|
Log-Analyse und Auswertung: der computer ist für die verletzung der gesetze blockiet worden!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.08.2012, 08:12 | #1 |
| der computer ist für die verletzung der gesetze blockiet worden! Hallo, Also ich kenn mich nicht recht gut aus aber ich hab mal den otl scan gemacht und zwei txt. dateien bekommen: habe gestern den polizeivirus gehabt, und heute habe ich eine systemwiederherstellung gemacht, hat wieder alles funktioniert nur weiß ich nicht ob der virus jetzt noch im pc ist oder nicht kann mir da wer helfen bitte? Extras.txt OTL Extras logfile created on: 8/6/2012 8:46:57 AM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Anita\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.93 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 34.17% Memory free 3.86 Gb Paging File | 2.39 Gb Available in Paging File | 61.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 280.79 Gb Total Space | 89.50 Gb Free Space | 31.87% Space Free | Partition Type: NTFS Drive F: | 1.99 Gb Total Space | 0.01 Gb Free Space | 0.37% Space Free | Partition Type: FAT32 Drive J: | 2.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: ANITA-HP | User Name: Anita | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1500055201-2305092131-526482335-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02E63C1D-8D05-4E3C-9A2B-69B2434B1B8F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0761C39F-0F02-42E9-A6F3-FE13E2EB5217}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{3C8CC9C0-214F-43D8-BC5C-F8F249ED11A1}" = lport=137 | protocol=17 | dir=in | app=system | "{4B8983AF-E771-4E0A-9963-5B95CBFA80A1}" = lport=139 | protocol=6 | dir=in | app=system | "{60445DB8-4B22-41D0-8339-07E256E02D14}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{61C36E70-36E2-452B-90BF-CF9BD4040F21}" = rport=445 | protocol=6 | dir=out | app=system | "{68BD3B5E-BA19-4F55-BBD4-636B5D2B08A9}" = rport=137 | protocol=17 | dir=out | app=system | "{6F3B8937-2703-46C7-9E89-611E177CAFDB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{85AE2B11-A84C-4790-B3CB-88C327D717B0}" = rport=139 | protocol=6 | dir=out | app=system | "{87399AB8-98B4-45A5-9ED8-2CAD8BBAFE0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{96B1293E-E083-48E9-A376-936D9C582794}" = lport=138 | protocol=17 | dir=in | app=system | "{9B213277-6523-4591-BA59-6CC56253A723}" = lport=445 | protocol=6 | dir=in | app=system | "{C1A68497-F47E-45B8-BAE1-DFBA4DC29EB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D62188D4-AE1C-4656-B370-4F50E0C91228}" = rport=138 | protocol=17 | dir=out | app=system | "{FB6B7B3E-FC41-4BE6-BBF9-954DA84FBFDF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE8ECB7B-BC2B-4AE7-BF73-794E340BB77F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04102E85-7B9F-44EF-A9FF-CEF40883472B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1885650D-5B72-4EB6-9557-FAE533C1C9B7}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | "{1AC0F0AA-D023-46A2-84C9-2AFEA5C21B5C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{24118B07-29C9-44EC-9AC2-A6D2B32BB72E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{28B80893-576C-48E6-ABEB-E9FB647EBA4F}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | "{2DEF2932-1475-4367-B51A-B8B2F370BDB9}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | "{2ED240DA-8006-4821-959B-CB0A7270F424}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | "{37496FF5-AD4B-41D7-80D7-94205680535E}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{53B2501E-8506-49B0-95C4-E09CF431056F}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | "{615A27E7-B11B-41AB-8394-6C04434D5F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{61B308F7-FE7A-45F9-BCFD-BF5B5A01A30B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{63DF8725-59A3-48AD-AF1C-F74CFB8CB898}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe | "{6F3A50F7-5499-40D0-9372-3464420954C2}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe | "{703CBBFB-83EF-45B7-89A5-C25ACAFF76BD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{768BA583-F15E-4793-B05E-ABCFE1581BC5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{8BE998E9-F885-480F-B3FC-457715692C63}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8CA6F511-47E2-49E9-90B4-B8D3B453BDDB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{9311A265-5A0F-4AAE-97CA-0B6773F4AFB4}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{97ADDA35-0392-42E8-B79A-BF06283568CC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A82234C1-3A97-4995-ABC3-214AEBC7E08B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{A848CE43-F567-4381-9648-CB97A26446F0}" = dir=in | app=c:\users\anita\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{A9F1A5A1-095F-4EC4-888C-792147786BF5}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | "{AA0C1ADB-9C62-4CA9-848D-62FC251C80E9}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | "{AD192918-F204-4F1C-BAE9-BF5C4E769322}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B49CCACE-0E28-4E35-8C2B-9BEDF3AAEFFE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{C664E82C-66E1-4321-AF1D-946A436B2EC9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{CE073DEC-331A-42E0-8B57-8F6D46C35848}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | "{DEBD91C0-650C-49B6-A3A7-B0C558947863}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{E3321955-3AEC-414F-AC42-FE34BCB4258F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E5E0AF18-D7C2-416D-8A41-06A66FC26E6B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "TCP Query User{0AF8510E-E8E2-45F7-BB3D-F521EECBB0E5}C:\program files (x86)\atube catcher\yct.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atube catcher\yct.exe | "TCP Query User{22E25053-F900-4107-8C08-E89E47937BE4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{3AD5D3F5-9A80-4CBE-84BD-F3C6C7C23BEC}C:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | "TCP Query User{3BDAE99F-8D4D-47B6-B0B1-14D2AF82BD46}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{4052483F-AC58-49D8-A81F-BF08DF236465}C:\users\anita\downloads\cityvillebot\cvbot.exe" = protocol=6 | dir=in | app=c:\users\anita\downloads\cityvillebot\cvbot.exe | "TCP Query User{40E07635-F56A-4155-8B6A-369528C0B989}C:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "TCP Query User{4687FD7F-6ABF-420D-B824-55B326305351}C:\users\anita\appdata\local\temp\rar$ex00.291\cityvillebot\cvbot.exe" = protocol=6 | dir=in | app=c:\users\anita\appdata\local\temp\rar$ex00.291\cityvillebot\cvbot.exe | "TCP Query User{4F1FF232-5BB1-4C38-9CD2-CD1729C41685}C:\program files (x86)\charles\charles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\charles\charles.exe | "TCP Query User{55871ABD-B205-4098-A540-FAD82B998618}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe | "TCP Query User{6717B152-B224-4AB4-8612-C94780C2BD1A}C:\program files (x86)\cityvillebot\cvbot.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cityvillebot\cvbot.exe | "TCP Query User{67A3B968-82B2-4494-B40A-AE5F899BC8F9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{8628F8DF-60EA-478D-B11E-4716228613F0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{875608D7-5B91-47AF-9B62-F8173272E852}C:\users\anita\desktop\cityvillebot\cvbot.exe" = protocol=6 | dir=in | app=c:\users\anita\desktop\cityvillebot\cvbot.exe | "TCP Query User{AF39A942-33CE-4D05-B1EB-CE21F9344D7F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{C292882C-890A-4AD3-9123-7E532CB50414}C:\users\anita\appdata\local\temp\rar$ex00.059\cityvillebot\cvbot.exe" = protocol=6 | dir=in | app=c:\users\anita\appdata\local\temp\rar$ex00.059\cityvillebot\cvbot.exe | "TCP Query User{CA011C06-006B-4D6D-8D3F-0E94CF188531}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe | "TCP Query User{FF0A36DA-6309-4ADB-9A99-36C50E2B3781}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | "UDP Query User{00688CF9-CE55-47E1-952F-C33FF05DD236}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{03BC6F65-FF80-43F3-9D4B-7DA0CD74BAED}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe | "UDP Query User{03E02DE5-A0D3-454E-8233-77C965910280}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{113C7DEC-B501-4DE0-A9C3-1686F9407672}C:\users\anita\desktop\cityvillebot\cvbot.exe" = protocol=17 | dir=in | app=c:\users\anita\desktop\cityvillebot\cvbot.exe | "UDP Query User{28615E4C-92B2-446D-91DF-39AFB995B079}C:\users\anita\appdata\local\temp\rar$ex00.291\cityvillebot\cvbot.exe" = protocol=17 | dir=in | app=c:\users\anita\appdata\local\temp\rar$ex00.291\cityvillebot\cvbot.exe | "UDP Query User{3277CD53-4C5B-4926-93B7-8E1B69898BC9}C:\program files (x86)\cityvillebot\cvbot.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cityvillebot\cvbot.exe | "UDP Query User{3352ACC7-B79A-4A7B-8FA6-FE763F5BA8E2}C:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | "UDP Query User{3B2829FC-A1C7-4922-A110-A0A6D130BF69}C:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "UDP Query User{4D7F92D1-1AA7-47F8-AE86-A5F86A40201B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{4F720C23-DB2D-40D8-9D1A-23A8D256FD60}C:\program files (x86)\atube catcher\yct.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atube catcher\yct.exe | "UDP Query User{620DD6C1-24DA-4848-AEA8-49248ED143C7}C:\program files (x86)\free video zilla\fvzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free video zilla\fvzilla.exe | "UDP Query User{6ABDFD60-B699-4FD7-9CBD-51A82A90A4B8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{CDCAC197-7386-4EC3-9102-A01066AAF70E}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | "UDP Query User{CFCB15DB-CE9F-40A8-98C0-6C98CE7FD1C5}C:\users\anita\downloads\cityvillebot\cvbot.exe" = protocol=17 | dir=in | app=c:\users\anita\downloads\cityvillebot\cvbot.exe | "UDP Query User{E7199946-E4E5-468C-B8F2-E14490C1BBE3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{F2052407-5D79-4CC8-922D-DD25872FD7E0}C:\users\anita\appdata\local\temp\rar$ex00.059\cityvillebot\cvbot.exe" = protocol=17 | dir=in | app=c:\users\anita\appdata\local\temp\rar$ex00.059\cityvillebot\cvbot.exe | "UDP Query User{F92F0183-751F-4A59-8245-1E6F7EF99B5B}C:\program files (x86)\charles\charles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\charles\charles.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{35E7875D-C1E5-4D7D-99AF-07CA5F4250BB}" = NXPowerLite "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Ralink Motorola BC4 Bluetooth 3.0+HS Adapter_is1" = Ralink Motorola BC4 Bluetooth 3.0+HS Adapter "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{206E1EEB-027A-4FC0-B4ED-6E48203BD49A}" = HP ESU for Microsoft Windows 7 "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A0FD0E8-7825-468D-8808-A5D63B11777B}" = HP Software Framework "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{436bfd62-0f20-49b6-9a64-3bfbedc4ed67}" = Nero 9 Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting "{5E6ACA2E-60D5-461C-8FD3-04BA9C174B27}_is1" = Mouse Recorder Pro 1.3 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}" = Facebook Messenger 2.1.4590.0 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT3090 802.11b/g/n WiFi Adapter "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver "{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10 "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5 "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "aTube Catcher" = aTube Catcher "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cheat Engine 6.2_is1" = Cheat Engine 6.2 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DAEMON Tools Pro" = DAEMON Tools Pro "DealPly" = DealPly "DivX Setup.divx.com" = DivX Setup "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "IsoBuster_is1" = IsoBuster 2.8.5 "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "PDF Complete" = PDF Complete Special Edition "The KMPlayer" = The KMPlayer (remove only) "Tobit Radio.fx Server" = Radio.fx "UltraISO_is1" = UltraISO Premium V9.52 "VLC media player" = VLC media player 1.1.5 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1500055201-2305092131-526482335-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/25/2012 11:32:16 AM | Computer Name = Anita-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure. Error - 4/25/2012 6:30:42 PM | Computer Name = Anita-HP | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 4/26/2012 7:42:01 PM | Computer Name = Anita-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 4/26/2012 7:52:27 PM | Computer Name = Anita-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure. Error - 4/26/2012 11:13:08 PM | Computer Name = Anita-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 4/26/2012 11:13:08 PM | Computer Name = Anita-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 4/27/2012 7:02:17 PM | Computer Name = Anita-HP | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 4/28/2012 5:07:43 PM | Computer Name = Anita-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure. Error - 4/29/2012 1:05:46 PM | Computer Name = Anita-HP | Source = Windows Backup | ID = 4104 Description = Error - 4/29/2012 5:37:54 PM | Computer Name = Anita-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure. [ System Events ] Error - 8/6/2012 2:02:52 AM | Computer Name = Anita-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 8/6/2012 2:02:52 AM | Computer Name = Anita-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 8/6/2012 2:02:52 AM | Computer Name = Anita-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 8/6/2012 2:02:52 AM | Computer Name = Anita-HP | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 8/6/2012 2:02:57 AM | Computer Name = Anita-HP | Source = DCOM | ID = 10005 Description = Error - 8/6/2012 2:03:48 AM | Computer Name = Anita-HP | Source = DCOM | ID = 10005 Description = Error - 8/6/2012 2:06:45 AM | Computer Name = Anita-HP | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Error - 8/6/2012 2:06:48 AM | Computer Name = Anita-HP | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 8/6/2012 2:06:48 AM | Computer Name = Anita-HP | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 8/6/2012 2:09:54 AM | Computer Name = Anita-HP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > OTL.txt OTL logfile created on: 8/6/2012 8:46:57 AM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Anita\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1.93 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 34.17% Memory free 3.86 Gb Paging File | 2.39 Gb Available in Paging File | 61.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 280.79 Gb Total Space | 89.50 Gb Free Space | 31.87% Space Free | Partition Type: NTFS Drive F: | 1.99 Gb Total Space | 0.01 Gb Free Space | 0.37% Space Free | Partition Type: FAT32 Drive J: | 2.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: ANITA-HP | User Name: Anita | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Anita\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.) SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (lxbc_device) -- C:\Windows\SysNative\lxbccoms.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Radio.fx) -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (STacSV) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe (IDT, Inc.) SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation) SRV - (lxbc_device) -- C:\Windows\SysWOW64\lxbccoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (zghsmdm) -- C:\Windows\SysNative\drivers\zghsmdm.sys (ZTE Incorporated) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc) DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (BTMNET) -- C:\Windows\SysNative\drivers\btmnet.sys (Motorola, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.) DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Motorola, Inc.) DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3419A091-2E44-40B3-A50D-BEA235EBEE82} IE:64bit: - HKLM\..\SearchScopes\{3419A091-2E44-40B3-A50D-BEA235EBEE82}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {3419A091-2E44-40B3-A50D-BEA235EBEE82} IE - HKLM\..\SearchScopes\{3419A091-2E44-40B3-A50D-BEA235EBEE82}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=80478b3c000000000000e02a822525a0 IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=80478b3c000000000000e02a822525a0 IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\SearchScopes\{3419A091-2E44-40B3-A50D-BEA235EBEE82}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: "" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0 FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: "" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0 FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: "" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0 FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: "" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: "" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.2.100012 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Anita\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/09/10 06:59:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/31 14:25:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/31 14:25:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\2.bin FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Ge org Internet Manager\Bin\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files (x86)\Flock\components [2011/06/23 11:39:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2011/07/30 13:25:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 11:26:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/12 21:13:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 11:26:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/12 21:13:41 | 000,000,000 | ---D | M] [2011/03/03 10:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anita\AppData\Roaming\mozilla\Extensions [2011/03/03 10:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anita\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2012/08/04 06:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\zllphj7p.default\extensions [2012/07/07 12:08:44 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\zllphj7p.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} [2012/07/23 14:08:52 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\zllphj7p.default\extensions\de-AT@dictionaries.addons.mozilla.org [2011/02/03 19:33:47 | 000,001,832 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\bing.xml [2012/08/04 05:46:31 | 000,000,950 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin-1.xml [2012/05/12 21:14:54 | 000,000,950 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin-10.xml [2012/05/15 20:18:36 | 000,000,950 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin-11.xml [2011/08/17 20:58:44 | 000,000,950 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin-2.xml [2011/09/02 11:52:31 | 000,000,950 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin-3.xml [2011/09/13 07:50:42 | 000,000,950 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin-4.xml [2011/10/12 10:34:05 | 000,000,950 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin-5.xml [2011/11/10 19:53:41 | 000,000,950 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin-6.xml [2011/12/22 20:05:59 | 000,000,950 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin-7.xml [2012/02/02 17:01:00 | 000,000,950 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin-8.xml [2012/03/14 21:28:17 | 000,000,950 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin-9.xml [2011/06/22 12:34:14 | 000,001,056 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\icqplugin.xml [2011/02/03 19:33:45 | 000,009,966 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\zllphj7p.default\searchplugins\mywebsearch.xml [2012/06/06 10:45:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/02/10 20:18:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/08/04 06:07:48 | 000,021,524 | ---- | M] () (No name found) -- C:\USERS\ANITA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZLLPHJ7P.DEFAULT\EXTENSIONS\LEETHAX@LEETHAX.NET.XPI [2012/07/19 11:26:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/06/20 20:12:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/27 08:47:57 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/06/20 20:12:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/20 20:12:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/20 20:12:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/20 20:12:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/20 20:12:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O3 - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24372355-2731-4E2F-8D17-81FDE2AF7DEF}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63EBB47E-3CF1-4C95-8CAD-5184A5C4CE07}: DhcpNameServer = 10.0.3.1 194.228.41.65 194.228.41.113 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/30 22:53:28 | 000,000,048 | R--- | M] () - J:\autorun.inf -- [ UDF ] O33 - MountPoints2\{6c5e4413-459a-11e0-890f-6431506c3935}\Shell - "" = AutoRun O33 - MountPoints2\{6c5e4413-459a-11e0-890f-6431506c3935}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{8a4f8e88-45a4-11e1-9a0c-e02a822525a0}\Shell - "" = AutoRun O33 - MountPoints2\{8a4f8e88-45a4-11e1-9a0c-e02a822525a0}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{8a4f8e88-45a4-11e1-9a0c-e02a822525a0}\Shell\readit\command - "" = notepad readme.doc O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/06 08:29:56 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Anita\Desktop\OTL.exe [2012/08/05 23:07:59 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\hellomoto [2012/08/03 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{B4142080-AD02-4FAC-A7C2-5ED7E1702CC7} [2012/08/03 14:01:35 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\Macromedia [2012/08/03 13:58:29 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/08/03 13:58:26 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2012/08/03 13:54:36 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{FAF02FCA-9D2F-4F73-B5E6-D480E3B2F3D9} [2012/08/03 10:18:30 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\TuneUp Software [2012/08/03 10:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012/08/03 10:18:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012/08/03 10:18:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/08/03 10:11:49 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\OpenCandy [2012/08/03 10:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2 [2012/08/03 10:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2 [2012/08/01 17:10:14 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{134240C0-60FB-42E4-B630-F5B4A5F45A07} [2012/07/30 14:56:51 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{3C5C8EED-DAF1-49C5-982D-0F6AAB4DD74F} [2012/07/30 14:55:34 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{863DED0D-BB44-4D28-9072-C05A59205057} [2012/07/27 06:19:58 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012/07/25 15:31:56 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{D19D8109-0854-4507-ABFC-08EEB23517DA} [2012/07/24 21:26:18 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{579B0E1F-54D4-490B-8340-F1CE5A2832C3} [2012/07/24 09:25:14 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{30F579C7-4C84-4F4E-9461-7A8139CBFF3B} [2012/07/23 20:52:59 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{C2613698-24D2-4A3B-ABD4-3D6B1E2BC2C4} [2012/07/23 08:52:21 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{35261C4E-CEAD-4849-A131-2BF4A8950721} [2012/07/22 20:50:51 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{09D93C69-E484-4C6C-8C1C-839B54F78988} [2012/07/22 20:49:52 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{DF43893B-E122-4524-AC38-7170777B2243} [2012/07/20 12:46:47 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{C10E3839-62A0-4EEA-81D3-94046B665495} [2012/07/20 12:45:27 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{F95FA567-B018-4961-8491-95021242F0B9} [2012/07/19 16:24:40 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\Apple Computer [2012/07/19 16:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/07/19 16:23:54 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\GEARAspi64.dll [2012/07/19 16:23:54 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysWow64\GEARAspi.dll [2012/07/19 16:23:54 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys [2012/07/19 16:23:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE [2012/07/19 16:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/07/19 16:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/07/19 16:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/07/19 16:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/07/19 16:20:46 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\Apple [2012/07/19 16:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/07/19 16:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/07/19 16:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/07/19 16:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012/07/19 16:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/07/19 16:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012/07/19 00:11:40 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{C1BD0F7E-715B-44F6-B09B-BE7DCAB3D272} [2012/07/19 00:10:34 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{81D5D725-2834-422F-9EA4-C8371E4FB7A5} [2012/07/12 10:33:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll [2012/07/12 10:33:31 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll [2012/07/12 10:26:22 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\{ED51566B-DAB9-468D-AFC2-B4CFE09BF8A1} [2012/07/12 09:55:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/07/12 09:55:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/07/12 09:55:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/07/12 09:55:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/07/12 09:54:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/07/12 09:54:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/07/12 09:54:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/07/12 09:54:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/07/12 09:54:57 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/07/12 09:54:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/07/12 09:54:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/07/12 09:54:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/07/12 09:54:56 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/07/11 22:03:55 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll [2012/07/11 22:03:54 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll [2012/07/11 22:03:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll [2012/07/11 22:03:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll [2012/07/11 22:02:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll ========== Files - Modified Within 30 Days ========== [2012/08/06 09:00:23 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/08/06 08:59:09 | 000,001,138 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1500055201-2305092131-526482335-1001UA.job [2012/08/06 08:30:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anita\Desktop\OTL.exe [2012/08/06 08:15:06 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/06 08:15:04 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/06 08:13:32 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/06 08:06:49 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/06 08:06:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/08/05 06:07:02 | 000,001,116 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1500055201-2305092131-526482335-1001Core.job [2012/08/03 15:01:38 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/08/03 15:01:38 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/03 13:52:42 | 000,003,728 | ---- | M] () -- C:\bootsqm.dat [2012/08/03 10:11:41 | 000,001,085 | ---- | M] () -- C:\Users\Anita\Desktop\Cheat Engine.lnk [2012/07/28 19:39:19 | 001,509,052 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/07/28 19:39:19 | 000,658,390 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/07/28 19:39:19 | 000,619,636 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/07/28 19:39:19 | 000,131,490 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/07/28 19:39:19 | 000,107,698 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/07/25 18:04:35 | 000,321,786 | R--- | M] () -- C:\Users\Anita\Desktop\2009RKL_EPG_AbweichungenvomEherecht_PlenumNR_Final.pdf [2012/07/19 16:24:29 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/07/13 14:47:34 | 000,272,842 | R--- | M] () -- C:\Users\Anita\Desktop\Domino_tierABC.pdf [2012/07/13 14:35:54 | 000,004,096 | -H-- | M] () -- C:\Users\Anita\AppData\Local\keyfile3.drm [2012/07/12 10:21:10 | 004,938,352 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/08/03 13:58:45 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/08/03 13:52:42 | 000,003,728 | ---- | C] () -- C:\bootsqm.dat [2012/08/03 10:11:41 | 000,001,085 | ---- | C] () -- C:\Users\Anita\Desktop\Cheat Engine.lnk [2012/07/25 18:04:33 | 000,321,786 | R--- | C] () -- C:\Users\Anita\Desktop\2009RKL_EPG_AbweichungenvomEherecht_PlenumNR_Final.pdf [2012/07/19 16:24:29 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/07/19 16:20:36 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/07/13 14:47:33 | 000,272,842 | R--- | C] () -- C:\Users\Anita\Desktop\Domino_tierABC.pdf [2012/07/13 14:35:54 | 000,004,096 | -H-- | C] () -- C:\Users\Anita\AppData\Local\keyfile3.drm [2012/06/10 20:43:56 | 000,210,032 | ---- | C] () -- C:\windows\SysWow64\DBCLIENT.DLL [2012/05/05 19:18:27 | 000,000,290 | ---- | C] () -- C:\windows\Lexstat.ini [2012/05/05 19:17:35 | 000,995,328 | ---- | C] ( ) -- C:\windows\SysWow64\lxbcusb1.dll [2012/05/05 19:17:35 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxbcpmui.dll [2012/05/05 19:17:35 | 000,413,696 | ---- | C] () -- C:\windows\SysWow64\lxbcutil.dll [2012/05/05 19:17:35 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxbcinpa.dll [2012/05/05 19:17:35 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxbciesc.dll [2012/05/05 19:17:35 | 000,274,432 | ---- | C] () -- C:\windows\SysWow64\LXBCinst.dll [2012/05/05 19:17:34 | 001,224,704 | ---- | C] ( ) -- C:\windows\SysWow64\lxbcserv.dll [2012/05/05 19:17:34 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\lxbchbn3.dll [2012/05/05 19:17:34 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxbccomc.dll [2012/05/05 19:17:34 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxbclmpm.dll [2012/05/05 19:17:34 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxbccoms.exe [2012/05/05 19:17:34 | 000,421,888 | ---- | C] ( ) -- C:\windows\SysWow64\lxbccomm.dll [2012/05/05 19:17:34 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxbcih.exe [2012/05/05 19:17:34 | 000,381,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxbccfg.exe [2012/05/05 19:17:34 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxbcppls.exe [2012/05/05 19:17:34 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxbcprox.dll [2012/05/05 19:17:34 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxbcpplc.dll [2012/04/30 22:23:56 | 000,000,489 | ---- | C] () -- C:\Users\Anita\Toshiba HDD (H) - Verknüpfung.lnk [2012/03/22 20:27:35 | 000,062,558 | ---- | C] () -- C:\Users\Anita\3221134942_00c66c2eb1.jpg [2012/01/25 18:10:06 | 000,554,496 | ---- | C] () -- C:\windows\SysWow64\dvmsg.dll [2011/11/21 11:55:35 | 000,507,469 | R--- | C] () -- C:\Users\Anita\Pinguin_Picknick-Anleitung.pdf [2011/07/30 21:48:44 | 000,000,032 | -HS- | C] () -- C:\Users\Anita\AppData\Roaming\{b9c903e0-c592-11df-851a-0800200c9a66}.dat [2011/07/30 13:20:09 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2011/06/15 20:50:25 | 000,015,360 | ---- | C] () -- C:\Users\Anita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/23 11:03:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Configurations [2011/03/23 11:03:32 | 000,000,268 | RH-- | C] () -- C:\Users\Anita\AppData\Roaming\Light Machine [2011/03/23 11:03:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2011/03/23 11:02:23 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Logs [2011/03/23 11:02:23 | 000,000,268 | RH-- | C] () -- C:\Users\Anita\AppData\Roaming\Libraries [2011/03/23 11:02:23 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011/02/17 20:58:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/31 12:55:42 | 001,529,464 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2010/12/05 06:23:50 | 000,014,051 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat ========== LOP Check ========== [2011/11/25 15:13:32 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Anarchy [2011/10/27 08:47:54 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Babylon [2011/02/07 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Canneverbe Limited [2011/02/17 22:58:51 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Charles [2011/09/21 21:16:11 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Cocoon Software [2011/07/29 16:41:21 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\com.socialbox.socialbox [2012/01/24 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\DAEMON Tools Pro [2011/08/08 22:16:35 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\DVDVideoSoft [2011/08/08 22:16:28 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\DVDVideoSoftIEHelpers [2011/06/23 11:39:29 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Flock [2011/07/24 13:15:53 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Friday's games [2011/03/02 09:14:08 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\FVZilla [2011/02/24 16:40:51 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Ge org Internet Manager [2011/10/27 08:53:33 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\GetRightToGo [2012/08/05 23:08:07 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\hellomoto [2012/06/30 22:36:19 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\ICQ [2011/01/31 14:25:32 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Local [2011/11/27 19:42:45 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\MPEG Streamclip [2012/06/10 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mresreg [2011/03/23 11:42:17 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Nikon [2012/08/03 10:11:49 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\OpenCandy [2011/02/19 13:08:24 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\OpenOffice.org [2011/02/28 20:12:54 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Petrax Software [2011/08/23 09:28:20 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Phantasmat_intenium_se [2011/03/23 10:28:54 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Samsung [2012/07/18 18:06:43 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\SoftGrid Client [2012/08/03 14:05:20 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Spotify [2011/10/27 08:48:01 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\SumatraPDF [2012/01/25 18:11:55 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Tobit [2011/01/31 12:59:48 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\TP [2011/08/14 21:53:11 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\TS3Client [2011/02/28 18:23:49 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\TubeBox [2012/08/03 14:30:05 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\TuneUp Software [2011/02/28 14:53:21 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Windows Live Writer [2011/11/27 19:38:42 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\XMedia Recode [2012/08/05 06:07:02 | 000,001,116 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1500055201-2305092131-526482335-1001Core.job [2012/08/06 08:59:09 | 000,001,138 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1500055201-2305092131-526482335-1001UA.job [2012/04/23 21:04:54 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:9AEE100C @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:94A19129 < End of report > |
06.08.2012, 16:00 | #2 |
/// Helfer-Team | der computer ist für die verletzung der gesetze blockiet worden!Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3419A091-2E44-40B3-A50D-BEA235EBEE82} IE:64bit: - HKLM\..\SearchScopes\{3419A091-2E44-40B3-A50D-BEA235EBEE82}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {3419A091-2E44-40B3-A50D-BEA235EBEE82} IE - HKLM\..\SearchScopes\{3419A091-2E44-40B3-A50D-BEA235EBEE82}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=80478b3c000000000000e02a822525a0 IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=80478b3c000000000000e02a822525a0 IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\SearchScopes\{3419A091-2E44-40B3-A50D-BEA235EBEE82}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: "" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0 FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: "" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0 FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: "" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0 FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: "" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: "" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1 FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found. O3 - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKU\S-1-5-21-1500055201-2305092131-526482335-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/30 22:53:28 | 000,000,048 | R--- | M] () - J:\autorun.inf -- [ UDF ] O33 - MountPoints2\{6c5e4413-459a-11e0-890f-6431506c3935}\Shell - "" = AutoRun O33 - MountPoints2\{6c5e4413-459a-11e0-890f-6431506c3935}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{8a4f8e88-45a4-11e1-9a0c-e02a822525a0}\Shell - "" = AutoRun O33 - MountPoints2\{8a4f8e88-45a4-11e1-9a0c-e02a822525a0}\Shell\AutoRun\command - "" = D:\autorun.exe @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:9AEE100C @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:94A19129 [2011/10/27 08:47:54 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Babylon [2012/08/05 23:07:59 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\hellomoto [2012/08/06 09:00:23 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/08/06 08:59:09 | 000,001,138 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1500055201-2305092131-526482335-1001UA.job [2012/08/06 08:13:32 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/06 08:06:49 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/05 06:07:02 | 000,001,116 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1500055201-2305092131-526482335-1001Core.job :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
23.08.2012, 00:02 | #3 |
/// Helfer-Team | der computer ist für die verletzung der gesetze blockiet worden! Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
Themen zu der computer ist für die verletzung der gesetze blockiet worden! |
7-zip, autorun, avira, bho, computer, dealply, der computer ist für die verletzung, der computer ist für die verletzung der gesetze blockiet worden, error, excel, fehler, flash player, format, google, google earth, home, install.exe, jdownloader, logfile, microsoft office starter 2010, mozilla, plug-in, realtek, registry, richtlinie, rundll, scan, search the web, security, server, software, svchost.exe, systemwiederherstellung gemacht, tcp, udp, usb, windows |