| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer wurde gesperrt, kann mit 100€ über Ukash entsperrt werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.08.2012, 10:53
| #1 |
| |  Computer wurde gesperrt, kann mit 100€ über Ukash entsperrt werden Während dem surfen erschien die Meldung: "Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt." Oben rechts ist das Logo der Schweizerischen Eidgenossenschaft platziert und man wird aufgefordert 100 Euro via ukash zu bezahlen (wie beim Thema: Ihr Computer wurde gesperrt - schweizer Eidgenossenschaft, im Forum ). Das gleiche erscheint auch, wenn ich den Computer wieder hochfahre, noch bevor ich in die Desktop-Ansicht gelange. Ich habe mich schon ein wenig umgeschaut und bin auf vergleichbare Probleme anderer User gestossten. Als ich aber gelesen habe das der Problemlösevorgang individuell sei, habe ich mich entschlossen, hier selbst nach Hilfe zu fragen. Ich möchte mich schon im Voraus für die Hilfe und investierte Zeit bedanken |
|
12.08.2012, 21:39
| #2 |
| /// Helfer-Team  | Computer wurde gesperrt, kann mit 100€ über Ukash entsperrt werden 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
13.08.2012, 19:02
| #3 |
| | Computer wurde gesperrt, kann mit 100€ über Ukash entsperrt werden OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 13.08.2012 19:57:59 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Alain\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 8.00 Gb Total Physical Memory | 7.02 Gb Available Physical Memory | 87.74% Memory free 15.99 Gb Paging File | 15.07 Gb Available in Paging File | 94.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.79 Gb Total Space | 13.46 Gb Free Space | 12.04% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive E: | 931.41 Gb Total Space | 80.20 Gb Free Space | 8.61% Space Free | Partition Type: NTFS Drive F: | 883.25 Mb Total Space | 859.14 Mb Free Space | 97.27% Space Free | Partition Type: FAT Computer Name: ALAIN-PC | User Name: Alain | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alain\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (L4301_Solar) -- C:\Programme\Logitech\SolarApp\L4301_Solar.exe (Logitech, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (BRA_Scheduler) -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe () SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe () SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation) DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation) DRV:64bit: - (qcusbser) -- C:\Windows\SysNative\drivers\qcusbser.sys (QUALCOMM Incorporated) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (VLAN) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (s117unic) -- C:\Windows\SysNative\drivers\s117unic.sys (MCCI Corporation) DRV:64bit: - (s117obex) -- C:\Windows\SysNative\drivers\s117obex.sys (MCCI Corporation) DRV:64bit: - (s117nd5) -- C:\Windows\SysNative\drivers\s117nd5.sys (MCCI Corporation) DRV:64bit: - (s117mdm) -- C:\Windows\SysNative\drivers\s117mdm.sys (MCCI Corporation) DRV:64bit: - (s117mgmt) -- C:\Windows\SysNative\drivers\s117mgmt.sys (MCCI Corporation) DRV:64bit: - (s117mdfl) -- C:\Windows\SysNative\drivers\s117mdfl.sys (MCCI Corporation) DRV:64bit: - (s117bus) -- C:\Windows\SysNative\drivers\s117bus.sys (MCCI Corporation) DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (FLASHSYS) -- C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{A7681078-1318-4B8E-9676-7D99903F8748}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.igoogle.ch/ IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 52 AC 38 4B F1 CB 01 [binary data] IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{54445FEC-3AB3-4aee-A5A9-2D88292E5520}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{5898496E-7EF5-42ae-9DB4-538A1A69ADBE}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{7E2BDD9E-3D41-4ce9-888C-A5A2BB980CD1}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{A7681078-1318-4B8E-9676-7D99903F8748}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alain\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alain\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.27 22:38:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 23:13:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.24 23:17:17 | 000,000,204 | ---- | M] () [2011.04.02 17:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alain\AppData\Roaming\mozilla\Extensions [2012.07.26 22:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\3autnh3f.default\extensions [2011.11.25 21:59:21 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\3autnh3f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.24 16:22:15 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\3autnh3f.default\extensions\2.0@disconnect.me [2012.05.23 17:56:42 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alain\AppData\Roaming\mozilla\Firefox\Profiles\3autnh3f.default\extensions\ich@maltegoetz.de [2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\3autnh3f.default\searchplugins\startsear.xml [2012.06.07 21:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.21 23:13:35 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.08 00:30:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.08 00:30:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.08 00:30:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.08 00:30:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.08 00:30:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.08 00:30:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.ch/ CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.ch/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Alain\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alain\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alain\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Alain\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Alain\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AT_OP = C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecaabliejjdikjnkahhikeelbblahgoi\3_0\ CHR - Extension: AdBlock = C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: vshare plugin = C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Alain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ASUS Sync Loader] C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe (Futuredial Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3833450142-516823475-3499998858-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKU\S-1-5-21-3833450142-516823475-3499998858-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab () O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D037878-68C5-47DE-B553-8D8F0DFD5AFF}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF69489A-D560-4A41-BFE2-4F7F658BF197}: DhcpNameServer = 10.0.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c3e5fb77-fa20-11de-a50d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c3e5fb77-fa20-11de-a50d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.13 19:56:49 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Alain\Desktop\OTL.exe [2012.08.13 19:31:28 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Roaming\Malwarebytes [2012.08.13 19:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.13 19:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.13 19:31:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.13 19:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.11 22:31:59 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{8F49C32B-9040-41C6-AB28-58C429365AB9} [2012.08.11 22:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\cdktkseqlmbywxc [2012.08.08 17:26:07 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{24C04313-ACFB-4F7F-ACF3-4327673BD8AE} [2012.08.08 17:25:56 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{EA31F2DA-8148-49EF-BC43-26AE81F7DA97} [2012.08.07 18:52:22 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{AF6F718B-912B-4D66-AD1F-3B06BA85BF36} [2012.08.07 18:52:11 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{10F54BE2-C12B-410A-B4C6-368EEF6289EF} [2012.08.05 20:16:13 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{F84BBC0A-E46A-4D9C-971E-DCE99C41F3C1} [2012.08.05 20:16:02 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{D61B0BA2-1875-41D3-BCA8-AD963C25121F} [2012.08.04 08:52:13 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{AB99FBD8-8F33-4D8F-9FF6-522A0BB4EB76} [2012.08.04 08:52:02 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{EC66745F-4506-4BB9-925E-998FA1AA63EC} [2012.08.03 20:51:37 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{4F7D2C2C-40BD-44D1-9F01-05941044579A} [2012.08.03 20:51:27 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{605B7B56-CEF3-4871-98E4-6306815925DE} [2012.08.03 13:46:19 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{C0C0187C-1CE1-451C-A9DF-21198B40F02F} [2012.08.02 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{FE8353FB-9885-463C-9FAB-22D36CB0C369} [2012.07.31 17:49:15 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{CC320DBA-CA85-4107-9D4A-2DF4902DCDB0} [2012.07.31 17:49:04 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{4EECE0EB-EAD4-489A-B1BF-84BF4B3C0DDE} [2012.07.28 19:25:18 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{17EFD320-777F-4A1C-BC51-917B623240FA} [2012.07.28 19:25:07 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{BF079082-5F57-4FCF-B9BC-58DE71E55EED} [2012.07.21 16:10:03 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{12CB036A-122C-4851-B65B-CFA01B094015} [2012.07.21 16:09:52 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{4FFECE13-C08D-4F5B-BCE8-2A05A7CD7C99} [2012.07.19 12:16:33 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{D5AB2041-F309-474F-977E-0363B48215AA} [2012.07.19 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\Alain\AppData\Local\{9C837F18-E2FA-48A4-BBCA-9F2BFA946055} [2 C:\Users\Alain\*.tmp files -> C:\Users\Alain\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.13 19:56:15 | 001,642,212 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.13 19:56:15 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.13 19:56:15 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.13 19:56:15 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.13 19:56:15 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.13 19:55:35 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Alain\OTL.exe [2012.08.13 19:55:35 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Alain\Desktop\OTL.exe [2012.08.13 19:51:44 | 2144,755,711 | -HS- | M] () -- C:\hiberfil.sys [2012.08.13 19:51:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.13 19:31:15 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.11 22:36:00 | 000,063,172 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000007-00001102-00000005-60071102}.rfx [2012.08.11 22:36:00 | 000,063,172 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000007-00001102-00000005-60071102}.rfx [2012.08.11 22:36:00 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000007-00001102-00000005-60071102}.rfx [2012.08.11 22:35:59 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.11 22:35:59 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.11 22:33:46 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2012.08.11 22:25:02 | 000,000,051 | ---- | M] () -- C:\ProgramData\xxeofpmddfszjcs [2012.08.11 21:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.11 21:50:20 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3833450142-516823475-3499998858-1001UA.job [2012.08.11 21:50:19 | 000,002,449 | ---- | M] () -- C:\Users\Alain\Desktop\Google Chrome.lnk [2012.08.07 18:53:09 | 000,000,645 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.08.07 18:53:09 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2012.08.05 20:25:38 | 000,000,852 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2012.08.05 13:49:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3833450142-516823475-3499998858-1001Core.job [2012.08.03 16:51:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 16:51:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.28 18:03:02 | 000,000,398 | ---- | M] () -- C:\Users\Alain\Desktop\osiria rosen - Google-Suche.URL [2012.07.22 20:16:22 | 000,000,067 | ---- | M] () -- C:\Users\Alain\Desktop\SONY BDV-E490 (Preischart) - Toppreise.ch Preisvergleich Schweiz.URL [2012.07.22 20:16:19 | 000,000,067 | ---- | M] () -- C:\Users\Alain\Desktop\SONY BDV-E880 (Preischart) - Toppreise.ch Preisvergleich Schweiz.URL [2012.07.21 16:19:38 | 000,000,098 | ---- | M] () -- C:\Users\Alain\Desktop\Cinque CIROBERTO - Chino - blaugrau - Zalando.ch.URL [2012.07.21 16:14:46 | 000,000,107 | ---- | M] () -- C:\Users\Alain\Desktop\Dunderdon COMPACT TWILL - Chino - dark khaki - Zalando.ch.URL [2012.07.21 16:14:15 | 000,000,084 | ---- | M] () -- C:\Users\Alain\Desktop\Matix Hose - desert - Zalando.ch.URL [2012.07.15 00:46:40 | 000,000,126 | ---- | M] () -- C:\Users\Alain\Desktop\Hintergrund Auf welche (Berufs-)Männer Frauen stehen - News Leben Gesellschaft - tagesanzeiger.ch.URL [2 C:\Users\Alain\*.tmp files -> C:\Users\Alain\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.13 19:31:15 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.11 22:24:57 | 000,000,051 | ---- | C] () -- C:\ProgramData\xxeofpmddfszjcs [2012.07.28 18:03:02 | 000,000,398 | ---- | C] () -- C:\Users\Alain\Desktop\osiria rosen - Google-Suche.URL [2012.07.22 20:16:22 | 000,000,067 | ---- | C] () -- C:\Users\Alain\Desktop\SONY BDV-E490 (Preischart) - Toppreise.ch Preisvergleich Schweiz.URL [2012.07.22 20:16:19 | 000,000,067 | ---- | C] () -- C:\Users\Alain\Desktop\SONY BDV-E880 (Preischart) - Toppreise.ch Preisvergleich Schweiz.URL [2012.07.21 16:19:38 | 000,000,098 | ---- | C] () -- C:\Users\Alain\Desktop\Cinque CIROBERTO - Chino - blaugrau - Zalando.ch.URL [2012.07.21 16:14:46 | 000,000,107 | ---- | C] () -- C:\Users\Alain\Desktop\Dunderdon COMPACT TWILL - Chino - dark khaki - Zalando.ch.URL [2012.07.21 16:14:15 | 000,000,084 | ---- | C] () -- C:\Users\Alain\Desktop\Matix Hose - desert - Zalando.ch.URL [2012.07.15 00:46:40 | 000,000,126 | ---- | C] () -- C:\Users\Alain\Desktop\Hintergrund Auf welche (Berufs-)Männer Frauen stehen - News Leben Gesellschaft - tagesanzeiger.ch.URL [2012.07.01 15:47:59 | 000,028,567 | ---- | C] () -- C:\Users\Alain\.recently-used.xbel [2012.05.08 16:30:23 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.05.08 16:30:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.05.04 16:41:29 | 000,000,852 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.05.04 16:41:29 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.05.04 16:41:08 | 000,000,645 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.05.04 16:41:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.05.04 16:40:54 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.05.04 16:35:27 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2012.02.03 21:46:07 | 000,000,680 | RHS- | C] () -- C:\Users\Alain\ntuser.pol [2011.09.05 09:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2011.03.29 18:00:09 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.03.21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.11 15:48:01 | 000,010,752 | ---- | C] () -- C:\Users\Alain\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.08 18:58:12 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat [2011.01.24 21:27:36 | 000,000,093 | ---- | C] () -- C:\Users\Alain\AppData\Local\fusioncache.dat [2011.01.24 21:25:14 | 001,619,170 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.01.13 00:13:57 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.01.13 00:13:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.01.13 00:13:48 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2011.01.12 23:14:27 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.01.12 22:56:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.01.12 22:46:00 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011.01.12 22:26:01 | 000,007,605 | ---- | C] () -- C:\Users\Alain\AppData\Local\resmon.resmoncfg [2011.01.12 21:54:44 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2011.01.12 21:50:39 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini ========== LOP Check ========== [2011.09.19 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\ASUS [2012.05.04 20:41:45 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\ASUS WebStorage [2011.09.19 13:11:00 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1 [2012.04.29 15:44:41 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\avidemux [2012.04.21 22:46:19 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Blender Foundation [2011.11.25 21:59:25 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\DVDVideoSoft [2011.11.25 21:59:21 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.11 21:51:00 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\eCareme [2012.02.11 03:02:58 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\FileZilla [2011.11.29 10:06:10 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\FreePDF [2011.01.20 19:53:29 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\GARMIN [2012.07.01 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\gtk-2.0 [2011.11.19 16:20:50 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Gutscheinmieze [2012.03.03 13:08:10 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\HTC [2011.01.16 23:39:05 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.08.21 14:20:38 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\JAM Software [2011.09.19 13:11:02 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Outlook [2012.08.05 20:25:33 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\PC-FAX TX [2012.05.04 16:55:24 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\ScanSoft [2012.02.11 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\temp [2012.05.16 13:02:49 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Ubisoft [2012.05.09 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\uTorrent [2011.01.19 17:07:14 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Windows Live Writer [2012.05.04 16:55:27 | 000,000,000 | ---D | M] -- C:\Users\Alain\AppData\Roaming\Zeon [2012.05.17 10:32:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.08.2012 19:57:59 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Alain\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
8.00 Gb Total Physical Memory | 7.02 Gb Available Physical Memory | 87.74% Memory free
15.99 Gb Paging File | 15.07 Gb Available in Paging File | 94.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 13.46 Gb Free Space | 12.04% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 931.41 Gb Total Space | 80.20 Gb Free Space | 8.61% Space Free | Partition Type: NTFS
Drive F: | 883.25 Mb Total Space | 859.14 Mb Free Space | 97.27% Space Free | Partition Type: FAT
Computer Name: ALAIN-PC | User Name: Alain | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3833450142-516823475-3499998858-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A15A47-E546-4790-AAF4-2C31FAC315DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{110841F6-4276-4A9C-A400-9FA884E33DD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E4A3649-1649-4D1E-B7AE-3E9AD9741067}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34033504-81CA-4869-824D-1252DFA3D6D6}" = lport=445 | protocol=6 | dir=in | app=system |
"{3B5FD3FA-6F4C-4505-8A1C-0E9DE244C094}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F5304E0-6D5A-4845-8F45-B49976734D3A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{490AD530-3323-4518-BDDD-E8A381C2B501}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4977DBA7-DC6C-4805-863B-20724EC15F0C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4D6D7878-2047-4287-A48A-22CCF22C4689}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{514BE943-DACF-4A20-94E8-B1CEFE2CD352}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DE80733-608B-499C-80BA-18F014C4C89C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{669FAE2B-E22F-46B9-AC31-7434DE6164D9}" = lport=138 | protocol=17 | dir=in | app=system |
"{7BFE1163-09FB-42F0-A6FE-A9B566D97731}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C83241C-A280-4A16-A26C-123EB9699B7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CB18EA0-5203-4C31-B5A2-F9361340C41A}" = lport=137 | protocol=17 | dir=in | app=system |
"{81EF3327-88A5-4E61-BB90-2F9339830A58}" = rport=445 | protocol=6 | dir=out | app=system |
"{8281DBE1-1608-497B-8AD3-21F528DB56DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{82D08916-990D-4510-89CF-AD05E7456B3A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8453A6FF-3EBB-4363-B9EA-35E154BC0527}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92224646-E34F-455B-8567-8F82D7EB3603}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{92739D6D-7F40-4540-B1EA-116EBBF45FA0}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{9507993F-9F6E-400E-ACDD-1612FF9CB307}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96716854-7154-4CA0-9B26-155329538A58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CAC8B14-6134-4449-9C36-1B9B6A7407FB}" = rport=137 | protocol=17 | dir=out | app=system |
"{A378D5D3-317D-4090-AC67-42A70F598143}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A50F46E1-824A-4EE7-863E-B7F3C2B71FBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A62E3A50-9B1E-4960-BB46-597931D4C697}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA28C343-8AED-4954-9E50-F9D780A4B4E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C88D60E3-754D-4D09-8401-D7F05DCC273D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE774A09-4D61-4047-A407-8F5AF85CA6E5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D4D053E3-8460-40C3-B52C-AC5517147DAD}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC9E85E3-E6A6-410C-BBBD-DCC0208A957D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DFE19146-E815-467D-B1B9-726496DB22C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E21D8473-BB80-4742-964D-5AA5151296F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F0E35A37-65A1-4B31-A4CD-EBCF26712EC4}" = rport=138 | protocol=17 | dir=out | app=system |
"{F8EC4723-7E42-43BE-8DA5-EA5AA7B6CBFA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046AC0AF-A5FF-453B-85A2-5B149F52B483}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{05836D61-9B3C-40E3-91E1-179C641911B3}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\discover.exe |
"{09F04FAA-10B3-45C8-B2F4-2DC7B1482201}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0E728892-BE73-4FD2-AD10-A2C0C7366DA2}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08n\faxrx.exe |
"{100D8410-E91F-4237-BBF4-EB0DCC425493}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1459AB96-CC4E-410E-91F5-9ABD135C1337}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{150D908B-45EA-4A01-9E93-2CD5330CB1F9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{1ED6BB76-ACF2-40DD-8E08-48C56730F39C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{25AEF17D-A20E-44F4-8FF6-AB5AD20BC427}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2D740870-5470-4CBF-89B9-AAB7F32AC136}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{2F65D40C-3B86-4DE7-B8BE-88076A6EA5C9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{31071A2D-3287-446E-9B5C-D9521545C339}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3518A917-0296-4E5D-95F0-2000732A68B6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{375648E1-1481-4A67-AED1-9D920F2383DE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3CB6EB52-8C79-40DB-BF3D-D7C38A4368E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3DB12176-FCFA-48F7-B282-2893DF1D09F3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{3E1C734B-417E-4A8B-B130-B18275D9446E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{47B29C3A-B037-412D-8D21-C6E8FDD9C34B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4B91FAF5-B2F9-47BD-A594-504F66007918}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"{4D584434-B502-4ACD-941D-3108F82802A1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52F9538D-B076-41C0-B285-24EDB1E3FE56}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{5A9833A6-C2FF-45D1-97CA-4D1A80F038D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5D2C6AA4-4187-4530-A17B-941422019778}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"{644209AB-859B-4BA0-B509-9554717A6491}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |
"{69E1C671-D9FA-484F-A51C-325CCF79C793}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7397A050-3CCE-47CB-8D8F-93966F367A8B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7FC5BB3B-3FF0-4DA7-9AB5-FC68EC2D1C66}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{80DD14BF-26D7-4BD4-9B8E-42F9408492DE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{82E10F52-2EED-4907-B859-AB1390BC3D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe |
"{8BF9B5F6-3222-4DFE-B623-431CFA148B90}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9216FF67-7B17-417F-B06E-5CC99E5C3188}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{948162C2-12A3-45CD-A83F-826075F2A12B}" = protocol=6 | dir=out | app=system |
"{958555BD-2A6B-4628-A865-AB07A743C21A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9A3A75D7-2541-42E5-94CF-8937A73098D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B124A4C-C48B-4C1F-9D24-39D18F871043}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{9EF7E150-91AC-4872-8F6E-E62B098E6B44}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A23035CF-192D-43AA-A500-01E5DAA5C2DD}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08n\faxrx.exe |
"{A3F0152D-6A10-4D98-9B19-E213FDA0C4CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4F09812-34CB-4A44-94B5-051BDE278A42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB1BBE4C-1052-43A0-B5F4-1FB5E5BED989}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\discover.exe |
"{ABC68E0F-E12A-4C34-B31E-91179B115093}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\auditorserver.exe |
"{ADD13403-148A-44A5-82C2-74D91CB083B1}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |
"{B0A34976-4261-46D1-BAB9-7D4B226444D5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B50D53CA-482A-4E0B-B667-25D00507E61D}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"{B5EC6A52-D18F-4B5E-8DCC-7210330FDD63}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{BA40D606-2D5B-4A1C-975D-02BA026C5789}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BB47BE84-1A5E-413F-B5FF-13A92136B28F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{BB95CB39-4EE3-4F65-A9B5-2676ADE017F6}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe |
"{BC08BA83-93ED-4ACA-94BC-CDEE298B8517}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C5006AD4-2687-4D8A-81F1-4A7AF2E1E49F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CC29F124-7D66-4E63-89EE-A8C280E7FAAA}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\auditorserver.exe |
"{CDFB6D52-43B1-443F-B432-8459C64116AD}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe |
"{D316CC21-D57B-4B90-A16F-1CA3E78C24A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D83A8F01-3294-4F37-AC4C-293709908256}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\bradminv3.exe |
"{D8E6041B-B2AF-4DE7-8745-14E61DDA46BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{DAA993E3-4D55-460A-B100-59A42A731C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{DC37751D-8452-4986-BE7D-A576C70E0942}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DC4B43FC-58FC-4723-8C4B-0F8E0AD0D3F1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{DDBD0882-F834-4667-B610-3F6987491976}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2160F49-A4D5-4F72-A242-12F1624FB306}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe |
"{E2B2FCFE-7887-41DE-B37A-337B2E4A2E32}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{E9E72A78-F5B9-40A7-8CA0-418785A8DA2C}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"{EA94A162-8418-4DB5-99F9-676F9A6B896C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED7186CB-3991-4466-ABBD-2FC4DA4A3FF0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F55D89BB-EB06-4123-9749-6BFE8C3E18FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F583C4ED-77FD-42A6-8F2F-C8DB808ADA6D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA90D665-93C2-463A-BECD-15D4695CA03B}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\bradmin professional 3\bradminv3.exe |
"{FECD95BA-81AF-4F61-9758-52D90C54FB81}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{666E6790-1804-411F-833A-9C1E248A0EB6}C:\program files (x86)\asus\asus sync\asusupctloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\asus sync\asusupctloader.exe |
"TCP Query User{A9FDD7BF-9B8B-4A23-99F7-6BC6D78B4A48}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{AB0E1079-C67A-4191-8B57-13C12956F758}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{DE311C08-044D-41D3-B1DD-DFF8F1028CF1}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{FF52E817-41C3-4ECC-8B3B-1428CA70298E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{11A66C64-95AD-4A2A-9038-3077113C0616}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{28E0F418-DBF0-47C6-AB99-1BE13151EDB7}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{C958FE16-4EAB-4803-B00C-E9CA39D536E0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{F7749B6C-826D-41CA-8602-4D303DC68A3E}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{FB6E5D10-042F-4F93-A270-55DDB515F994}C:\program files (x86)\asus\asus sync\asusupctloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\asus sync\asusupctloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
"{47B188E2-2447-5C40-15B6-9D49DC90BF5B}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5F143175-13D3-5AE8-5AE9-262C6D60F994}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D3A8B9D5-EEE5-4F2A-9EDE-7EC3AADDA5D4}" = ASUS Android USB Drivers
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D7B6A47A-3DC9-64FE-BFD0-ED02F036D539}" = ccc-utility64
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DADBFD45-EEDA-E6A4-469C-2F772132E251}" = ATI AVIVO64 Codecs
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blender" = Blender
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SolarApp" = Logitech Solar App 1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor v1.0.7
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184BF682-537C-4CAE-8789-6696508A4032}" = Brother MFL-Pro Suite MFC-5895CW
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C2CB5E8-B928-4954-BEBB-A7C973ACC73C}" = ASUS Sync
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C885D4-C758-4896-A3B4-90DA34B44C31}" = BRAdmin Professional 3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.8.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E884205-E3A3-55F3-2EE2-0E39F8E6CCED}" = Catalyst Control Center Graphics Previews Common
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9329BA0E-DD91-D33E-B73F-AA5179C53736}" = Catalyst Control Center
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD5D6437-94F6-C8F4-AF1B-B1658E0CB8F7}" = CCC Help English
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38556C1-486C-C07B-4655-2F1BCF18C68A}" = Catalyst Control Center InstallProxy
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 1.5.1
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.5.3
"Free Video to Android Converter_is1" = Free Video to Android Converter version 2.3.3.920
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"FreePDF_XP" = FreePDF (Remove only)
"GamersFirst War Rock" = War Rock
"HeavyLoad_is1" = HeavyLoad V3.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"IsoBuster_is1" = IsoBuster 2.8
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Liveupdate4_is1" = Liveupdate4
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"SFBM" = SoundFont-Bank-Manager
"TmNationsForever_is1" = TmNationsForever
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"vShare" = vShare Plugin
"vShare.tv plugin" = vShare.tv plugin 1.3
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3833450142-516823475-3499998858-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"sc12-CH_SF" = Ski Challenge 12 (SRF)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.11.2011 14:00:07 | Computer Name = Alain-PC | Source = Windows Backup | ID = 4103
Description =
Error - 16.11.2011 12:16:18 | Computer Name = Alain-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 870 Startzeit: 01cca47aab47d57e Endzeit: 60000 Anwendungspfad:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID:
Error - 29.11.2011 04:03:26 | Computer Name = Alain-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Alain\Desktop\SoftonicDownloader_fuer_freepdf.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 01.12.2011 14:00:08 | Computer Name = Alain-PC | Source = Windows Backup | ID = 4103
Description =
Error - 15.12.2011 19:09:03 | Computer Name = Alain-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-3833450142-516823475-3499998858-1001\$R6FHNDA.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 17.12.2011 08:31:30 | Computer Name = Alain-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.0.4325 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1710 Startzeit:
01ccbcb569d9c698 Endzeit: 23 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
0a359ea1-28ab-11e1-8ea7-1c6f6533ce89
Error - 01.01.2012 14:00:00 | Computer Name = Alain-PC | Source = Windows Backup | ID = 4103
Description =
Error - 02.01.2012 15:58:53 | Computer Name = Alain-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-3833450142-516823475-3499998858-1001\$R6FHNDA.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 01.02.2012 14:00:00 | Computer Name = Alain-PC | Source = Windows Backup | ID = 4103
Description =
Error - 10.02.2012 21:13:29 | Computer Name = Alain-PC | Source = Avira AntiVir | ID = 4118
Description =
Error - 01.03.2012 17:54:57 | Computer Name = Alain-PC | Source = Windows Backup | ID = 4103
Description =
Error - 01.04.2012 13:00:07 | Computer Name = Alain-PC | Source = Windows Backup | ID = 4103
Description =
[ Media Center Events ]
Error - 02.08.2012 13:14:54 | Computer Name = Alain-PC | Source = MCUpdate | ID = 0
Description = 19:14:53 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.08.2012 13:14:55 | Computer Name = Alain-PC | Source = MCUpdate | ID = 0
Description = 19:14:55 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 02.08.2012 14:15:06 | Computer Name = Alain-PC | Source = MCUpdate | ID = 0
Description = 20:15:06 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 02.08.2012 14:15:11 | Computer Name = Alain-PC | Source = MCUpdate | ID = 0
Description = 20:15:09 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.08.2012 14:15:13 | Computer Name = Alain-PC | Source = MCUpdate | ID = 0
Description = 20:15:12 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 02.08.2012 14:15:15 | Computer Name = Alain-PC | Source = MCUpdate | ID = 0
Description = 20:15:14 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 03.08.2012 09:06:39 | Computer Name = Alain-PC | Source = MCUpdate | ID = 0
Description = 15:06:39 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 03.08.2012 09:08:38 | Computer Name = Alain-PC | Source = MCUpdate | ID = 0
Description = 15:08:17 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 03.08.2012 09:09:21 | Computer Name = Alain-PC | Source = MCUpdate | ID = 0
Description = 15:08:59 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 03.08.2012 09:09:43 | Computer Name = Alain-PC | Source = MCUpdate | ID = 0
Description = 15:09:42 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
[ System Events ]
Error - 13.08.2012 13:53:45 | Computer Name = Alain-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.08.2012 13:54:07 | Computer Name = Alain-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.08.2012 13:54:07 | Computer Name = Alain-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.08.2012 13:54:07 | Computer Name = Alain-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.08.2012 13:59:07 | Computer Name = Alain-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.08.2012 13:59:07 | Computer Name = Alain-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.08.2012 13:59:07 | Computer Name = Alain-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.08.2012 14:01:13 | Computer Name = Alain-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.08.2012 14:01:13 | Computer Name = Alain-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.08.2012 14:01:13 | Computer Name = Alain-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Ich habe den Computer nach dem Check durch OTL normal hochfahren lassen und konnte wieder auf den Desktop und das System zugreifen. Bis jetzt läuft alles wieder wie vorher. Dazu habe ich noch Avira Free Antivirus das System prüfen lassen. Es wurde nichts unewünschtes gefunden, ausser Warnungen vom Programm, welche ich aber beim durchschauen nicht als göbere Probleme eingestuft habe. Ich habe nach dem Durchführen der Reinigung und dem Überprüfen von OTL, den Computer nochmals neu gestartet und konnte wieder wie vorher auf den Desktop und das ganze System zugreifen. Ich habe noch einen Systemcheck mit Avira Free Antivirus machen lassen, welcher mir nur noch 19 Warnungen aufzeigte. Beim Durchschauen habe ich aber nichts problematisches gefunden (hoffe ich zumindest) C:\Program Files (x86)\MSI Afterburner\Uninstall.exe [WARNUNG] Unerwartetes Dateiende erreicht C:\Program Files (x86)\MSI Afterburner\Uninstall.exe [WARNUNG] Unerwartetes Dateiende erreicht C:\Program Files (x86)\WinRAR\rarnew.dat [WARNUNG] Das Archiv ist unbekannt oder defekt C:\Users\Alain\Programme\install_reader10_de_gtba_aih.exe [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part01.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part02.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part03.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part04.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part05.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part06.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part07.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part08.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part09.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) E:\avira_free_antivirus_de.exe [WARNUNG] Die Datei ist kennwortgeschützt E:\$RECYCLE.BIN\S-1-5-21-3833450142-516823475-3499998858-1001\$R1XPW46.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) E:\$RECYCLE.BIN\S-1-5-21-3833450142-516823475-3499998858-1001\$RILVWLU.rar [WARNUNG] Mögliche Archivbombe: die Maximale Entpackgrösse wurde überschritten. E:\$RECYCLE.BIN\S-1-5-21-3833450142-516823475-3499998858-1001\$RUKPDXZ.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) E:\$RECYCLE.BIN\S-1-5-21-3833450142-516823475-3499998858-1001\$RYKD4S9.part [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) E:\$RECYCLE.BIN\S-1-5-21-3833450142-516823475-3499998858-1001\$RZXV368.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Program Files (x86)\MSI Afterburner\Uninstall.exe [WARNUNG] Unerwartetes Dateiende erreicht C:\Program Files (x86)\MSI Afterburner\Uninstall.exe [WARNUNG] Unerwartetes Dateiende erreicht C:\Program Files (x86)\WinRAR\rarnew.dat [WARNUNG] Das Archiv ist unbekannt oder defekt C:\Users\Alain\Programme\install_reader10_de_gtba_aih.exe [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part01.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part02.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part03.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part04.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part05.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part06.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part07.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part08.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Alain\Programme\PinnacleStudio14HDUltimateEdition\Pinnacle Studio 14 HD Ultimate Collection - by Mick (Full Version)\Pinnacle Studio 14 HD Ultimate Collection - by Mick.part09.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) E:\avira_free_antivirus_de.exe [WARNUNG] Die Datei ist kennwortgeschützt E:\$RECYCLE.BIN\S-1-5-21-3833450142-516823475-3499998858-1001\$R1XPW46.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) E:\$RECYCLE.BIN\S-1-5-21-3833450142-516823475-3499998858-1001\$RILVWLU.rar [WARNUNG] Mögliche Archivbombe: die Maximale Entpackgrösse wurde überschritten. E:\$RECYCLE.BIN\S-1-5-21-3833450142-516823475-3499998858-1001\$RUKPDXZ.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) E:\$RECYCLE.BIN\S-1-5-21-3833450142-516823475-3499998858-1001\$RYKD4S9.part [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) E:\$RECYCLE.BIN\S-1-5-21-3833450142-516823475-3499998858-1001\$RZXV368.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) |
|
13.08.2012, 20:19
| #4 |
| /// Helfer-Team | Computer wurde gesperrt, kann mit 100€ über Ukash entsperrt werdenFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{A7681078-1318-4B8E-9676-7D99903F8748}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{54445FEC-3AB3-4aee-A5A9-2D88292E5520}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{5898496E-7EF5-42ae-9DB4-538A1A69ADBE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{7E2BDD9E-3D41-4ce9-888C-A5A2BB980CD1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\SearchScopes\{A7681078-1318-4B8E-9676-7D99903F8748}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-21-3833450142-516823475-3499998858-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3833450142-516823475-3499998858-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c3e5fb77-fa20-11de-a50d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c3e5fb77-fa20-11de-a50d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe
[2012.08.11 22:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\cdktkseqlmbywxc
[2012.08.11 22:25:02 | 000,000,051 | ---- | M] () -- C:\ProgramData\xxeofpmddfszjcs
[2012.08.11 21:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.11 21:50:20 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3833450142-516823475-3499998858-1001UA.job
[2012.08.05 13:49:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3833450142-516823475-3499998858-1001Core.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
27.09.2012, 13:37
| #5 |
| /// Helfer-Team | Computer wurde gesperrt, kann mit 100€ über Ukash entsperrt werden Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Computer wurde gesperrt, kann mit 100€ über Ukash entsperrt werden |
| anderer, automatische, automatischen, automatischen informationskontrolle, bedanken, bezahlen, compu, computer, eidgenossenschaft, entsperrt, erschein, erscheint, euro, forum, frage, gesperrt, meldung, probleme, rechts, schaf, sicht, surfe, surfen, system, thema, wenig |
Linear-Darstellung
