221
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.20.221
"Free Video Dub_is1" = Free Video Dub version 2.0.5.221
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.0.2.221
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.6.221
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.6.221
"Free Video to Sony Phones Converter_is1" = Free Video to Sony Phones Converter version 5.0.6.221
"Free YouTube Download_is1" = Free YouTube Download version 3.1.22.319
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.9.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"Free YouTube Uploader_is1" = Free YouTube Uploader version 3.3.27.221
"Homefront_is1" = Homefront
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Basic)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NetObjects Fusion Essentials" = NetObjects Fusion Essentials
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PotPlayer" = Daum PotPlayer 1.5.32007
"PowerISO" = PowerISO
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"ShotOnline" = ShotOnline
"Steam App 36630" = Rusty Hearts
"Steam App 9200" = RAGE
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 2.0.1
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 6.15
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.15
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
"XnView_is1" = XnView 1.99
"xp-AntiSpy" = xp-AntiSpy 3.96-8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Episode 3" = Back to the Future The Game - Episode 3
"FoxTab PDF Converter" = FoxTab PDF Converter
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.07.2012 07:02:52 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedface Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xa14 Startzeit der fehlerhaften Anwendung: 0x01cd577902d6f0bc Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 4d4bf302-c36c-11e1-a7d0-1c7508d6c9de
Error - 01.07.2012 13:17:43 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedface Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xa84 Startzeit der fehlerhaften Anwendung: 0x01cd57ad62ca7cdb Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: aab74d4d-c3a0-11e1-80da-1c7508d6c9de
Error - 02.07.2012 04:59:56 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedface Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xa60 Startzeit der fehlerhaften Anwendung: 0x01cd5830fddc9c5d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 4b2e39fc-c424-11e1-9fe7-1c7508d6c9de
Error - 02.07.2012 09:37:24 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedface Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xa1c Startzeit der fehlerhaften Anwendung: 0x01cd5857c4989182 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 0dbeebc7-c44b-11e1-bc36-1c7508d6c9de
Error - 03.07.2012 00:54:24 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedface Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xa48 Startzeit der fehlerhaften Anwendung: 0x01cd58d7dea91619 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 28a7fde4-c4cb-11e1-b06e-1c7508d6c9de
Error - 04.07.2012 00:52:21 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedface Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xa60 Startzeit der fehlerhaften Anwendung: 0x01cd59a0bf16e517 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 09ad1b67-c594-11e1-b1a6-1c7508d6c9de
Error - 04.07.2012 10:00:16 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedface Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xa40 Startzeit der fehlerhaften Anwendung: 0x01cd59ed49c3584c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 94820601-c5e0-11e1-935b-1c7508d6c9de
Error - 05.07.2012 00:49:58 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedface Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xa50 Startzeit der fehlerhaften Anwendung: 0x01cd5a699727b654 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: dea98820-c65c-11e1-9346-1c7508d6c9de
Error - 05.07.2012 07:19:04 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedface Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xa4c Startzeit der fehlerhaften Anwendung: 0x01cd5a9ff0a3b3b3 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 3a17ef73-c693-11e1-aac8-1c7508d6c9de
Error - 06.07.2012 10:34:43 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedface Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0x9f4 Startzeit der fehlerhaften Anwendung: 0x01cd5b847067c74c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: b9a41a88-c777-11e1-b926-1c7508d6c9de
Error - 08.07.2012 04:07:49 | Computer Name = Sir_Kitty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ifns.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0x0eedface Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xa6c Startzeit der fehlerhaften Anwendung: 0x01cd5ce0b9e9f83e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dateiesuche\app\ifns.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 01bde1bd-c8d4-11e1-a2b1-1c7508d6c9de
[ System Events ]
Error - 25.07.2012 13:37:05 | Computer Name = Sir_Kitty | Source = DCOM | ID = 10005
Description =
Error - 25.07.2012 13:39:14 | Computer Name = Sir_Kitty | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 25.07.2012 13:41:24 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 25.07.2012 13:41:24 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 25.07.2012 13:41:24 | Computer Name = Sir_Kitty | Source = DCOM | ID = 10005
Description =
Error - 25.07.2012 13:43:33 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 25.07.2012 13:46:04 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 25.07.2012 13:46:26 | Computer Name = Sir_Kitty | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
(Definition 1.131.548.0)
Error - 26.07.2012 00:47:21 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error - 26.07.2012 00:47:57 | Computer Name = Sir_Kitty | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
< End of report >
Ach ja ... der Log von Maleware Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.07.25.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: SIR_KITTY [Administrator] 26.07.2012 07:15:43 mbam-log-2012-07-26 (07-15-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 190126 Laufzeit: 1 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
26.07.2012, 15:52
| #2 |
| /// Helfer-Team  | gvu 2.07 Befall entfernen Windows 7. aber wie? Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :Processes
killallprocesses
:OTL
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2011.09.25 17:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.07.25 19:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions
[2012.01.06 01:58:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.25 19:51:40 | 000,525,861 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.06.29 14:26:04 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [Instant File Name Search] C:\Program Files (x86)\Dateiesuche\App\ifns.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\Shell - "" = AutoRun
O33 - MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\Shell - "" = AutoRun
O33 - MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\Diablo III Setup.exe"
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
[2012.07.25 19:34:36 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.26 06:55:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 06:55:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 06:50:09 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001UA.job
[2012.07.20 23:50:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001Core.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[emptyjava]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
26.07.2012, 15:55
| #3 |
| | gvu 2.07 Befall entfernen Windows 7. aber wie? Danke dir schon mal ...
__________________werde es Freitag Morgen, wenn ich zu Hause bin gleich "Patchen" ... was muss ich danach tun oder ist dann alles wieder wie es sein soll ? Gruß |
|
26.07.2012, 15:57
| #4 |
| /// Helfer-Team | gvu 2.07 Befall entfernen Windows 7. aber wie? Melde dich mit dem Log vom Fix und wir bereinigen weiter! |
|
27.07.2012, 06:06
| #5 |
| | gvu 2.07 Befall entfernen Windows 7. aber wie? So ... kurz vorm ins Bett gehen hab ich schnell den Fix vollzogen und wieder den User mit * versehen. Hab mir die logfile mal durchgelesen und da steht ziemlich oft "Not found", könnte gut oder nicht so gut sein :/ Danke für weitere Hilfe ---- All processes killed ========== PROCESSES ========== ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "www.google.de" removed from browser.startup.homepage Prefs.js: 0 removed from network.proxy.type 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found. File C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found. File C:\Users\Marthell Schiller\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found. Folder C:\Users\****\AppData\Roaming\mozilla\Extensions\ not found. Folder C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions\ not found. Folder C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\r8xijsa3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found. File C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI not found. File C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8XIJSA3.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate not found. File C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Instant File Name Search deleted successfully. File C:\Program Files (x86)\Dateiesuche\App\ifns.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully. File C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe not found. File move failed. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk scheduled to be moved on reboot. File C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe not found. File move failed. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51d1741b-084b-11e1-a68b-1c7508d6c9de}\ not found. File I:\Startme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e14c4d1-0dde-11e1-99e8-1c7508d6c9de}\ not found. File I:\Startme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad84065c-e5a8-11e0-a04e-806e6f6e6963}\ not found. File "F:\Diablo III Setup.exe" not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\SETUP.EXE not found. File C:\ProgramData\z7_0ytr.pad not found. File move failed. C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot. File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001UA.job not found. File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617621715-2026822915-685455752-1001Core.job not found. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\****\Desktop\cmd.bat deleted successfully. C:\Users\****\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: **** ->Temp folder emptied: 270074 bytes ->Temporary Internet Files folder emptied: 909162 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 7263247 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 789877 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 9,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: **** ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb HOSTS file reset successfully [EMPTYJAVA] User: All Users User: Default User: Default User User: **** ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.54.1 log created on 07272012_065752 Files\Folders moved on Reboot... File\Folder C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk not found! File\Folder C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk not found! C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully. C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully. File\Folder C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. PendingFileRenameOperations files... File C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk not found! File C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk not found! File C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 not found! File C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 not found! File C:\Users\Marthell Schiller\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! [2012.07.27 06:59:37 | 000,000,545 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5 Registry entries deleted on Reboot... UPDATE ... 1 Minute nach dem Logfile. Windows fenster ploppt auf "An Windows wurde eine nicht autorisierte Änderung vorgenommen" und dann wie wo was wer wieder "reparieren" kann ... Hab ich erstmal weggeklickt und wollte es nur ergänzen Gruß UPDATE ... sorry dafür ... aber unten rechts am Desktop, über der Uhr, steht jetzt: Windows 7 Build 7601 Die Echtheit dieser Windows-Kopie wurde noch nicht bestätigt Was hat es damit auf sich ? |
|
27.07.2012, 13:00
| #6 |
| /// Helfer-Team | gvu 2.07 Befall entfernen Windows 7. aber wie? Sehr gut!  Windows einfach neu aktivieren. Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> gvu 2.07 Befall entfernen Windows 7. aber wie? |
|
27.07.2012, 16:23
| #7 |
| | gvu 2.07 Befall entfernen Windows 7. aber wie? Vor dem Neustart und des entfernens der "befallenen Datein" Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.27.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Marthell Schiller :: SIR_KITTY [Administrator] 27.07.2012 14:37:01 mbam-log-2012-07-27 (14-37-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 473443 Laufzeit: 1 Stunde(n), 24 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 D:\Download\!! Unsortiert !!\SoftonicDownloader_for_k-lite-codec-pack.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Games\Alien Breed 3\Binaries\AlienBreed3Launcher.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) so ... hier is der adw log mit gesternten User Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/27/2012 at 17:27:50
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : **** - SIR_KITTY
# Running from : C:\Users\****\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\****\AppData\Local\Ilivid Player
Folder Found : C:\Users\****\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\****\AppData\Roaming\pdfforge
Folder Found : C:\ProgramData\boost_interprocess
***** [Registry] *****
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v20.0.1132.57
File : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "name": "Winamp Application Detector",
Found : "name": "Winamp Application Detector"
*************************
AdwCleaner[R1].txt - [1665 octets] - [27/07/2012 17:27:50]
########## EOF - C:\AdwCleaner[R1].txt - [1793 octets] ##########
Also, er ist im Startup etwas behebiger, evtl liegt es an Secunia, welches beim Start einen Suchlauf macht? Im allgemeinen ist er auch langsamer, das switchen zwischen Progs und der Auswahl mit der rechten Maustaste dauert etwas länger. Danke dir schonmal für eine Antwort  So und hier der adw log nach dem deleted Neustart Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/27/2012 at 17:33:48
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : **** - SIR_KITTY
# Running from : C:\Users\Marthell Schiller\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\****\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\****\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\****\AppData\Roaming\pdfforge
Folder Deleted : C:\ProgramData\boost_interprocess
***** [Registry] *****
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\r8xijsa3.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v20.0.1132.57
File : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted : "name": "Winamp Application Detector",
Deleted : "name": "Winamp Application Detector"
*************************
AdwCleaner[R1].txt - [1790 octets] - [27/07/2012 17:27:50]
AdwCleaner[R2].txt - [1850 octets] - [27/07/2012 17:33:39]
AdwCleaner[S1].txt - [1632 octets] - [27/07/2012 17:33:48]
########## EOF - C:\AdwCleaner[S1].txt - [1760 octets] ##########
|
|
27.07.2012, 17:16
| #8 |
| /// Helfer-Team | gvu 2.07 Befall entfernen Windows 7. aber wie? Sehr gut! Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
28.07.2012, 11:25
| #9 |
| | gvu 2.07 Befall entfernen Windows 7. aber wie? Hi, Bin eben erst nach Hause gekommen von der Nachtschicht. Ich stelle nen Log Morgen rein, muss jetzt erstmal ins bett. Gruß |
|
28.07.2012, 12:14
| #10 |
| /// Helfer-Team | gvu 2.07 Befall entfernen Windows 7. aber wie? Alles klar  |
|
29.07.2012, 11:54
| #11 |
| | gvu 2.07 Befall entfernen Windows 7. aber wie? Hi, da ist der Report und alles in Quarantäne. Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 29.07.2012 11:36:56
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 29.07.2012 11:37:20
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\Dreamweaver CS3\Files\configuration\JSExtensions\classes\JSBridge.dll gefunden: Trojan.Win32.FakeCog!E2
D:\Pictures\Wallpaper\100 hotties\Wallpaper Hottie 062.jpg gefunden: Trojan.Win32.Jpgiframe!E2
D:\Download\Office + Mix\PDFCreator-1_2_3_setup.exe gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
D:\Download\Games\Sacred2CleanerUtility.zip -> Sacred2CleanerUtility\SacredCleaner.exe gefunden: possible-Threat.Hacktool.Sacred2!E2
D:\Download\Games\Patches\Siedler\Siedler 5\random...zip -> gghz-sek v.1.1_tr.exe gefunden: Trojan.Win32.Orsam!E2
D:\Download\Games\Patches\Siedler\Siedler 5\random.zip -> gghz-Sedk.N_tr.exe gefunden: Trojan.SuspectCRC!E2
D:\Download\Flashtool\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar -> zergRush gefunden: Exploit.Linux.Lotoor!E2
D:\Download\Flashtool\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar gefunden: Exploit.Linux.Lotoor!E2
D:\Download\Flashtool\custom\root\zergrush.tar -> zergRush gefunden: Exploit.Linux.Lotoor!E2
D:\Download\Custom Rom Stuff\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar -> zergRush gefunden: Exploit.Linux.Lotoor!E2
D:\Download\Custom Rom Stuff\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar gefunden: Exploit.Linux.Lotoor!E2
D:\Custom Rom\Neo\Rooten\custom\root\zergrush.tar -> zergRush gefunden: Exploit.Linux.Lotoor!E2
D:\Custom Rom\Flashtool - APK install\custom\root\zergrush.tar -> zergRush gefunden: Exploit.Linux.Lotoor!E2
Gescannt 694632
Gefunden 14
Scan Ende: 29.07.2012 12:50:28
Scan Zeit: 1:13:08
D:\Download\Flashtool\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar -> zergRush Quarantäne Exploit.Linux.Lotoor!E2
D:\Download\Flashtool\custom\root\zergrush.tar -> zergRush Quarantäne Exploit.Linux.Lotoor!E2
D:\Download\Custom Rom Stuff\Flashtool-0.4.2full-nojre.exe -> custom\root\zergrush.tar -> zergRush Quarantäne Exploit.Linux.Lotoor!E2
D:\Custom Rom\Neo\Rooten\custom\root\zergrush.tar -> zergRush Quarantäne Exploit.Linux.Lotoor!E2
D:\Custom Rom\Flashtool - APK install\custom\root\zergrush.tar -> zergRush Quarantäne Exploit.Linux.Lotoor!E2
D:\Download\Games\Patches\Siedler\Siedler 5\random.zip -> gghz-Sedk.N_tr.exe Quarantäne Trojan.SuspectCRC!E2
D:\Download\Games\Patches\Siedler\Siedler 5\random...zip -> gghz-sek v.1.1_tr.exe Quarantäne Trojan.Win32.Orsam!E2
D:\Download\Games\Sacred2CleanerUtility.zip -> Sacred2CleanerUtility\SacredCleaner.exe Quarantäne possible-Threat.Hacktool.Sacred2!E2
D:\Download\Office + Mix\PDFCreator-1_2_3_setup.exe Quarantäne Riskware.Win32.Toolbar.Widgi.AMN!E1
D:\Pictures\Wallpaper\100 hotties\Wallpaper Hottie 062.jpg Quarantäne Trojan.Win32.Jpgiframe!E2
C:\Program Files (x86)\Dreamweaver CS3\Files\configuration\JSExtensions\classes\JSBridge.dll Quarantäne Trojan.Win32.FakeCog!E2
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1
Quarantäne 12
|
|
29.07.2012, 12:03
| #12 |
| /// Helfer-Team | gvu 2.07 Befall entfernen Windows 7. aber wie? Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
29.07.2012, 17:45
| #13 |
| | gvu 2.07 Befall entfernen Windows 7. aber wie? er ist dabei ... hat aber schon fast 1,5 h für C gebraucht ... dauert also bis ich da nen log poste |
|
29.07.2012, 18:18
| #14 |
| /// Helfer-Team | gvu 2.07 Befall entfernen Windows 7. aber wie? Alles klar |
|
30.07.2012, 14:40
| #15 |
| | gvu 2.07 Befall entfernen Windows 7. aber wie?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b23e8eeefb4ee0479ba8b52b2e7bf657
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-30 01:36:53
# local_time=2012-07-30 03:36:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 18640373 18640373 0 0
# compatibility_mode=5893 16776574 100 94 400468 95268270 0 0
# compatibility_mode=8192 67108863 100 0 259 259 0 0
# compatibility_mode=9217 16777214 0 13 26530180 26530182 0 0
# scanned=270095
# found=8
# cleaned=8
# scan_time=17014
D:\Download\Custom Rom Stuff\SuperOneClickv1.8-ShortFuse.Drivers.rar Android/Exploit.Lotoor.AK trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\Download\Custom Rom Stuff\SuperOneClickv1.8-ShortFuse.zip Android/Exploit.Lotoor.AK trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\Download\Flashtool\custom\root\psneuter.tar Android/Exploit.Lotoor.AK trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\Download\System\cnet_WDCFree_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Download\System\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Images + Installer\OperationSystem\WinXP - Halloween tnl.iso multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
E:\Images + Installer\OperationSystem\Windows XP PRO SP3.VistaVG.Black&Blue Ultimate Sty\Windows XP PRO SP3 VistaVG Black + Blue Ultimate Style + SATA-Raid (06-19-2008).iso probably a variant of Win32/Agent.GPRQLCR trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Images + Installer\OperationSystem\WinXP tnl (by Halloween)\XP-upload.iso multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
Wie gehts weiter?? Gruß |
|
| Themen zu gvu 2.07 Befall entfernen Windows 7. aber wie? |
| 7-zip, anderen, anti, arbeiten, battle.net, befall, diner dash, eingabe, entfernen, entfernen gvu, forum, freitag, gestartet, heute, install.exe, java, java update, kaspersky, launch, morgen, neuste, online games, packard bell, pando media booster, plug-in, posten, poweriso, problem, registry cleaner, rescue, safer networking, searchscopes, secunia psi, spybot, super, tan, update, usb 2.0, usb 3.0, version, virus, windows, wrapper, wscript.exe |
Linear-Darstellung
