| |
| |||||||
Log-Analyse und Auswertung: BKA Virus 09.08.2012Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.08.2012, 14:01
| #1 |
| |  BKA Virus 09.08.2012 Hallo, nachdem ich vorhin hier http://www.trojaner-board.de/121627-...tml#post887595 mein Problem mit Google gepostet habe, habe ich kurz darauf ein neues Problem bekommen. Und zwar kam bei mir (bisher erst einmal) der Bildschirm des BKA Virus. Habe jetzt nochmal einen Scan gemacht und hoffe auf eure Hilfe. Danke Code:
ATTFilter OTL logfile created on: 09.08.2012 15:51:27 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\David\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,24 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 58,76% Memory free 6,17 Gb Paging File | 4,86 Gb Available in Paging File | 78,82% Paging File free Paging file location(s): e:\pagefile.sys 3000 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,50 Gb Total Space | 4,68 Gb Free Space | 8,00% Space Free | Partition Type: NTFS Drive D: | 1338,66 Gb Total Space | 13,84 Gb Free Space | 1,03% Space Free | Partition Type: NTFS Drive E: | 454,38 Gb Total Space | 24,57 Gb Free Space | 5,41% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 34,86 Gb Free Space | 7,48% Space Free | Partition Type: NTFS Drive H: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: DAVID-PC | User Name: David | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.09 11:04:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe PRC - [2012.07.22 21:34:12 | 001,193,176 | ---- | M] () -- C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.07.22 08:07:55 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.05.22 18:50:35 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.04.04 03:20:57 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe PRC - [2010.12.01 11:13:13 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe PRC - [2010.12.01 11:13:13 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe PRC - [2010.11.03 10:15:30 | 004,360,896 | ---- | M] (Almico Software (www.almico.com)) -- D:\Programme\SpeedFan\speedfan.exe ========== Modules (No Company Name) ========== MOD - [2012.08.09 15:48:17 | 000,192,512 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\sfamcc00001.dll MOD - [2012.08.09 15:48:17 | 000,172,032 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\sfareca00001.dll MOD - [2012.08.03 02:35:20 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll MOD - [2012.07.22 21:34:12 | 001,193,176 | ---- | M] () -- C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.07.22 08:07:54 | 002,003,424 | ---- | M] () -- D:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.11.20 05:19:58 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.20 05:19:58 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.12.05 14:02:44 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV:64bit: - [2011.07.29 09:45:28 | 000,198,536 | ---- | M] (Daum Communications Corp.) [On_Demand | Stopped] -- C:\Program Files\Daum\Cleaner\DaumCleanerService.exe -- (DaumCleanerService) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.08.06 12:22:49 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.14 16:53:51 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Programme\Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.05.22 18:50:35 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.04.04 03:20:57 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.12.01 11:13:13 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2010.07.08 15:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- d:\Programme\TightVNC\tvnserver.exe -- (tvnserver) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- d:\Programme\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.07.13 02:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.09 13:01:15 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.22 01:10:47 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.04.22 01:10:46 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.16 19:49:00 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2010.08.24 10:45:08 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbicp.sys -- (uisp) DRV:64bit: - [2010.08.16 16:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2010.08.16 16:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.05.20 16:26:48 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2010.04.27 07:34:00 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3) DRV:64bit: - [2009.11.11 18:41:06 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64) DRV:64bit: - [2009.11.03 18:19:16 | 000,067,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\U46DRV.sys -- (U46_AA) DRV:64bit: - [2009.11.03 18:19:16 | 000,033,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\U46wdm.sys -- (U46WDM1_01) DRV:64bit: - [2009.10.16 22:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr) DRV:64bit: - [2009.09.23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 02:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch) DRV:64bit: - [2009.07.06 16:33:50 | 000,019,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc) DRV:64bit: - [2009.07.06 16:32:36 | 000,658,432 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.10.22 16:08:20 | 000,131,584 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0621.sys -- (SaiK0621) DRV - [2011.10.25 12:14:06 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daum.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 80 4A 74 7E E4 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3A40E547-20FD-44a2-94D0-1C98342D1507}: "URL" = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js - File not found FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Programme\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: d:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: d:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\David\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\David\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: d:\Programme\Mozilla Firefox 4.0 Beta 11\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: d:\Programme\Mozilla Firefox 4.0 Beta 11\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: d:\Programme\Mozilla Firefox\components [2012.07.22 08:07:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: d:\Programme\Mozilla Firefox\plugins [2012.05.22 09:01:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: d:\Programme\Mozilla Thunderbird\components [2012.05.22 09:01:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: d:\Programme\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.07.22 08:07:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.05.22 09:01:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Programme\Mozilla Firefox 4.0\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Programme\Mozilla Firefox 4.0\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: D:\Programme\Mozilla Firefox 4.0 Beta 11\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: D:\Programme\Mozilla Firefox 4.0 Beta 11\plugins [2011.11.25 17:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Extensions [2011.11.25 17:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.08.09 12:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\rc9wq55f.default\extensions [2012.07.10 18:19:10 | 000,000,000 | ---D | M] (FT Evo) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\rc9wq55f.default\extensions\{5c8c1470-d247-11e0-9572-0800200c9a66} [2012.07.28 13:39:20 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\rc9wq55f.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2012.05.09 15:36:37 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\rc9wq55f.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66} [2012.05.09 15:36:36 | 000,000,000 | ---D | M] (FT SleekDark) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\rc9wq55f.default\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012.03.30 09:03:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\rc9wq55f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.08.02 07:15:29 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\rc9wq55f.default\extensions\crossriderapp3491@crossrider.com [2012.08.02 08:54:15 | 000,000,000 | ---D | M] (Schnäppchenfuchs Gutscheinfinder) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\rc9wq55f.default\extensions\firefox@schnaeppchenfuchs.com [2012.05.22 09:55:59 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\rc9wq55f.default\extensions\ich@maltegoetz.de ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = d:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Winamp Application Detector (Enabled) = d:\Programme\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Google Update (Enabled) = C:\Users\David\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Veetle TV Player (Enabled) = d:\Programme\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = d:\Programme\Veetle\plugins\npVeetle.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Show Ratings in Youtube Search Results = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhgiglajjkfojfmceegddkgcgmjdiem\1.2.1_0\ CHR - Extension: Xmarks Bookmark Sync = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\ CHR - Extension: Xmarks Bookmark Sync = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak CHR - Extension: WOT = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.0_0\ CHR - Extension: Audiotool = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\ CHR - Extension: SmoothScroll = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\0.5_0\ CHR - Extension: Quick Earth = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeojemadjmljlaldbfijdpgjlheoghm\2.2_0\ CHR - Extension: Lookup Companion for Wikipedia = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\1.8.3_0\ CHR - Extension: pro grey = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhpebdanojkmhbbneclbkmpleemilaj\1.0_0\ CHR - Extension: PanicButton = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\ CHR - Extension: AdBlock = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: SearchPreview = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\2.7_0\ CHR - Extension: TabJump - Intelligenter Tab-Navigator = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf\0.7.9_0\ CHR - Extension: Date Today = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgknbehalhkedjgfhiaindklahhkccc\1.0.5_0\ CHR - Extension: Google Mail-Checker = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: FastestChrome - Browse Faster = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.4.6_0\ CHR - Extension: Vid-Saver = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.18.26_1\crossrider CHR - Extension: Vid-Saver = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.18.26_1\ O1 HOSTS File: ([2011.09.21 14:42:00 | 000,000,950 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 mp02.maniaplanet.com O1 - Hosts: 127.0.0.1 mp01.maniaplanet.com O1 - Hosts: 127.0.0.1 mp03.maniaplanet.com O1 - Hosts: 127.0.0.1 game.maniaplanet.com O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (215 Apps) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [JamInit] C:\Windows\SysNative\U46Pan.exe (EGO SYS) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [avast5] "d:\Programme\Avast5\avastUI.exe" /nogui File not found O4 - HKLM..\Run: [TaskTray] File not found O4 - HKCU..\Run: [$Volumouse$] D:\Programme\Volumouse\volumouse.exe (NirSoft) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk = D:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27FE2757-CCED-4B80-AA77-0E901EE9FD16}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C00819CF-FBAB-46E0-98B9-C7DABE821002}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\David\AppData\Roaming\msconfig.dat) - C:\Users\David\AppData\Roaming\msconfig.dat (cipyOW) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{d07571c0-f6dc-11df-939e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d07571c0-f6dc-11df-939e-806e6f6e6963}\Shell\AutoRun\command - "" = K:\autorun.exe O33 - MountPoints2\{d07571c1-f6dc-11df-939e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d07571c1-f6dc-11df-939e-806e6f6e6963}\Shell\AutoRun\command - "" = I:\CD_Start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2012.08.09 20:28:18 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2012.08.09 20:25:42 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.09 13:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner [2012.08.09 10:54:21 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com [2012.08.09 10:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.08.06 12:27:54 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.08.03 20:01:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\PMB Files [2012.08.03 20:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.08.01 14:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2012.07.30 11:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.07.17 14:26:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-defragRAM [2012.07.16 13:06:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Vid-Saver [2012.07.16 13:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vid-Saver [2012.07.16 11:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.16 11:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.01.11 13:53:45 | 000,094,063 | ---- | C] (cipyOW) -- C:\Users\David\AppData\Roaming\msconfig.dat ========== Files - Modified Within 30 Days ========== [2012.08.09 15:55:17 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.09 15:55:17 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.09 15:47:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.09 15:47:32 | 2608,734,208 | -HS- | M] () -- C:\hiberfil.sys [2012.08.09 15:46:33 | 000,000,168 | ---- | M] () -- C:\Users\David\defogger_reenable [2012.08.09 15:35:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.09 15:30:03 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2646788317-2611993891-4077248255-1001UA.job [2012.08.09 13:01:15 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2012.08.09 12:55:05 | 000,000,045 | ---- | M] () -- C:\Users\David\AppData\Roaming\msconfig.ini [2012.08.08 19:36:46 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2646788317-2611993891-4077248255-1001Core.job [2012.08.03 12:36:27 | 000,000,391 | ---- | M] () -- C:\Users\David\AppData\Roaming\burnaware.ini [2012.08.02 17:37:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.02 17:37:38 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.02 17:37:38 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.02 17:37:38 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.02 17:37:38 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.18 15:13:02 | 000,007,643 | ---- | M] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg [2012.07.17 08:37:37 | 000,428,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.16 13:06:55 | 000,000,658 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk ========== Files Created - No Company Name ========== [2012.08.09 15:46:33 | 000,000,168 | ---- | C] () -- C:\Users\David\defogger_reenable [2012.08.09 12:54:08 | 000,000,045 | ---- | C] () -- C:\Users\David\AppData\Roaming\msconfig.ini [2012.08.06 12:22:29 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\00000008.@ [2012.08.06 12:22:29 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\L\00000004.@ [2012.08.06 12:22:27 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\80000032.@ [2012.08.06 12:22:27 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\80000064.@ [2012.08.06 12:22:26 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\80000000.@ [2012.08.06 12:22:26 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\00000004.@ [2012.08.06 12:22:26 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\000000cb.@ [2012.07.16 13:06:55 | 000,000,658 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012.05.31 18:26:59 | 000,002,664 | ---- | C] () -- C:\Users\David\.recently-used.xbel [2012.03.26 17:05:14 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll [2012.03.16 13:49:05 | 000,050,536 | ---- | C] () -- C:\Windows\UTP.exe [2012.03.16 12:42:22 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe [2012.02.12 11:25:07 | 000,324,608 | ---- | C] () -- C:\Windows\SysWow64\libsndfile.dll [2012.01.12 11:30:34 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\FxGoWinFu.dll [2012.01.11 13:53:45 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\@ [2012.01.11 13:53:45 | 000,002,048 | -HS- | C] () -- C:\Users\David\AppData\Local\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\@ [2011.09.22 12:26:59 | 000,000,016 | ---- | C] () -- C:\Users\David\AppData\Roaming\msregsvv.dll [2011.09.22 12:26:59 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc [2011.07.12 00:23:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.05.24 23:42:22 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.24 18:16:31 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.24 18:16:23 | 000,000,307 | ---- | C] () -- C:\Windows\game.ini [2011.05.20 21:35:08 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.04.01 14:04:03 | 000,113,248 | ---- | C] () -- C:\Windows\SysWow64\U46asio32.dll [2011.02.03 12:38:50 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat [2011.01.16 19:48:40 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll [2011.01.16 19:48:40 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl [2011.01.16 19:47:58 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg [2011.01.16 19:47:58 | 000,000,484 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi [2011.01.16 19:47:57 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini [2011.01.13 14:01:57 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll [2010.12.09 19:19:03 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.12.09 15:18:02 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll [2010.12.09 15:18:02 | 000,000,032 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.12.01 11:14:08 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2010.12.01 11:14:08 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2010.11.29 16:32:20 | 000,000,274 | ---- | C] () -- C:\Windows\vtmb.ini [2010.11.22 23:57:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.22 14:58:17 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys [2010.11.22 14:57:07 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg [2010.11.22 14:57:05 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe [2010.11.22 14:12:02 | 000,000,391 | ---- | C] () -- C:\Users\David\AppData\Roaming\burnaware.ini [2010.11.22 04:08:49 | 000,007,643 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2008.12.11 12:27:24 | 003,544,721 | ---- | C] () -- C:\Users\David\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist [2008.12.11 11:53:20 | 000,003,012 | ---- | C] () -- C:\Users\David\AppData\Roaming\com.kennettnet.MusicRescue4.plist ========== LOP Check ========== [2012.07.02 16:38:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.minecraft [2012.02.23 21:58:21 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Ableton [2011.04.13 19:34:56 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Applied Acoustics Systems [2011.01.09 19:37:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Atari [2012.03.02 10:16:12 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Audacity [2012.03.02 09:52:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Celemony Software GmbH [2010.12.12 11:25:22 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Daichi [2011.06.19 16:33:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Deckadance16 [2012.07.02 21:17:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox [2011.05.20 21:23:26 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.16 12:22:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\FabFilter [2011.09.20 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GForce [2012.05.31 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\gtk-2.0 [2011.11.10 19:13:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\HLSW [2011.02.02 23:32:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICQ [2011.09.22 12:28:56 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IK Multimedia [2011.09.17 18:25:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Image-Line [2010.12.13 19:38:56 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\KORG [2011.09.19 16:03:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Lexicon PCM Native [2011.05.29 13:13:58 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Lionhead Studios [2011.04.30 10:20:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LolClient [2012.05.24 20:50:02 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LolClient2 [2012.08.09 15:46:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MediaMonkey [2012.08.01 11:51:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MiniLyrics [2012.08.01 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mp3tag [2012.03.23 15:57:24 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\nicotine [2011.03.31 10:43:37 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Notepad++ [2011.05.05 15:36:21 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Opera [2011.12.03 14:28:56 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Razer [2011.10.15 14:31:22 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\REAPER [2012.01.28 15:26:24 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Renoise [2012.02.23 21:58:47 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Renoise ReWire Engine [2011.11.25 17:45:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Songbird2 [2012.03.03 23:08:00 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SongManager [2012.06.25 14:00:30 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SPlayer [2012.08.09 12:45:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Spotify [2011.07.08 12:33:32 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Stardock [2010.11.22 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Steinberg [2010.11.27 01:23:42 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SynthMaker [2011.11.03 21:55:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab [2011.07.21 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TeamViewer [2011.06.29 19:06:27 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Thunderbird [2011.05.06 08:05:21 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Ubisoft [2012.08.01 12:03:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\uTorrent [2011.09.20 11:45:45 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Waldorf [2010.12.10 23:30:18 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Waves [2010.11.22 19:11:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Waves Audio [2010.12.13 19:40:24 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Waves Preferences [2010.11.25 23:50:35 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\XnView [2012.04.21 12:27:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012.03.19 21:45:40 | 000,000,710 | ---- | M] ()(C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Daum ?????.lnk) -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Daum 팟플레이어.lnk [2012.03.19 21:45:40 | 000,000,710 | ---- | C] ()(C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Daum ?????.lnk) -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Daum 팟플레이어.lnk < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.08.2012 11:19:44 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\*****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,24 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 67,40% Memory free
6,17 Gb Paging File | 5,14 Gb Available in Paging File | 83,33% Paging File free
Paging file location(s): e:\pagefile.sys 3000 3000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 4,64 Gb Free Space | 7,93% Space Free | Partition Type: NTFS
Drive D: | 1338,66 Gb Total Space | 14,53 Gb Free Space | 1,09% Space Free | Partition Type: NTFS
Drive E: | 454,38 Gb Total Space | 24,57 Gb Free Space | 5,41% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 34,86 Gb Free Space | 7,48% Space Free | Partition Type: NTFS
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.ini[@ = Notepad++_file] -- D:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = Notepad++_file] -- D:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.ini [@ = Notepad++_file] -- D:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt [@ = Notepad++_file] -- D:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{20C9EDE0-8009-434b-9A52-12337A8C9625}" = Native Instruments Maschine Mikro
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{57019733-78E6-43DE-8E6D-55349F0FDE6F}" = inSSIDer 2.0
"{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}" = Microsoft IntelliPoint 7.1
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{cd3a2409-1a62-4785-afe3-44ada813c9df}" = Native Instruments The Finger
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.6.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6FD24B4-34A3-4635-8ECD-7B5C791EAE5F}" = Wing Commander Saga 1.0.2.7795
"{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"C-Media PCI Audio Driver" = Theatron DD
"DaumCleaner" = Daum Ŭ¸®³Ê
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"VLC media player" = VLC media player 2.0.2
"z3ta+_x64_is1" = rgc:audio z3ta+ 1.5 (x64)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0A3A9522-EFA2-4C56-9138-101692C2A130}" = System Requirements Lab
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E14356A-12FC-4616-B17D-15B7C80E0D7B}" = Nepheton 1.4.5
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F9F096B-9EF0-43A2-91C8-4613835312F7}" = Z-defragRAM
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{15FA5ED6-2F98-4B5E-AF0B-18E5F4723FAD}_is1" = Cities In Motion
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1E958728-CFA3-454A-A2D6-42A9FF718480}" = Intel(R) C++ Redistributables for Windows* on IA-32
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.1.2903
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{294B9A61-B4D6-4EDB-91BF-354619C43FE2}" = PCM Native Reverb Bundle
"{2A2820DB-CB78-4C24-9F48-49E67B0337E1}" = Phoscyon 1.8.0
"{2A6B7A8F-283D-474D-9C31-376B1A816FD3}" = Fazortan 1.2.0
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3364BD16-5A28-4862-86A1-A8FF5FD23919}" = Music Rescue
"{34D52D01-C65D-4A29-99E0-E02030597B4F}_is1" = Cities In Motion - Patch 1.0.13
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4DF4CAB9-B628-4924-AD9A-1C457DD2960A}" = VirtualDJ Home FREE
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5F503B34-022D-4C56-9D40-53D2916CE3C9}" = Music Rescue
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{6DF1B3E4-3EF6-4BFD-8C60-ABBCD423B5A6}_is1" = TrackMania 2 - Canyon
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{75E9A522-65D2-4200-A95F-C3EF89703263}" = Lyrics Plugin for Winamp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F55748C-CCDB-4942-99F8-C221D7BD5C26}" = Nithonat
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{833F99E1-D2A5-49EA-A71D-1D5924110708}_is1" = BC Manager 2.3.2
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9827F889-0368-49EC-8F07-7C30ECE47CF0}" = Drumazon 1.4.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9FDD5036-9E5F-49AC-9364-CA22848EA5B3}_is1" = ]1.0
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 11 Professional
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1371574-4B13-4D3E-8F47-48C698732B00}" = Sonic & SEGA All-Stars Racing
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}" = Age of Empires II - the Conquerors WideScreen Patcher
"{BD9FA1D6-DFA7-4C89-8956-D96CCC7A296A}" = Utilitaire client sans fil TP-LINK
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E074C49C-68D5-4949-ABB8-C712652A3FF8}" = Redoptor 1.2.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"112dB Morgana VSTi_is1" = 112dB Morgana VSTi v1.2.7.873
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"8 2011" = 8 2011
"8 Skin Pack" = 8 Skin Pack 11-X64
"Addictive Drums" = Addictive Drums
"Addictive Drums Inno Setup_is1" = Addictive Drums 1.5.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1" = Age of Empires II - The Conquerors - 1.0e Patch FINAL
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Analog Factory_is1" = Analog Factory 2.5
"AP Tuner 3.08" = AP Tuner 3.08
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"bexplore 2011" = bexplore 2011
"BurnAware Free_is1" = BurnAware Free 5.0.1
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"ClassicPro" = ClassicPro© v1.99.007
"CUBE 2" = CUBE 2
"Deckadance" = Deckadance
"Deus Ex Human Revolution Deutscher Untertitel Patch für die Englische Version 1.00" = Deus Ex Human Revolution Deutscher Untertitel Patch für die Englische Version 1.00
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Drumaxx" = Drumaxx
"EarMaster School 5_is1" = EarMaster School 5
"Easy Video Joiner_is1" = Easy Video Joiner 5.21
"eLicenser Control" = eLicenser Control
"EncSpot Basic_is1" = EncSpot Basic 2.0
"ESI- U46 Audio Driver Setup" = ESI- U46 Audio Driver
"FabFilter Timeless VST RTAS_is1" = FabFilter Timeless VST RTAS v2.00
"FabFilter Volcano VST RTAS_is1" = FabFilter Volcano VST RTAS v2.02
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Fixed Noise OTTO" = Fixed Noise OTTO
"FL Studio 10" = FL Studio 10
"FL Studio 10.6" = FL Studio 10.6
"FL Studio 9" = FL Studio 9
"FL Studio 9.5" = FL Studio 9.5
"FL Studio 9.8" = FL Studio 9.8
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.1.13
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"FreeMat" = FreeMat
"GamersFirst LIVE!" = GamersFirst LIVE!
"GForce impOSCar v1.10 VSTi RTAS" = GForce impOSCar v1.10 VSTi RTAS
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Groove Machine" = Groove Machine
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"Guitarist Library_is1" = Sugar Bytes Guitarist Library 1.0
"Hardcore" = Hardcore
"HLSW_is1" = HLSW v1.4.0.2
"hon" = Heroes of Newerth
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"Impulse" = Impulse
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"Live 8.2.1" = Live 8.2.1
"Live 8.2.5" = Live 8.2.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Lounge Lizard EP-3" = Applied Acoustics Systems - Lounge Lizard EP-3 v3.1
"Mass Effect 3 v1.1.5427.4_is1" = Mass Effect 3 v1.1.5427.4
"MathMap-1.3.5_is1" = MathMap-1.3.5
"MediaMonkey Script: MiniLyrics Embedder v1.4b_is1" = MediaMonkey Script: MiniLyrics Embedder v1.4b
"MediaMonkey_is1" = MediaMonkey 4.0
"Minecraft Cracked" = Minecraft Cracked
"MiniLyrics" = Minilyrics
"Minimonsta" = GForce - Minimonsta
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Moog Modular V_is1" = Moog Modular V v2.2
"Mozilla Firefox 4.0b11 (x86 de)" = Mozilla Firefox 4.0b11 (x86 de)
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"Mp3tag" = Mp3tag v2.50
"MuvUnder Cover" = MuvUnder Cover: The Album Art Sleuth
"MyPeople" = Daum ¸¶ÀÌÇÇÇÃ
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Hardware Controller Support" = Native Instruments Hardware Controller Support
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Maschine" = Native Instruments Maschine
"Native Instruments Maschine Controller" = Native Instruments Maschine Controller
"Native Instruments Maschine Driver" = Native Instruments Maschine Driver
"Native Instruments Maschine Mikro" = Native Instruments Maschine Mikro
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Reaktor Spark" = Native Instruments Reaktor Spark
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments The Finger" = Native Instruments The Finger
"Native Instruments Traktor" = Native Instruments Traktor
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Nicotine+" = Nicotine+ (1.2.16)
"Notepad++" = Notepad++
"NSchach3a_is1" = N Schach 3
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PCM Native Reverb Bundle" = PCM Native Reverb Bundle
"Pianoteq23" = Pianoteq v2.3.0
"PoiZone" = PoiZone
"Postal 2_is1" = Portal 2
"PotPlayer" = Daum PotPlayer 1.5.32007
"Predator_is1" = Rob Papen Predator V1.5.8 32 Bits Multi-Core
"PunkBusterSvc" = PunkBuster Services
"REAPER" = REAPER
"reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9
"reFX Nexus 1.4.1_is1" = reFX Nexus 1.4.1
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"reFX Vanguard_is1" = reFX Vanguard VSTi RTAS v1.8.0
"Renoise 2.5.1_is1" = Renoise 2.5.1
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"Rob Papen Albino 3" = Rob Papen Albino 3
"Rob Papen BLUE Version 1.7.0_is1" = Rob Papen BLUE Version 1.7.0
"RocketDock_is1" = RocketDock 1.3.5
"Sakura" = Sakura
"Sawer" = Sawer
"ShiftWindow_is1" = ShiftWindow 1.02
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"Softube FET Compressor VST RTAS_is1" = Softube FET Compressor VST RTAS v1.0.3
"Songbird-release-2160" = Songbird 1.10.1 (Build 2160)
"SopCast" = SopCast 3.5.0
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"SPlayer" = SPlayer
"StarCraft II" = StarCraft II
"Steam App 400" = Portal
"Steam App 42320" = Sixense MIDI Controller
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 99900" = Spiral Knights
"Sylenth1_is1" = Sylenth1 v2.20
"Tansee iPod Transfer_is1" = Tansee iPod Transfer v3.8
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"The KMPlayer" = The KMPlayer (remove only)
"TightVNC" = TightVNC 2.0.2
"TmNationsForever_is1" = TmNationsForever
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"Tone2 Warmverb multi-FX full_is1" = Tone2 Warmverb multi-FX full
"Totalcmd" = Total Commander (Remove or Repair)
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Vember Audio SURGE" = Vember Audio SURGE
"Vid-Saver" = Vid-Saver
"Waldorf Largo" = Waldorf Largo
"WaveLabPro" = WaveLab 6
"Waves Mercury Complete VST DX RTAS_is1" = Waves Mercury Complete VST DX RTAS v1.01
"Winamp" = Winamp
"Winamp Essentials Pack" = Winamp Essentials Pack
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"XILS-lab Synthix_is1" = XILS-lab Synthix v1.0.1
"XILS-lab XILS-3_is1" = XILS-lab XILS-3 VSTi RTAS v1.3.0
"XnView_is1" = XnView 1.97.8
"Z3TA+ 2_is1" = Z3TA+ 2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CD Bremse_is1" = CD Bremse 1.49
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Firefox 4.0b12 (x86 de)" = Mozilla Firefox 4.0b12 (x86 de)
"Octopus" = Octopus
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.07.2012 10:25:45 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0,
Zeitstempel: 0x4e65c1ac Name des fehlerhaften Moduls: rads_user_kernel.exe, Version:
0.0.0.0, Zeitstempel: 0x4e65c1ac Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b8554
ID
des fehlerhaften Prozesses: 0xfdc Startzeit der fehlerhaften Anwendung: 0x01cd6e5f34d3e036
Pfad
der fehlerhaften Anwendung: D:\Spiele\LOLPBE\RADS\system\rads_user_kernel.exe Pfad
des fehlerhaften Moduls: D:\Spiele\LOLPBE\RADS\system\rads_user_kernel.exe Berichtskennung:
72967412-da52-11e1-86a2-0022686f5296
Error - 30.07.2012 15:46:57 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0,
Zeitstempel: 0x4e65c1ac Name des fehlerhaften Moduls: rads_user_kernel.exe, Version:
0.0.0.0, Zeitstempel: 0x4e65c1ac Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b8554
ID
des fehlerhaften Prozesses: 0x249c Startzeit der fehlerhaften Anwendung: 0x01cd6e8c11ceeba7
Pfad
der fehlerhaften Anwendung: D:\Spiele\LOLPBE\RADS\system\rads_user_kernel.exe Pfad
des fehlerhaften Moduls: D:\Spiele\LOLPBE\RADS\system\rads_user_kernel.exe Berichtskennung:
51a80b46-da7f-11e1-86a2-0022686f5296
Error - 02.08.2012 01:14:31 | Computer Name = *****-PC | Source = PandoraService.exe | ID = 0
Description =
Error - 03.08.2012 13:36:38 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FL.exe, Version: 0.0.0.0, Zeitstempel:
0x4d3574e7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000006 Fehleroffset: 0x0002f50f ID des fehlerhaften Prozesses:
0xcd8 Startzeit der fehlerhaften Anwendung: 0x01cd7177356929cb Pfad der fehlerhaften
Anwendung: D:\Musikprogramme\FL Studio 10.6 beta\FL.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\ntdll.dll Berichtskennung: c6b862fd-dd91-11e1-9374-0022686f5296
Error - 03.08.2012 13:36:38 | Computer Name = *****-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm FL Studio engine launcher wurde wegen dieses
Fehlers geschlossen. Programm: FL Studio engine launcher Datei: Der Fehlerwert ist
im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die
Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig
behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht
auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte
der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass
eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger,
wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger
richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem,
indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
/F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie
wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien
auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: C000026E Datenträgertyp:
0
Error - 03.08.2012 13:53:06 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0,
Zeitstempel: 0x4e65c1ac Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0x40000015 Fehleroffset: 0x000046b4 ID des fehlerhaften
Prozesses: 0x750 Startzeit der fehlerhaften Anwendung: 0x01cd719fbcc8a102 Pfad der
fehlerhaften Anwendung: D:\Spiele\LoL\League of Legends\RADS\system\rads_user_kernel.exe
Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
13a4431b-dd94-11e1-a693-0022686f5296
Error - 03.08.2012 14:00:16 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0,
Zeitstempel: 0x4e65c1ac Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0x40000015 Fehleroffset: 0x000046b4 ID des fehlerhaften
Prozesses: 0x208 Startzeit der fehlerhaften Anwendung: 0x01cd71a0e62bd84f Pfad der
fehlerhaften Anwendung: D:\Spiele\LoL\League of Legends\RADS\system\rads_user_kernel.exe
Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
13cd7030-dd95-11e1-a693-0022686f5296
Error - 03.08.2012 15:27:00 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0,
Zeitstempel: 0x4e65c1ac Name des fehlerhaften Moduls: rads_user_kernel.exe, Version:
0.0.0.0, Zeitstempel: 0x4e65c1ac Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b8554
ID
des fehlerhaften Prozesses: 0x1288 Startzeit der fehlerhaften Anwendung: 0x01cd71adf16c161f
Pfad
der fehlerhaften Anwendung: D:\Spiele\LoL\League of Legends\RADS\system\rads_user_kernel.exe
Pfad
des fehlerhaften Moduls: D:\Spiele\LoL\League of Legends\RADS\system\rads_user_kernel.exe
Berichtskennung:
32030a46-dda1-11e1-a693-0022686f5296
Error - 03.08.2012 15:27:05 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0,
Zeitstempel: 0x4e65c1ac Name des fehlerhaften Moduls: rads_user_kernel.exe, Version:
0.0.0.0, Zeitstempel: 0x4e65c1ac Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b8554
ID
des fehlerhaften Prozesses: 0x1320 Startzeit der fehlerhaften Anwendung: 0x01cd71adf776ce45
Pfad
der fehlerhaften Anwendung: D:\Spiele\LoL\League of Legends\RADS\system\rads_user_kernel.exe
Pfad
des fehlerhaften Moduls: D:\Spiele\LoL\League of Legends\RADS\system\rads_user_kernel.exe
Berichtskennung:
3531e7f4-dda1-11e1-a693-0022686f5296
Error - 03.08.2012 15:27:11 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0,
Zeitstempel: 0x4e65c1ac Name des fehlerhaften Moduls: rads_user_kernel.exe, Version:
0.0.0.0, Zeitstempel: 0x4e65c1ac Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b8554
ID
des fehlerhaften Prozesses: 0x1154 Startzeit der fehlerhaften Anwendung: 0x01cd71adfa988c62
Pfad
der fehlerhaften Anwendung: D:\Spiele\LoL\League of Legends\RADS\system\rads_user_kernel.exe
Pfad
des fehlerhaften Moduls: D:\Spiele\LoL\League of Legends\RADS\system\rads_user_kernel.exe
Berichtskennung:
3855a1e9-dda1-11e1-a693-0022686f5296
Error - 03.08.2012 15:27:17 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0,
Zeitstempel: 0x4e65c1ac Name des fehlerhaften Moduls: rads_user_kernel.exe, Version:
0.0.0.0, Zeitstempel: 0x4e65c1ac Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b8554
ID
des fehlerhaften Prozesses: 0x494 Startzeit der fehlerhaften Anwendung: 0x01cd71adfe293a8f
Pfad
der fehlerhaften Anwendung: D:\Spiele\LOL\League of Legends\RADS\system\rads_user_kernel.exe
Pfad
des fehlerhaften Moduls: D:\Spiele\LOL\League of Legends\RADS\system\rads_user_kernel.exe
Berichtskennung:
3be51791-dda1-11e1-a693-0022686f5296
[ Media Center Events ]
Error - 03.01.2011 16:51:11 | Computer Name = *****-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) WinTV Nova-T
Stick DVB-T Tuner (Dev1 Path0)
Error - 03.01.2011 16:51:11 | Computer Name = *****-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) WinTV Nova-T
Stick DVB-T Tuner (Dev1 Path0)
Error - 30.01.2011 14:36:00 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 19:35:44 - EpgListings konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 12.03.2011 04:27:15 | Computer Name = *****-PC | Source = ehRecvr | ID = 3
Error - 12.03.2011 04:28:29 | Computer Name = *****-PC | Source = ehRecvr | ID =
3
Error - 04.07.2011 06:04:56 | Computer Name = *****-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) WinTV Nova-T
Stick DVB-T Tuner (Dev1 Path0)
Error - 04.07.2011 06:04:56 | Computer Name = *****-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) WinTV Nova-T
Stick DVB-T Tuner (Dev1 Path0)
Error - 03.11.2011 01:39:23 | Computer Name = *****-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) WinTV Nova-T
Stick DVB-T Tuner (Dev1 Path0)
Error - 03.12.2011 06:51:58 | Computer Name = *****-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) WinTV Nova-T
Stick DVB-T Tuner (Dev1 Path0)
Error - 03.12.2011 06:51:58 | Computer Name = *****-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) WinTV Nova-T
Stick DVB-T Tuner (Dev1 Path0)
Error - 05.01.2012 14:56:33 | Computer Name = *****-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) WinTV Nova-T
Stick DVB-T Tuner (Dev1 Path0)
[ System Events ]
Error - 08.08.2012 02:46:40 | Computer Name = *****-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 08.08.2012 02:46:41 | Computer Name = *****-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 08.08.2012 02:46:42 | Computer Name = *****-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 09.08.2012 05:14:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 09.08.2012 05:14:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 09.08.2012 05:14:47 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 09.08.2012 05:14:49 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 09.08.2012 05:15:46 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 09.08.2012 05:15:46 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 09.08.2012 05:17:27 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866287
Description =
< End of report >
|
|
09.08.2012, 16:53
| #2 |
| /// Helfer-Team  | BKA Virus 09.08.2012 Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - [2012.08.09 15:48:17 | 000,192,512 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.08.09 15:48:17 | 000,172,032 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\sfareca00001.dll
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3A40E547-20FD-44a2-94D0-1C98342D1507}: "URL" = http://search.daum.net/search?nil_profile=ie&ref_code=ms&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js - File not found
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
O4 - HKLM..\Run: [avast5] "d:\Programme\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [TaskTray] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\David\AppData\Roaming\msconfig.dat) - C:\Users\David\AppData\Roaming\msconfig.dat (cipyOW)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d07571c0-f6dc-11df-939e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d07571c0-f6dc-11df-939e-806e6f6e6963}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{d07571c1-f6dc-11df-939e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d07571c1-f6dc-11df-939e-806e6f6e6963}\Shell\AutoRun\command - "" = I:\CD_Start.exe
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2012.01.11 13:53:45 | 000,094,063 | ---- | C] (cipyOW) -- C:\Users\David\AppData\Roaming\msconfig.dat
[2012.01.11 13:53:45 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\@
[2012.01.11 13:53:45 | 000,002,048 | -HS- | C] () -- C:\Users\David\AppData\Local\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\@
[2012.08.09 15:35:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.09 15:30:03 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2646788317-2611993891-4077248255-1001UA.job
[2012.08.08 19:36:46 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2646788317-2611993891-4077248255-1001Core.job
[2012.08.06 12:22:29 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\00000008.@
[2012.08.06 12:22:29 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\L\00000004.@
[2012.08.06 12:22:27 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\80000032.@
[2012.08.06 12:22:27 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\80000064.@
[2012.08.06 12:22:26 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\80000000.@
[2012.08.06 12:22:26 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\00000004.@
[2012.08.06 12:22:26 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\000000cb.@
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
09.08.2012, 17:30
| #3 |
| | BKA Virus 09.08.2012 Danke, scheint funktioniert zu haben
__________________die logs: Code:
ATTFilter ========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Users\Babsi\AppData\Local\Temp\mtokusimispg.exe not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: David
->Temp folder emptied: 144733325 bytes
->Temporary Internet Files folder emptied: 29935573 bytes
->Java cache emptied: 3038017 bytes
->FireFox cache emptied: 184812209 bytes
->Google Chrome cache emptied: 27977293 bytes
->Flash cache emptied: 3109482 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: UpdatusUser.David-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
Total Flash Files Cleaned = 376.00 mb
[EMPTYTEMP]
User: All Users
User: David
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: UpdatusUser.David-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53550690 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
Total Files Cleaned = 52.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 08092012_142542
Code:
ATTFilter All processes killed
========== OTL ==========
Releasing module C:\Users\David\AppData\Local\Temp\sfamcc00001.dll
C:\Users\David\AppData\Local\Temp\sfamcc00001.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A40E547-20FD-44a2-94D0-1C98342D1507}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A40E547-20FD-44a2-94D0-1C98342D1507}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\David\AppData\Roaming\msconfig.dat deleted successfully.
C:\Users\David\AppData\Roaming\msconfig.dat moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. H:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d07571c0-f6dc-11df-939e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d07571c0-f6dc-11df-939e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d07571c0-f6dc-11df-939e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d07571c0-f6dc-11df-939e-806e6f6e6963}\ not found.
File K:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d07571c1-f6dc-11df-939e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d07571c1-f6dc-11df-939e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d07571c1-f6dc-11df-939e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d07571c1-f6dc-11df-939e-806e6f6e6963}\ not found.
File I:\CD_Start.exe not found.
File C:\Users\David\AppData\Roaming\msconfig.dat not found.
C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\@ moved successfully.
C:\Users\David\AppData\Local\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\@ moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2646788317-2611993891-4077248255-1001UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2646788317-2611993891-4077248255-1001Core.job moved successfully.
C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\00000008.@ moved successfully.
C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\L\00000004.@ moved successfully.
C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\80000032.@ moved successfully.
C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\80000064.@ moved successfully.
C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\80000000.@ moved successfully.
C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\00000004.@ moved successfully.
C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\000000cb.@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\David\Desktop\cmd.bat deleted successfully.
C:\Users\David\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: David
->Temp folder emptied: 250164 bytes
->Temporary Internet Files folder emptied: 4475896 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 330121374 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3483 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: UpdatusUser.David-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 2591437391 bytes
Total Files Cleaned = 2.791,00 mb
[EMPTYFLASH]
User: All Users
User: David
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
User: UpdatusUser.David-PC
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08092012_192142
Files\Folders moved on Reboot...
File move failed. H:\AUTORUN.INF scheduled to be moved on reboot.
C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
[2006.03.24 13:06:41 | 000,000,053 | R--- | M] () H:\AUTORUN.INF : MD5=F238E17075487D219CB5EC9298E8A14E
File C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
10.08.2012, 13:23
| #4 |
| /// Helfer-Team | BKA Virus 09.08.2012 Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
10.08.2012, 19:42
| #5 |
| | BKA Virus 09.08.2012 hey, also der Rechner läuft meiner Meinung nach normal. hier der Adw log: Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/10/2012 at 21:40:58
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : David - DAVID-PC
# Running from : C:\Users\David\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\InstallMate
***** [Registry] *****
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Wise Solutions
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
[x64] Key Found : HKCU\Software\Cr_Installer
[x64] Key Found : HKCU\Software\InstalledBrowserExtensions
[x64] Key Found : HKCU\Software\Softonic
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v5.0 (de)
Profile name : default
File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rc9wq55f.default\prefs.js
Found : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Found : user_pref("extensions.crossriderapp3491@crossrider.com.install-event-fired", true);
Found : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{b9db16a4-6edc-47ec-a1f4-b86[...]
-\\ Google Chrome v21.0.1180.75
File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "name": "Show Ratings in Youtube Search Results",
Found : "name": "Winamp Application Detector",
Found : "name": "Winamp Application Detector"
*************************
AdwCleaner[R1].txt - [2056 octets] - [10/08/2012 21:40:58]
########## EOF - C:\AdwCleaner[R1].txt - [2184 octets] ##########
|
|
10.08.2012, 19:45
| #6 |
| /// Helfer-Team | BKA Virus 09.08.2012 Malwarebytes Log? (Reiter Logdateien)
__________________ --> BKA Virus 09.08.2012 |
|
10.08.2012, 20:09
| #7 |
| | BKA Virus 09.08.2012 Hier die Malwarebytes logs (habe zwischendurch abgebrochen, aber jedes Laufwerk vollstädig gescannt) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 David :: DAVID-PC [Administrator] 10.08.2012 17:28:35 mbam-log-2012-08-10 (17-28-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 688835 Laufzeit: 3 Stunde(n), 12 Minute(n), 29 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 1 C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1508 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 17 C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart. C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\David\AppData\Local\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\n (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\n (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08092012_192142\C_Users\David\AppData\Roaming\msconfig.dat (Trojan.Winlock.P) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08092012_192142\C_Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08092012_192142\C_Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\000000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08092012_192142\C_Windows\Installer\{43c5ffe2-9163-423e-aec5-ebe63a4aeed7}\U\80000032.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\images\Call_of_Duty_4_Modern_Warfare_1.7_Online\Call of Duty 4 - Modern Warfare\KeyGen\KeyGen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Programme\Phoenix\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> Löschen bei Neustart. D:\Programme\Phoenix\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Programme\Phoenix\Phx_data\Res\RICO.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Programme\Phoenix\Phx_data\Res\ss.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Programme\uTorrent\downloads\Cockos.REAPER.v4.10.Incl.Keyfilemaker.And.Patch-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Programme\uTorrent\downloads\Cockos.REAPER.v4.10.Incl.Keyfilemaker.And.Patch-CORE\keygen.exe (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Spiele\Fable III\paul.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 David :: DAVID-PC [Administrator] 10.08.2012 20:47:39 mbam-log-2012-08-10 (20-47-39).txt Art des Suchlaufs: Vollständiger Suchlauf (E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 295840 Laufzeit: 14 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1508 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Cr_Installer\3491 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Daten: Vid-Saver -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 David :: DAVID-PC [Administrator] 10.08.2012 21:04:09 mbam-log-2012-08-10 (21-04-09).txt Art des Suchlaufs: Vollständiger Suchlauf (F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 262394 Laufzeit: 13 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1508 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 23 F:\backups\Programme\Microsoft.Office.Professional.Plus.2010.x86.German.VL.Edition-TIw\mini-KMS_Activator_v1.053_Office.2010.VL.ENG\mini-KMS_Activator_v1.053_ENG.exe (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt. C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart. F:\backups\Programme\Microsoft.Office.Professional.Plus.2010.x86.German.VL.Edition-TIw\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\backups\Programme\Microsoft.Office.Professional.Plus.2010.x86.German.VL.Edition-TIw\Raz0r\O1.6.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\found.000\dir0001.chk\RP286\A0137624.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\found.000\dir0001.chk\RP286\A0137661.EXE (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\found.000\dir0001.chk\RP303\A0150578.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\found.000\dir0001.chk\RP303\A0150580.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\found.000\dir0001.chk\RP304\A0152326.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\found.000\dir0001.chk\RP307\A0159891.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\found.000\dir0001.chk\RP307\A0159979.exe (Trojan.Agent.ck) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
10.08.2012, 20:15
| #8 |
| /// Helfer-Team | BKA Virus 09.08.2012
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
09.09.2012, 02:35
| #9 |
| /// Helfer-Team | BKA Virus 09.08.2012 Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu BKA Virus 09.08.2012 |
| 0xc0000006, 7-zip, adblock, autorun, bho, black, bonjour, browser, canon, converter, cubase, document, driver genius, error, festplatte, firefox, flash player, google earth, homepage, install.exe, jdownloader, langs, logfile, mozilla, mp3, msvcr80.dll, nexus, nicht möglich, ntdll.dll, nvidia update, pandora.tv, plug-in, problem, realtek, registry, rundll, scan, schach, security, software, spark, spotify web helper, stick, teamspeak, total commander, virus, warnung, windows |
Linear-Darstellung
