| |
| |||||||
Log-Analyse und Auswertung: GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.07.2012, 00:52
| #1 |
| |  GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Hallo zusammen, ich versuche meiner guten Freundin zu helfen, nachdem sie sich wohl irgendwo den, so wie ich auf bka-trojaner.de herrausgefunden habe, GUV 2.07 Verschlüsselungstrojaner eingefangen hat. Dieser startet bei Ihr, sobald sich der Laptop mit einer Internetverbindung verbindet diese Meldung:  Die Meldung zeigt an, der Computer sei aus einem oder mehreren Gründen gesperrt, könne nur mit einer Zahlung von 100€ über Ukash entfernt werden, womit gleichzeitig Kosten von bis zu 250.000€ verhindert würden. Ich habe schon versucht, mithilfe des Taskmanagers heraus zu gelangen, dies scheint jedoch nicht möglich. Nach einem Neustart und dem Entfernen der Internetquelle tritt diese Meldung nicht mehr auf, bei späterem verbinden jedoch wieder. Nach einiger Recherche habe ich gelesen, dass der Virus zu entfernen ist, nachdem ich mein Problem hier beschreibe, es auf bka-trojaner.de identifiziere und als ersten Schritt die Malwarebytes' Anti-Malware Logfile eines vollständigen Suchlaufs speichere uind hier poste. Bei diesem Suchlauf wurden gefunden:
Logfile Malwarebytes' Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.23.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 G61025 :: G61025-HP [Administrator] Schutz: Aktiviert 27.07.2012 18:28:58 mbam-log-2012-07-28 (01-04-30).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 380830 Laufzeit: 1 Stunde(n), 8 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\G61025\AppData\Local\Temp\4305670cos2021236.exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\G61025\AppData\Local\Temp\4305670cos2021236.exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt. C:\Users\G61025\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 28.07.2012 01:31:17 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\G61025\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,95 Gb Total Physical Memory | 3,86 Gb Available Physical Memory | 64,96% Memory free 11,90 Gb Paging File | 9,49 Gb Available in Paging File | 79,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,23 Gb Total Space | 484,47 Gb Free Space | 83,35% Space Free | Partition Type: NTFS Drive D: | 14,64 Gb Total Space | 1,81 Gb Free Space | 12,33% Space Free | Partition Type: NTFS Drive G: | 7,49 Gb Total Space | 7,13 Gb Free Space | 95,13% Space Free | Partition Type: FAT32 Computer Name: G61025-HP | User Name: G61025 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.28 01:23:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\G61025\Desktop\OTL.exe PRC - [2012.05.04 07:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.05.04 07:36:58 | 000,955,792 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe PRC - [2012.05.01 08:02:14 | 000,695,296 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\DeviceManager.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.03.28 22:11:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\ConnectionManager.exe PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.08.09 20:06:05 | 001,599,376 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe PRC - [2011.08.02 15:18:02 | 001,407,336 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.12.13 13:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2010.12.10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2010.11.23 20:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.11.23 20:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.09 16:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.11.09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.09.14 04:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.09.14 04:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe ========== Modules (No Company Name) ========== MOD - [2012.07.26 21:18:12 | 000,264,104 | ---- | M] () -- C:\Users\G61025\AppData\Local\Temp\4305670cos2021236.exe MOD - [2012.06.13 19:39:12 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll MOD - [2012.06.13 19:25:25 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012.06.13 19:25:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.13 19:04:23 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.06.13 19:04:12 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.06.13 19:04:08 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.06.13 19:04:01 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.06.13 19:04:00 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.06.13 18:55:14 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.13 18:54:15 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.13 18:53:52 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.05.14 12:35:20 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll MOD - [2012.05.14 12:34:50 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.14 12:33:14 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.05.14 12:31:59 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll MOD - [2012.05.12 10:02:27 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.12 10:02:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.12 10:02:10 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll MOD - [2012.05.12 10:02:10 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012.05.12 10:02:09 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.12 10:01:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.12 10:01:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.12 10:01:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.12 10:01:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.12 10:01:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.11 23:09:19 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 23:06:26 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.11 23:06:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.11 23:06:19 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.05.11 23:06:18 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.11 23:06:13 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.05.02 11:21:26 | 000,080,384 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FileService.dll MOD - [2012.05.02 02:50:02 | 014,187,008 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Theme\Kies.Theme.dll MOD - [2012.05.02 02:49:20 | 000,514,560 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.UI.dll MOD - [2012.05.02 02:49:10 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll MOD - [2012.05.02 02:48:26 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\MVVM\Kies.MVVM.dll MOD - [2012.05.01 08:02:56 | 000,048,128 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\ASF_cSharpAPI.dll MOD - [2012.03.28 22:12:04 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\System.Data.SQLite.dll MOD - [2012.03.28 22:12:00 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll MOD - [2012.03.28 22:11:58 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\drmcm.dll MOD - [2012.03.28 22:11:28 | 000,720,896 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\MediaModules\LDBCShConv.dll MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.01.04 23:08:58 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2011.01.04 23:08:43 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2011.01.04 23:08:43 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll MOD - [2011.01.04 23:08:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2011.01.04 23:08:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.12.18 01:32:48 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.26 23:21:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.12.14 00:04:46 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2010.11.23 20:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.11.23 20:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.14 04:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.08.05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010.07.21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011.07.23 18:41:07 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.07.21 12:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.21 12:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.18 02:04:50 | 008,121,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.12.18 00:55:34 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.12.17 04:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.14 00:04:48 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.12.10 23:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.12.08 23:30:00 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2010.11.29 07:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.11.29 07:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.28 13:54:56 | 002,562,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwx.sys -- (AR5416) DRV:64bit: - [2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.09.03 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {04687DAA-E1C5-4521-A3F1-D730363A5C0C} IE - HKCU\..\SearchScopes\{04687DAA-E1C5-4521-A3F1-D730363A5C0C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{4B7697CE-2181-4521-A490-FF213DB5FDE4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=33D0C410-AEC1-43DB-9A48-963C1842A2FD&apn_sauid=E07C495A-DC3E-4714-8928-EC64C6866649 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\G61025\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 23:21:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 23:21:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.16 16:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G61025\AppData\Roaming\mozilla\Extensions [2012.07.25 18:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions [2012.03.29 18:22:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.16 16:26:47 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.07.25 18:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged [2012.05.01 21:18:21 | 000,002,408 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\askcom.xml [2012.07.20 11:39:04 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-1.xml [2012.02.12 22:21:11 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-10.xml [2012.02.17 11:36:06 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-11.xml [2012.02.21 12:43:56 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-12.xml [2012.03.23 07:07:40 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-13.xml [2012.03.29 19:18:23 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-14.xml [2012.06.26 23:21:23 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-15.xml [2011.09.15 14:20:39 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-2.xml [2011.10.06 20:39:05 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-3.xml [2011.10.14 21:16:57 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-4.xml [2011.11.06 23:40:10 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-5.xml [2011.11.14 00:00:45 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-6.xml [2011.11.29 16:56:31 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-7.xml [2012.01.10 19:01:41 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-8.xml [2012.02.02 23:10:12 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin-9.xml [2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin.gif [2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin.src [2011.09.06 18:42:18 | 000,000,950 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\icqplugin.xml [2012.05.05 09:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.09.02 15:56:55 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.26 23:21:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.26 23:21:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.26 23:21:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.26 23:21:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 23:21:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.16 16:26:45 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2012.06.26 23:21:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 23:21:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\G61025\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Click to call with Skype = C:\Users\G61025\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\G61025\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.23.97.3 212.23.97.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A7C3476-6DD5-49B1-8D41-28488C850E6E}: DhcpNameServer = 192.168.24.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B28CDBDD-A4F2-47DA-B4E2-7A8C6B062BD6}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD15D9B5-B724-446C-A5DB-5ED9DF715ABF}: DhcpNameServer = 212.23.97.3 212.23.97.2 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\datamngr.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\iebho.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.28 01:29:25 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\G61025\Desktop\OTL.exe [2012.07.28 01:28:57 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{5AAF2796-F917-4EFA-8A0D-B910896E9F75} [2012.07.27 11:11:11 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{D323BB42-DED5-44A2-8296-7C32F658FDFD} [2012.07.27 11:03:45 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Roaming\Malwarebytes [2012.07.27 11:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.27 11:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.27 11:03:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.27 11:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.27 10:59:59 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{076B1769-392D-4A6C-879C-13E940C8E7B1} [2012.07.26 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{59A1B645-BC2C-4574-840E-88E5DBB2F14A} [2012.07.26 21:21:59 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{90D74147-4432-4C1A-9CE5-F41BF47E3B92} [2012.07.26 21:21:46 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{86131828-613B-4836-876D-4FE80EA2CB06} [2012.07.25 18:48:21 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{FFF1F01F-4561-4580-9DBC-D5491FF21B8B} [2012.07.25 18:48:10 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{159FBE77-7867-400F-A913-5944F8434F2C} [2012.07.23 20:22:30 | 000,000,000 | ---D | C] -- C:\Users\G61025\Desktop\Fahrradtour [2012.07.22 21:01:59 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{B48FC96E-858A-46A4-952E-27B40264CCC9} [2012.07.22 21:01:47 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{C535CF2A-54BF-4293-B07B-3FE4C9D500DD} [2012.07.22 00:30:33 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{0BE89C16-DCEC-4CED-B9B9-05949B144421} [2012.07.22 00:30:22 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{6EA3C282-1476-4C4D-8177-0DB1E82B1005} [2012.07.21 19:01:07 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{48D6333F-602D-4F8C-A960-024E1C0084BB} [2012.07.21 19:00:56 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{4C363753-0713-4597-9AE1-EFBB7EBD05E5} [2012.07.09 13:23:30 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{8F60DCFB-8817-4DAD-9C13-1DF7569F2D05} [2012.07.09 13:23:18 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{71E5766E-4BB5-4D06-ABBB-4FF8F44FD4F5} [2012.07.08 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{774BE43D-8F9D-498A-9408-3EA75711C694} [2012.07.08 14:41:32 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{E94575D1-343D-4F3E-9CA6-7F98DB81CA98} [2012.07.07 18:51:45 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{2CBC4775-EE7B-48F8-9691-8F4E16CF2823} [2012.07.07 18:51:33 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{5A590A56-B76B-4AA5-99C9-19FF21A85779} [2012.07.07 14:07:43 | 000,000,000 | ---D | C] -- C:\Users\G61025\Desktop\Abiball [2012.07.06 15:37:47 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{5EAC280D-CBF0-461D-9285-2E1C03BBF752} [2012.07.06 15:37:35 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{913EDE17-29DB-46A2-94A1-56EB65B06DCA} [2012.07.03 11:50:22 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{45BC51BD-E838-4153-94B2-00E4DAF08F64} [2012.07.02 11:46:49 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{6D400E29-BEBB-40D6-9A27-AD195853783C} [2012.07.02 11:46:38 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{7C8F0DFB-6D63-477A-A22C-508F77CAFA05} [2012.07.01 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\G61025\Documents\Piano [2012.07.01 17:10:52 | 000,000,000 | ---D | C] -- C:\Users\G61025\Documents\Own Stories [2012.07.01 17:08:03 | 000,000,000 | ---D | C] -- C:\Users\G61025\Documents\Abi [2012.07.01 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\G61025\Documents\Schule [2012.07.01 17:06:54 | 000,000,000 | ---D | C] -- C:\Users\G61025\Documents\Uni [2012.06.29 09:16:36 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{886EFB78-654E-408A-B2E0-5B1883627E3A} [2012.06.29 09:16:25 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{D2A1C09C-2395-42F5-86AD-FEAA0FA0BF8F} [2012.06.28 17:35:23 | 000,000,000 | ---D | C] -- C:\Users\G61025\AppData\Local\{F9732486-E580-4AD6-9651-0193B94D4B4B} [1 C:\Users\G61025\Documents\*.tmp files -> C:\Users\G61025\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.28 01:35:28 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.28 01:35:28 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.28 01:28:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.28 01:28:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.28 01:27:33 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2012.07.28 01:26:24 | 000,000,188 | ---- | M] () -- C:\Users\G61025\defogger_reenable [2012.07.28 01:23:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\G61025\Desktop\OTL.exe [2012.07.28 01:22:52 | 000,050,477 | ---- | M] () -- C:\Users\G61025\Desktop\Defogger.exe [2012.07.28 01:08:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.28 00:58:05 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3514906336-215413780-1860534044-1000UA.job [2012.07.27 18:23:16 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.27 18:23:16 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.27 18:23:16 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.27 18:23:16 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.27 18:23:16 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.27 12:58:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3514906336-215413780-1860534044-1000Core.job [2012.07.27 11:07:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\6321202soc0765034.pad [2012.07.27 11:06:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [2012.07.27 11:03:37 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.26 21:18:12 | 000,001,953 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.22 21:11:10 | 000,258,950 | ---- | M] () -- C:\Users\G61025\Desktop\IMG_6267.JPG [2012.07.22 02:27:13 | 000,152,730 | ---- | M] () -- C:\Users\G61025\Documents\Hamburg.wlmp [2012.07.22 00:59:24 | 000,007,345 | ---- | M] () -- C:\Users\G61025\Desktop\SharePodSettings.xml [2012.07.21 23:58:25 | 000,504,038 | ---- | M] () -- C:\Users\G61025\Desktop\sqlite3.dll [2012.07.14 11:38:15 | 000,416,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.13 12:50:24 | 000,002,352 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.11 00:03:10 | 002,833,168 | ---- | M] () -- C:\Users\G61025\Desktop\2012-01-06 13.09.36.jpg [2012.07.02 20:15:28 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForG61025.job [2012.07.02 11:53:34 | 000,598,837 | ---- | M] () -- C:\Users\G61025\Desktop\2012-06-30 16.57.48.jpg [1 C:\Users\G61025\Documents\*.tmp files -> C:\Users\G61025\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.28 01:26:24 | 000,000,188 | ---- | C] () -- C:\Users\G61025\defogger_reenable [2012.07.28 01:25:59 | 000,050,477 | ---- | C] () -- C:\Users\G61025\Desktop\Defogger.exe [2012.07.27 11:06:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [2012.07.27 11:03:37 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.26 21:18:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\6321202soc0765034.pad [2012.07.26 21:18:12 | 000,001,953 | ---- | C] () -- C:\Users\G61025\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.22 21:11:10 | 000,258,950 | ---- | C] () -- C:\Users\G61025\Desktop\IMG_6267.JPG [2012.07.22 02:27:13 | 000,152,730 | ---- | C] () -- C:\Users\G61025\Documents\Hamburg.wlmp [2012.07.21 23:58:25 | 000,504,038 | ---- | C] () -- C:\Users\G61025\Desktop\sqlite3.dll [2012.07.21 23:57:18 | 000,007,345 | ---- | C] () -- C:\Users\G61025\Desktop\SharePodSettings.xml [2012.07.11 00:03:10 | 002,833,168 | ---- | C] () -- C:\Users\G61025\Desktop\2012-01-06 13.09.36.jpg [2012.07.02 11:53:34 | 000,598,837 | ---- | C] () -- C:\Users\G61025\Desktop\2012-06-30 16.57.48.jpg [2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.07.31 13:16:45 | 000,007,680 | ---- | C] () -- C:\Users\G61025\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.23 17:35:48 | 000,241,119 | ---- | C] () -- C:\Windows\hpwins28.dat [2011.07.07 11:17:53 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.09 03:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.09 02:58:22 | 000,002,901 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.05.09 02:54:20 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.01.04 15:20:54 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2011.01.04 15:14:31 | 000,009,644 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2010.12.02 00:12:44 | 000,002,901 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.11.29 07:21:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2010.11.29 07:21:28 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2010.11.29 07:21:28 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2010.09.24 15:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== LOP Check ========== [2011.08.16 16:28:02 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\Bandoo [2011.07.23 18:44:58 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\DAEMON Tools Lite [2012.03.29 21:22:04 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\Free Audio Editor [2011.08.07 18:39:12 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\GARMIN [2011.08.28 23:51:49 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\ICQ [2011.10.28 20:40:02 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\Origin [2011.06.16 09:30:53 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\PictureMover [2012.05.09 14:02:08 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\Samsung [2012.03.24 23:52:55 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\SharePod [2011.07.23 18:07:43 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\SoftGrid Client [2011.06.16 09:29:50 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\Synaptics [2011.12.20 20:26:08 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\TeamViewer [2012.05.09 21:01:55 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\Temp [2011.09.30 20:13:16 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\Windows Live Writer [2011.07.23 18:29:45 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\ZumoDrive [2011.07.23 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\G61025\AppData\Roaming\_MDLogs [2012.07.27 12:58:01 | 000,001,120 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3514906336-215413780-1860534044-1000Core.job [2012.07.28 00:58:05 | 000,001,142 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3514906336-215413780-1860534044-1000UA.job [2012.03.29 18:20:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.07.2012 01:31:17 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\G61025\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,95 Gb Total Physical Memory | 3,86 Gb Available Physical Memory | 64,96% Memory free
11,90 Gb Paging File | 9,49 Gb Available in Paging File | 79,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,23 Gb Total Space | 484,47 Gb Free Space | 83,35% Space Free | Partition Type: NTFS
Drive D: | 14,64 Gb Total Space | 1,81 Gb Free Space | 12,33% Space Free | Partition Type: NTFS
Drive G: | 7,49 Gb Total Space | 7,13 Gb Free Space | 95,13% Space Free | Partition Type: FAT32
Computer Name: G61025-HP | User Name: G61025 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0761FBC1-F3E1-49A0-9975-D08DC7D342C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{14D5ED6D-52A1-4962-9F3E-BA18DC490887}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{15713408-0755-4336-B0CB-05007CDEEDC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E7660A0-235D-4DDB-8CE1-C7CED76E7A72}" = rport=138 | protocol=17 | dir=out | app=system |
"{1FCE4BBA-8B79-4C95-AF7E-D407269E4C5F}" = lport=137 | protocol=17 | dir=in | app=system |
"{224C0BC4-4D48-474C-9A41-5EA6DBE0A980}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{256D1043-DE92-4EFE-994F-20E6A57194ED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CE7D9E9-D696-44C1-A91A-EC4FB15AA3BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{430431F8-66ED-4299-80C0-B77E30E563C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{4A7D98D5-55A6-4B12-BE85-9C66CB701459}" = rport=445 | protocol=6 | dir=out | app=system |
"{63F68018-22C0-49BB-BE18-98DAE91E2CC7}" = rport=139 | protocol=6 | dir=out | app=system |
"{6BE50DCB-F91B-411C-9CEF-7B902D3380AD}" = rport=137 | protocol=17 | dir=out | app=system |
"{73E45824-2AE8-4CC2-8280-61924AD91AD7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73F97483-4EA8-4A30-A3E4-95FF1DA756B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{758334FE-B36B-476D-9A9A-4B01D14F4CE7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90213E9A-9DFD-4370-9983-DF9BD773F87B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{9BB44266-06E4-4464-AB53-531100069A76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0E56CF2-531E-485C-9BF2-50019057051C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A66E27A5-596C-4FF4-88A0-0C3721823F94}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AC1D9D86-552F-4263-8F15-06018444647B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAC4BADF-5890-492A-80BD-517B1E9E6C0A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{C3E9BFEB-1599-4115-8222-EF727B53413D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C8090A5B-95BE-47BE-890F-ED6FD06AB994}" = lport=138 | protocol=17 | dir=in | app=system |
"{D81ACD18-C8F6-4100-B105-F79A08233B49}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E0F42AA3-B7AF-4724-BA44-E63C891453DE}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{F1DFCB1A-2FF5-4314-88B6-EF3729FC2632}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037B2F3D-5101-4E71-9B18-39717F2219D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{0A385F00-943A-4C64-91E2-01737A14F614}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{0A67C580-D63A-4781-AC6D-7713A675206B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{0AD469AF-5E5F-4451-89A5-D9FA6B6F2A1B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{0CDDF7AD-49C7-4934-A3BE-8CFCA088FB57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{10C21835-ACBC-4C00-86C1-C152BF922D42}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{202B6952-BA62-4517-94BE-3F1FB126161F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{232697BC-B164-4F93-9C62-207CA8336F67}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{26BEBAFA-3647-4584-9614-C9BD57BAC4FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CEAAF98-1957-4CA9-9F1A-BEA1E0D3BF52}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{32BEE21B-B794-4CC1-9D8C-711CCE2BD2C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3315FCE4-B59C-4119-B9EF-BAB78F6459DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{3396389A-82FD-4268-AB2A-BADCE96B25D3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{39183AB8-5E1B-40BF-B1A2-35836E57DF23}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3CBAB1E6-0659-4DBD-A897-1CCA86420BA0}" = dir=in | app=c:\users\g61025\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{418A5FEB-56BD-4B5B-8679-A1C9F7AA8176}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43550D0B-2E22-4B82-BDF3-3A39BAE2258E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{43DB08A2-2551-4CEC-AC58-F8E03CF052E4}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{46FE0FD6-FB05-42B6-BE37-96371968707C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4919A5E0-7AA4-4421-A57C-066E806C825E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{499E3283-D32E-4F08-8C4A-CE8353F755B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{4CE7E24D-42EC-45C2-8C37-61E7F5CFF9D0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FFF7CC8-F637-483F-98AC-B961FF6A055E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5B1BFE09-5396-4658-9D05-C4E9288F0C74}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6336A23F-07D4-4B99-933E-AABC8C96EBD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{6D5439A9-0961-40E3-9B33-1EFC5BE3AF9F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6E7F3BFC-CCFF-4B8D-AA32-998EAE2DB046}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{6E87C5B7-A0B3-4823-8E17-64C7C2B04F44}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6E99D939-B541-4B8E-8754-3287E19ABC3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{709CBEBF-A2A1-42BF-9287-C253239F4DDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7255CD63-B7F6-4BEA-A8DE-DE2D5C325230}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73B1D033-9EF2-4EDB-A257-4CF2D65D5560}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{74CD4EF6-E74F-45CA-A085-13086A2FA8FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{7C5C2E0F-A1F6-4569-BF33-55D23802D16B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{80DE1D7F-B677-422A-B251-5D957D7ABE46}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{86181056-9BA9-4DA6-8929-15CA16B985C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{86B65763-CE4E-4314-A386-3A7AD3968829}" = dir=in | app=e:\setup\hpznui40.exe |
"{86C367FF-3B78-4DA1-B77E-913DE6B0F91D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{8C134D13-BB4B-4470-B4AC-B1A5BEF470F4}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{8C4E8221-5982-4242-8C69-575DD96F3971}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8DF4742D-9447-4877-9231-C37459235660}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8F79875F-71F7-4DF7-91FE-CDF66889CC50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{95794DD3-63FB-429C-84A2-F31EE5A73AB8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9D29C41E-909D-4F63-AA00-C998B7534874}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{9FF7CCEB-A566-4130-9C0F-5F4794B3E066}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A150E9BE-8E4A-42BB-AC7D-14CEE0BA5BCA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{A50F462D-DA62-4254-8A1A-73BD9A3409FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6DC50BF-0B9B-4A92-B150-035D4CBA624F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA9996EA-715E-4CFA-8FA3-67A7B1C97268}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{B1821B36-B456-4DB9-9617-490E7410B238}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{B4C56729-C85F-4CBD-A13E-E234012BF33A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1DF73FD-A63D-4DE0-972C-0EBCB53FBFBB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CBEE9C1B-EEB3-421D-8A8F-07AEEA0773FA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CFBDD6A2-0ACE-4C4E-87DA-546E9C3FA553}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D61694F6-8356-40B1-8CB5-A08BC328DD4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DCC95CB2-F19E-454F-9BA8-4703510229E6}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{DED2003F-C7D6-4971-91F2-4DA07A20380A}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{E36C906C-EC02-4ED4-B3AD-A90AAAE1DEB5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{EC632D7C-3831-4E65-8B50-F422C4C7306C}" = protocol=6 | dir=out | app=system |
"{F72DE559-A48C-4C0A-9185-C01093A59510}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FAB2271B-BB76-406D-9699-F8BF6512B59E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FB19A0C0-A9A2-4A70-98A7-EFE4038E671A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{1C03A35F-8983-4B8C-BF33-92C3DDB46594}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{6EAE1DA0-9135-4DE3-8E6B-F21FDAB7BC45}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{3FBEC47D-B114-493C-B948-82A087EC284B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{74BCED07-1E5A-4F97-9782-5DAC8DDDA31B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0A6BB10-CC5D-BDB8-6EF6-F9817F9CBECE}" = ATI Catalyst Install Manager
"{D2458705-A810-63B8-0FD5-C0DB30F1294A}" = ccc-utility64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033FB210-6390-F594-691B-336F34197698}" = CCC Help Finnish
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22C8EC80-0866-4122-A9D3-0C89B35CD358}" = Catalyst Control Center Profiles Mobile
"{2483ABA1-192F-40A1-97EE-CEC79638C65D}" = HP Software Framework
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2E98073C-A62D-2C9E-3729-3ABFDC23EA26}" = CCC Help Portuguese
"{2EEA0953-E1BB-595A-9C97-5299F17F4FCE}" = CCC Help Polish
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EFEA7DE-A061-1B59-1AF7-24457B5376F8}" = CCC Help Korean
"{53CD60C7-12F9-420D-A9BF-EC8D815475A9}" = HP Documentation
"{5486C37D-73E8-4C31-A3FA-D796494F8286}" = Catalyst Control Center - Branding
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69C8F9B7-61D9-9AAE-9788-46FBA690C927}" = CCC Help Thai
"{6A068745-2B19-9131-2337-3987B7EE2139}" = CCC Help Chinese Standard
"{6A440BB0-FCBB-1894-91DF-CC77D3552676}" = CCC Help Dutch
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7607DD9E-FA07-AD76-CEAB-174EA6B6EFC6}" = CCC Help Russian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F6E16CA-6157-4B67-962F-2B501A8C8EA6}" = Garmin Lifetime Updater
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{81A9D294-775E-4535-F2AC-82AC8BD5F314}" = CCC Help Chinese Traditional
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{878DD5CB-4723-D481-E75B-16D5E4B14EB4}" = CCC Help French
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89857FF8-4D1C-1628-13C2-6EB7A2226302}" = Catalyst Control Center InstallProxy
"{8BFA58D0-D782-8F29-DF73-01658852C812}" = CCC Help Spanish
"{8C02EB1E-1C4B-B42E-8104-3D372C08FDBD}" = PX Profile Update
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{912FFBD2-DAB4-D1BC-F29D-D9A0667818F3}" = CCC Help German
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A69CF711-D6DD-4BE3-A172-E1E7863715DB}" = CCC Help Czech
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD1D0003-239E-D78B-0714-9EB950932861}" = CCC Help Japanese
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BCC34B21-6BEC-C785-D4EC-C323D73974D1}" = CCC Help Italian
"{BD185B24-9653-4C3E-EC62-2232D825E40C}" = CCC Help Danish
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE36E13E-6A81-9B81-F4AC-FB03465043FC}" = Catalyst Control Center Localization All
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D2CC53-8327-740B-31B2-DE7B0CBF5CCC}" = ccc-core-static
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{C7D00998-8CC9-C0E0-EFC0-8DB857D3749C}" = CCC Help English
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5192A10-F4FB-EC5C-CB00-41448A6664E2}" = CCC Help Greek
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22C1F3D-1B96-4A87-0419-58475A6BDD85}" = CCC Help Norwegian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EC584A7F-943B-0E0F-0112-C4CF47619E18}" = CCC Help Hungarian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FF3357CE-5663-8C90-33E8-E04BD1BB69FF}" = CCC Help Swedish
"{FFB81EF3-CAB3-1A6F-D816-51079C4C057C}" = Catalyst Control Center Graphics Previews Common
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio Editor_is1" = Free Audio Editor v9.0.1
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"Picasa 3" = Picasa 3
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"TeamViewer 7" = TeamViewer 7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"x" = x
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.03.2012 14:46:00 | Computer Name = G61025-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.03.2012 14:46:00 | Computer Name = G61025-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3025639
Error - 08.03.2012 14:46:00 | Computer Name = G61025-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3025639
Error - 08.03.2012 14:46:01 | Computer Name = G61025-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.03.2012 14:46:01 | Computer Name = G61025-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3026637
Error - 08.03.2012 14:46:01 | Computer Name = G61025-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3026637
Error - 08.03.2012 14:46:02 | Computer Name = G61025-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.03.2012 14:46:02 | Computer Name = G61025-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3027636
Error - 08.03.2012 14:46:02 | Computer Name = G61025-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3027636
Error - 08.03.2012 14:46:03 | Computer Name = G61025-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ HP Wireless Assistant Events ]
Error - 16.06.2011 11:50:44 | Computer Name = G61025-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 16.06.2011 11:51:52 | Computer Name = G61025-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 16.06.2011 11:53:00 | Computer Name = G61025-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 16.06.2011 11:54:07 | Computer Name = G61025-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 16.06.2011 11:55:15 | Computer Name = G61025-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 16.06.2011 11:56:23 | Computer Name = G61025-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 16.06.2011 11:57:30 | Computer Name = G61025-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 16.06.2011 11:58:38 | Computer Name = G61025-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 12.10.2011 15:10:55 | Computer Name = G61025-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 12.10.2011 15:10:56 | Computer Name = G61025-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
[ System Events ]
Error - 27.07.2012 05:01:16 | Computer Name = G61025-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 27.07.2012 05:09:52 | Computer Name = G61025-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?07.?2012 um 11:07:47 unerwartet heruntergefahren.
Error - 27.07.2012 05:11:01 | Computer Name = G61025-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst HPWMISVC erreicht.
Error - 27.07.2012 05:11:12 | Computer Name = G61025-HP | Source = DCOM | ID = 10005
Description =
Error - 27.07.2012 05:11:12 | Computer Name = G61025-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 27.07.2012 05:11:12 | Computer Name = G61025-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 27.07.2012 05:12:14 | Computer Name = G61025-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 27.07.2012 19:24:09 | Computer Name = G61025-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error - 27.07.2012 19:24:11 | Computer Name = G61025-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error - 27.07.2012 19:30:23 | Computer Name = G61025-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
Ich würde mich sehr über eure Hilfe freuen! (: Danke im voraus, Sample43 Geändert von Sample43 (28.07.2012 um 00:56 Uhr) Grund: Fehlendes Leerzeichen |
|
28.07.2012, 14:37
| #2 |
| /// Helfer-Team  | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - [2012.07.26 21:18:12 | 000,264,104 | ---- | M] () -- C:\Users\G61025\AppData\Local\Temp\4305670cos2021236.exe
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {04687DAA-E1C5-4521-A3F1-D730363A5C0C}
IE - HKCU\..\SearchScopes\{04687DAA-E1C5-4521-A3F1-D730363A5C0C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{4B7697CE-2181-4521-A490-FF213DB5FDE4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=33D0C410-AEC1-43DB-9A48-963C1842A2FD&apn_sauid=E07C495A-DC3E-4714-8928-EC64C6866649
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2011.08.16 16:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G61025\AppData\Roaming\mozilla\Extensions
[2012.07.25 18:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions
[2012.03.29 18:22:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.16 16:26:47 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.07.25 18:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\G61025\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - Extension: Click to call with Skype = C:\Users\G61025\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
[2012.07.27 11:07:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\6321202soc0765034.pad
[2012.07.26 21:18:12 | 000,001,953 | ---- | M] () -- C:\Users\G61025\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.28 01:08:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.28 00:58:05 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3514906336-215413780-1860534044-1000UA.job
[2012.07.27 12:58:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3514906336-215413780-1860534044-1000Core.job
[2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
:Files
C:\Users\G61025\AppData\Local\Temp\4305670cos2021236.exe
C:\Users\G61025\AppData\Local\Temp\
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
28.07.2012, 15:25
| #3 |
| | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Danke für's Willkommen und die schnelle Antwort (;
__________________Gerade die Anleitung durchgeführt. Während der Ausführung des Scrips durch OTL hat sich plötzlich der Internet Explorer geöffnet. Ich weiß nicht, ob dies etwas mit dem Virus zutun haben könnte und erwähne es deshalb einfach mal. Das Script lief durch und hat mir nach Fertigstellung den Neustart angeboten (ablehntbar ist er nicht). Durchgeführt! Nach dem Neustart kam sofort die Fehlermeldung eines DDL-Programms, ein Modul konnte nicht gefunden oder ausgeführt werden. Hiernach wurde mir diese Logfile angezeigt: Logfile 07282012_160239.log Code:
ATTFilter All processes killed
========== OTL ==========
Releasing module C:\Users\G61025\AppData\Local\Temp\4305670cos2021236.exe
C:\Users\G61025\AppData\Local\Temp\4305670cos2021236.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04687DAA-E1C5-4521-A3F1-D730363A5C0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04687DAA-E1C5-4521-A3F1-D730363A5C0C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B7697CE-2181-4521-A490-FF213DB5FDE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B7697CE-2181-4521-A490-FF213DB5FDE4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "google.de" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Users\G61025\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged folder moved successfully.
C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions folder moved successfully.
Folder C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Folder C:\Users\G61025\AppData\Roaming\mozilla\Firefox\Profiles\seis8rw4.default\extensions\staged\ not found.
C:\Users\G61025\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll moved successfully.
C:\Users\G61025\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\6321202soc0765034.pad moved successfully.
C:\Users\G61025\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3514906336-215413780-1860534044-1000UA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3514906336-215413780-1860534044-1000Core.job moved successfully.
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\G61025\AppData\Local\Temp\4305670cos2021236.exe not found.
C:\Users\G61025\AppData\Local\Temp\~DEST folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{EB588FC7-B360-41B5-991F-3E353D8459DF} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DF2E4D11-8435-4651-A7EC-FDA8792CFCC9}\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DF2E4D11-8435-4651-A7EC-FDA8792CFCC9} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DECF93B2-293C-471D-9803-EB508CD7F814}\Disk1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DECF93B2-293C-471D-9803-EB508CD7F814} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DD8B5A6C-251B-414E-90A9-AB15BA9C32C0}\Disk1\Support\Readme folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DD8B5A6C-251B-414E-90A9-AB15BA9C32C0}\Disk1\Support folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DD8B5A6C-251B-414E-90A9-AB15BA9C32C0}\Disk1\GameData\Shared\NonPackaged folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DD8B5A6C-251B-414E-90A9-AB15BA9C32C0}\Disk1\GameData\Shared folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DD8B5A6C-251B-414E-90A9-AB15BA9C32C0}\Disk1\GameData folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DD8B5A6C-251B-414E-90A9-AB15BA9C32C0}\Disk1\Game\Bin\StaticPages folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DD8B5A6C-251B-414E-90A9-AB15BA9C32C0}\Disk1\Game\Bin\bin folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DD8B5A6C-251B-414E-90A9-AB15BA9C32C0}\Disk1\Game\Bin folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DD8B5A6C-251B-414E-90A9-AB15BA9C32C0}\Disk1\Game folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DD8B5A6C-251B-414E-90A9-AB15BA9C32C0}\Disk1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{DD8B5A6C-251B-414E-90A9-AB15BA9C32C0} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{D9FCC818-5828-42B8-9160-ABDF7C510BB9}\{7644E42D-B096-457F-8B5B-901238FC81AE} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{D9FCC818-5828-42B8-9160-ABDF7C510BB9} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{D7B89BDF-C2D7-4796-8929-DBC9FEFC2AF7}\Disk1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{D7B89BDF-C2D7-4796-8929-DBC9FEFC2AF7} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{D7376DF6-53F2-45E0-977A-FA7272284BB6}\Disk1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{D7376DF6-53F2-45E0-977A-FA7272284BB6} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{D4DE2428-336E-4B4F-8D44-B65E9C09E60C}\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{D4DE2428-336E-4B4F-8D44-B65E9C09E60C} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{CD3A52AA-D486-4886-B1AE-09DB5A8DB7B2}\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{CD3A52AA-D486-4886-B1AE-09DB5A8DB7B2} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{C8729E78-9DB6-4995-B58A-9EB6C72CF107} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{C7D371EB-33E4-4CB3-BAFB-4D524E7F35DA}\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{C7D371EB-33E4-4CB3-BAFB-4D524E7F35DA} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{C3ADEAE2-7CDA-46C2-85CC-698D4C4EBE22} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{C2DF7BA8-9B56-4022-AD8B-F18105260F2E}\{C3A32068-8AB1-4327-BB16-BED9C6219DC7} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{C2DF7BA8-9B56-4022-AD8B-F18105260F2E} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{C062083C-AA36-4241-8DB3-873DA2346D18} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{BB7F8CFE-8C01-4FCA-97A3-6175190AF1B1}\Disk1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{BB7F8CFE-8C01-4FCA-97A3-6175190AF1B1} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{b2c272c1-8027-4c97-81bc-da423cce7249} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{B1B4839B-5704-4548-B687-0F6BAD3E0B42}\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{B1B4839B-5704-4548-B687-0F6BAD3E0B42} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{B0F08ACB-6BBA-49A8-8BE9-BBB4C2D8B574} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{A80477EF-8F86-4349-A621-8C75F9238D89} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{A5F3FA4B-F1AF-447A-9E10-A0F872A4B092} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{9EF78064-14AB-4E3B-AC8E-9BD26D520973} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{9E8126D6-C867-4526-912A-61AB46BFA834} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{9A535C5F-F61E-4E44-AC06-3773CF763402} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{8DF3FB07-AC8E-40B8-B799-20F6E6065CE6} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{8BEDC754-9672-4846-A597-FC1BB18D3CD6}\Disk1\Support\Readme folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{8BEDC754-9672-4846-A597-FC1BB18D3CD6}\Disk1\Support folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{8BEDC754-9672-4846-A597-FC1BB18D3CD6}\Disk1\GameData\Shared folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{8BEDC754-9672-4846-A597-FC1BB18D3CD6}\Disk1\GameData folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{8BEDC754-9672-4846-A597-FC1BB18D3CD6}\Disk1\Game\Bin\bin folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{8BEDC754-9672-4846-A597-FC1BB18D3CD6}\Disk1\Game\Bin folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{8BEDC754-9672-4846-A597-FC1BB18D3CD6}\Disk1\Game folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{8BEDC754-9672-4846-A597-FC1BB18D3CD6}\Disk1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{8BEDC754-9672-4846-A597-FC1BB18D3CD6} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{81172837-1586-445A-AACF-09363963A97E}\Disk1\Support\Readme folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{81172837-1586-445A-AACF-09363963A97E}\Disk1\Support folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{81172837-1586-445A-AACF-09363963A97E}\Disk1\GameData\Shared folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{81172837-1586-445A-AACF-09363963A97E}\Disk1\GameData folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{81172837-1586-445A-AACF-09363963A97E}\Disk1\Game\Bin\bin folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{81172837-1586-445A-AACF-09363963A97E}\Disk1\Game\Bin folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{81172837-1586-445A-AACF-09363963A97E}\Disk1\Game folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{81172837-1586-445A-AACF-09363963A97E}\Disk1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{81172837-1586-445A-AACF-09363963A97E} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{7D4C6D9C-9A83-45E4-B279-88103A309877} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{7733AD7D-B607-425E-A99C-6C61FD37D5D3} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{75BACCD8-4069-4B6F-8C28-555B41125A1D}\Disk1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{75BACCD8-4069-4B6F-8C28-555B41125A1D} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{635061C7-E28D-4749-B6BF-9E989E36BEBB}\Disk1\Support\Readme folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{635061C7-E28D-4749-B6BF-9E989E36BEBB}\Disk1\Support folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{635061C7-E28D-4749-B6BF-9E989E36BEBB}\Disk1\GameData\Shared folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{635061C7-E28D-4749-B6BF-9E989E36BEBB}\Disk1\GameData folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{635061C7-E28D-4749-B6BF-9E989E36BEBB}\Disk1\Game\Bin\bin folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{635061C7-E28D-4749-B6BF-9E989E36BEBB}\Disk1\Game\Bin folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{635061C7-E28D-4749-B6BF-9E989E36BEBB}\Disk1\Game folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{635061C7-E28D-4749-B6BF-9E989E36BEBB}\Disk1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{635061C7-E28D-4749-B6BF-9E989E36BEBB} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{5DACFD08-F146-4766-B6FB-E6E36AFF020B}\{7644E42D-B096-457F-8B5B-901238FC81AE} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{5DACFD08-F146-4766-B6FB-E6E36AFF020B} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{4D32E872-66B2-43EB-B632-5CD8BE18FDFE}\Disk1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{4D32E872-66B2-43EB-B632-5CD8BE18FDFE} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{4CC60E53-8099-498F-9ECD-28D9E5F14F37}\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{4CC60E53-8099-498F-9ECD-28D9E5F14F37} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{492698FD-4264-4477-A903-7A36AFCD9B12} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{4655836F-080C-4D5B-8125-226CD4221EBB} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{421E6AA8-4980-4699-85DA-C7E72FA7529E} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{40BC8737-A418-4F7D-98FC-CD803A8DEC60} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{3CEFB844-EC5B-4DFC-BDCB-0B856C20077B} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{2F1D078F-8752-492B-8DAC-6648B9F1D206} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{1577FB5F-4CE1-45A7-A0C6-33A8D6B6A147} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{09A10E98-A286-4152-9547-20D4A65867C5} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{07BB214C-C0C8-486B-954D-74983ECCCA7F} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\{04ABF33D-C8E2-430F-9252-470FC253998A} folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\__SkypeDialog_Cache folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Word8.0 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\VSD51B7.tmp folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\VSD2818.tmp folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\VBE folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\tmp3810.tmp.zipfolder folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Temporary Internet Files\Content.IE5\IYG673RM folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Temporary Internet Files\Content.IE5\FEVEUO20 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B7JXIXHU folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Temporary Internet Files\Content.IE5\9CYYCIDJ folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4NGJTWBA folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Temporary Internet Files folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\TeamViewer\Version7 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\TeamViewer folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\SilverStreakLog folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\SharePodLib\Sessions\C3RF68EFDCP9 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\SharePodLib\Sessions\9C946H9B6K2 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\SharePodLib\Sessions\9C008FXS6K2 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\SharePodLib\Sessions\5U822BKAY0P folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\SharePodLib\Sessions folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\SharePodLib\bin folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\SharePodLib folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\SAMSUNG folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-9 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-8 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-7 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-6 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-5 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-4 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-3 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-20 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-2 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-19 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-18 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-17 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-16 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-15 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-14 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-13 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-12 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-11 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-10 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp-1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\plugtmp folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\PicasaInstaller folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Picasa3\Picasa filecheck folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Picasa3 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\OIS\temp folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\OIS\cacheFiles folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\OIS folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\msohtmlclip1\01 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\msohtmlclip1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\msohtmlclip folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp\tf_F8F0 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp\tf_F72C folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp\tf_F70C folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp\tf_C755 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp\tf_8DFE folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp\tf_7F9 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp\tf_7C52 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp\tf_6E5D folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp\tf_57A2 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp\tf_4CE9 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp\tf_2F8A folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MsgrTemp folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\msdtadmin folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\msdt folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\mozilla-media-cache folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MessengerCache\SessionCache folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MessengerCache folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MarkAny\ContentSafer folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MarkAny folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\MaglevExpressTemp folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Low\Messenger Companion folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Low\ICQToolbar folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Low\Garmin Communicator Plug-In\2.9.3 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Low\Garmin Communicator Plug-In folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Low folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\KB2461678_10.0.30319 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\ImageDebug folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\hsperfdata_G61025 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\History\History.IE5 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\History folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\f69d2881-c23d-4c7c-82cc-69efd41b76f4 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\e1b92ea8-f486-4b11-ab33-fd92c14f3047 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\DPE folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Cookies folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Convert folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\BingBarInstallerLogs folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\b1d65e3e-4e75-4804-a122-36dff0499f12 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\AppleMediaValidatorCache folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\AppleMediaCache folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\APNScripts folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\APNLogs folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\APN-Stub folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Adobe\Acrobat\9.0 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Adobe\Acrobat folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\Adobe folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\7zS20F7.tmp folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\7de36826-06f2-4679-9362-144feb863905 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\3483150252 (EU) folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\1a7d9c19-e921-4f28-aef1-9b362897b06a folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\10ffb78d78cb628c5d folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\09151700-000013d8-czaq60mv2p folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\09032312-000016b4-8dm7bg7wby folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\05031245-000017fc-bgpd2rlfla folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\04130335-00000d94-x97tjqg4ai folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang\601_86_0 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang\601_64_0 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang\600_86_1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang\600_86_0 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang\600_64_2 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang\600_64_1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang\600_64_0 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang\600S_86_2 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang\600S_86_1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang\600S_64_2 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang\600S_64_1 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\NoLang folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\GER\501_86_3 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\GER\501_86_2 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists\GER folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Whitelists folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\setup folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Configuration\GER folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Configuration folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\BootCD\live folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\BootCD\BootCDWizard\GER folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\BootCD\BootCDWizard folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\BootCD\boot\isolinux\GER folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\BootCD\boot\isolinux folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\BootCD\boot folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\BootCD folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\bd folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Avast5\Setup folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Avast5\defs folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC\Avast5 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01CD6BD6E6363FCC folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01191830-00001b98-p00xks87wj\Files folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01191830-00001b98-p00xks87wj folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\01191830-00001b98-lwoph7rxq9 folder moved successfully.
C:\Users\G61025\AppData\Local\Temp\.picasaoriginals folder moved successfully.
Folder move failed. C:\Users\G61025\AppData\Local\Temp scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\G61025\Desktop\cmd.bat deleted successfully.
C:\Users\G61025\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: G61025
->Temp folder emptied: 1005403661 bytes
->Temporary Internet Files folder emptied: 103006026 bytes
->Java cache emptied: 5851475 bytes
->FireFox cache emptied: 1161892655 bytes
->Google Chrome cache emptied: 45899321 bytes
->Flash cache emptied: 45528 bytes
User: Public
User: Slide X
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 318287607 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
RecycleBin emptied: 12537748232 bytes
Total Files Cleaned = 14.475,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: G61025
->Flash cache emptied: 0 bytes
User: Public
User: Slide X
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.55.0 log created on 07282012_160239
Files\Folders moved on Reboot...
C:\Users\G61025\AppData\Local\Temp\Messenger Companion folder moved successfully.
C:\Users\G61025\AppData\Local\Temp folder moved successfully.
File\Folder C:\Users\G61025\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File\Folder C:\Users\G61025\AppData\Local\Temp\~DF0B2532DA9179FED9.TMP not found!
File\Folder C:\Users\G61025\AppData\Local\Temp\~DF319956698965B76C.TMP not found!
File\Folder C:\Users\G61025\AppData\Local\Temp\~DF478425E461FF280C.TMP not found!
File\Folder C:\Users\G61025\AppData\Local\Temp\~DF72A8C8975EDA8BF9.TMP not found!
File\Folder C:\Users\G61025\AppData\Local\Temp\~DFB5F3D43C925AF85B.TMP not found!
File\Folder C:\Users\G61025\AppData\Local\Temp\~DFCB12037DD27297A8.TMP not found!
File\Folder C:\Users\G61025\AppData\Local\Temp\~DFCDE262A744531AEF.TMP not found!
File\Folder C:\Users\G61025\AppData\Local\Temp\~DFDF74F6DFA305AF36.TMP not found!
C:\Users\G61025\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
PendingFileRenameOperations files...
File C:\Users\G61025\AppData\Local\Temp not found!
File C:\Users\G61025\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\G61025\AppData\Local\Temp\~DF0B2532DA9179FED9.TMP not found!
File C:\Users\G61025\AppData\Local\Temp\~DF319956698965B76C.TMP not found!
File C:\Users\G61025\AppData\Local\Temp\~DF478425E461FF280C.TMP not found!
File C:\Users\G61025\AppData\Local\Temp\~DF72A8C8975EDA8BF9.TMP not found!
File C:\Users\G61025\AppData\Local\Temp\~DFB5F3D43C925AF85B.TMP not found!
File C:\Users\G61025\AppData\Local\Temp\~DFCB12037DD27297A8.TMP not found!
File C:\Users\G61025\AppData\Local\Temp\~DFCDE262A744531AEF.TMP not found!
File C:\Users\G61025\AppData\Local\Temp\~DFDF74F6DFA305AF36.TMP not found!
File C:\Users\G61025\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!
Registry entries deleted on Reboot...
Grüße, Sample43 |
|
28.07.2012, 15:27
| #4 |
| /// Helfer-Team | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
28.07.2012, 17:05
| #5 |
| | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Danke, unverändert. Die Modul-Meldung kommt immernoch nach jedem Neustart. Hier die Logfile von Malwarebytes' Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.23.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 G61025 :: G61025-HP [Administrator] Schutz: Aktiviert 28.07.2012 16:39:50 mbam-log-2012-07-28 (16-39-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 360394 Laufzeit: 1 Stunde(n), 5 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\_OTL\MovedFiles\07282012_160239\C_Users\G61025\AppData\Local\Temp\4305670cos2021236.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\G61025\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ging ja schnell. Hier noch die Logfile der adwcleaner.exe: AdwCleaner[R1].txt: Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/28/2012 at 18:07:27
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : G61025 - G61025-HP
# Running from : G:\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\G61025\AppData\Local\Ilivid Player
Folder Found : C:\Users\G61025\AppData\LocalLow\Bandoo
Folder Found : C:\Users\G61025\AppData\LocalLow\searchquband
Folder Found : C:\Users\G61025\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\G61025\AppData\Roaming\Bandoo
Folder Found : C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\Searchqutoolbar
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Program Files (x86)\Ilivid
Folder Found : C:\Program Files (x86)\Windows iLivid Toolbar
File Found : C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\Askcom.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKLM\SOFTWARE\bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Found : HKLM\SOFTWARE\SearchquMediabarTb
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
[x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
[x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
[x64] Key Found : HKLM\SOFTWARE\DataMngr
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v20.0.1132.57
File : C:\Users\G61025\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [9444 octets] - [28/07/2012 18:07:27]
########## EOF - C:\AdwCleaner[R1].txt - [9572 octets] ##########
|
|
28.07.2012, 21:10
| #6 |
| /// Helfer-Team | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Um das Modul kuemmern wir uns noch! Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? |
|
28.07.2012, 23:21
| #7 |
| | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Hier der Inhalt der AdwCleaner[S1].txt : Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/29/2012 at 00:17:03
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : G61025 - G61025-HP
# Running from : G:\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\G61025\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\G61025\AppData\LocalLow\Bandoo
Folder Deleted : C:\Users\G61025\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\G61025\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\G61025\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\Searchqutoolbar
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Ilivid
Deleted on reboot : C:\Program Files (x86)\Windows iLivid Toolbar
File Deleted : C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
[x64] Key Deleted : HKLM\SOFTWARE\DataMngr
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\prefs.js
C:\Users\G61025\AppData\Roaming\Mozilla\Firefox\Profiles\seis8rw4.default\user.js ... Deleted !
[OK] File is clean.
-\\ Google Chrome v20.0.1132.57
File : C:\Users\G61025\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [9497 octets] - [28/07/2012 18:07:27]
AdwCleaner[R2].txt - [9557 octets] - [29/07/2012 00:16:53]
AdwCleaner[S1].txt - [7833 octets] - [29/07/2012 00:17:03]
########## EOF - C:\AdwCleaner[S1].txt - [7961 octets] ##########
|
|
29.07.2012, 12:50
| #8 |
| /// Helfer-Team | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Wo ist Emsisoft? |
|
29.07.2012, 12:58
| #9 |
| | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Schuldige, hab gestern nur das eine geschafft. Hier EmsiSoft: quarantine_120729-135710.txt : Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
quarantine log
Datum Ursprung Vorgang Verhalten/Infektion
29.07.2012 01:38:40 C:\HP\Bin\EndProcess.exe In Quarantäne gestellt Riskware.Win32.KillApp!E1
|
|
29.07.2012, 14:05
| #10 |
| /// Helfer-Team | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
29.07.2012, 14:07
| #11 |
| | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Oh, das waren wohl die falschen. Ich habe insgasamt drei mal gescant. Hier die Logs: Nummer 1: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 29.07.2012 00:26:14
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 29.07.2012 00:27:37
C:\HP\Bin\EndProcess.exe gefunden: Riskware.Win32.KillApp!E1
Gescannt 613862
Gefunden 1
Scan Ende: 29.07.2012 01:33:43
Scan Zeit: 1:06:06
C:\HP\Bin\EndProcess.exe Quarantäne Riskware.Win32.KillApp!E1
Quarantäne 1
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 29.07.2012 00:26:14
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 29.07.2012 01:39:14
Gescannt 613894
Gefunden 0
Scan Ende: 29.07.2012 13:14:58
Scan Zeit: 11:35:44
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 29.07.2012 00:26:14
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 29.07.2012 13:59:40
Gescannt 613833
Gefunden 0
Scan Ende: 29.07.2012 14:44:13
Scan Zeit: 0:44:33
Gruß, Sample43 |
|
29.07.2012, 14:10
| #12 |
| /// Helfer-Team | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
29.07.2012, 17:37
| #13 |
| | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Hier die Logilfe des ESET Online Scanners: log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=67f420ecb63e064f886367e713945321
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-29 04:27:40
# local_time=2012-07-29 06:27:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 56125 80101345 47404 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 8132 95199332 0 0
# compatibility_mode=8192 67108863 100 0 1401 1401 0 0
# scanned=274637
# found=1
# cleaned=1
# scan_time=9777
F:\Programme\Microsoft.Office.Professional.Plus.2010.x64.German.VL.Edition\Office 2010 x64 GER.iso Win32/HackKMS.A Anwendung (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C
|
|
29.07.2012, 18:18
| #14 |
| /// Helfer-Team | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
29.07.2012, 23:02
| #15 |
| | GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? Erledigt (; Was nun? |
|
| Themen zu GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun? |
| 64-bit, antivir, autorun, avira, bandoo, bho, bingbar, bonjour, computer, ctfmon.lnk, entfernen, error, excel, failed, fehler, firefox, flash player, guv 2.07, gvu 2.07, home, igdpmd64.sys, install.exe, launch, limited.com/facebook, logfile, mozilla, office 2007, officejet, plug-in, problem, realtek, registry, rundll, scan, searchqu toolbar, searchscopes, security, software, verschlüsselungstrojaner, virus, windows 7, zahlung |
Linear-Darstellung
