|
Log-Analyse und Auswertung: GUV Trojaner entfernen von Windows7ProWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.08.2012, 19:51 | #1 |
| GUV Trojaner entfernen von Windows7Pro Hallo zusammen, vorweg gleich mal ein rießen Lob an die Betreiber und das Team hier. Hab mich vor der Registrierung etwas eingelesen und bin jetzt schon begeistert. Ich hoffe ihr könnt mir mit dem GUV Trojaner helfen. Hab mich wie schon gesagt etwas eingelesen und mit OTL folgende Logfiles im abgesicherten Modus von Windows 7 erstellt. Abgesichert deswegen da ich die Oberfläche vom Trojaner gar nicht erst weg bekommen. Vielen Dank schon mal. Grüße Chris OTL.TXT OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.08.2012 20:43:25 - Run 1 OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\D4K!ZZ4\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 77,61% Memory free 16,00 Gb Paging File | 14,37 Gb Available in Paging File | 89,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 7,11 Gb Free Space | 3,05% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 230,03 Gb Free Space | 49,39% Space Free | Partition Type: NTFS Drive J: | 465,66 Gb Total Space | 440,27 Gb Free Space | 94,55% Space Free | Partition Type: NTFS Drive K: | 7,50 Gb Total Space | 6,68 Gb Free Space | 89,13% Space Free | Partition Type: FAT32 Drive X: | 465,76 Gb Total Space | 95,55 Gb Free Space | 20,52% Space Free | Partition Type: NTFS Drive Y: | 465,76 Gb Total Space | 95,55 Gb Free Space | 20,52% Space Free | Partition Type: NTFS Computer Name: WINDOWS7PC | User Name: D4K!ZZ4 | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.18 20:36:25 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\D4K!ZZ4\Desktop\OTL.exe PRC - [2012.07.18 09:42:03 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ========== Modules (No Company Name) ========== MOD - [2012.07.18 09:42:03 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.12.16 16:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.07.29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2012.08.15 09:05:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.18 09:42:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.11 17:57:52 | 004,419,392 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012.06.06 22:36:13 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.05.08 21:59:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:59:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.31 09:10:36 | 000,339,776 | ---- | M] ( ) [Auto | Stopped] -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe -- (mitsijm2013) SRV - [2011.12.14 13:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.05 19:59:30 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.02.02 15:08:16 | 000,018,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.07.16 18:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare) SRV - [2010.05.15 16:01:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010.01.29 23:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 21:59:58 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:59:58 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.10.19 18:03:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.19 19:07:01 | 000,068,608 | ---- | M] (Chingachguk & Denger2k (Elite & SP edition)) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\multikey.sys -- (multikey) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.06.28 19:36:06 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.06.28 19:36:06 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.05.15 20:21:20 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.03.18 20:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k) DRV:64bit: - [2010.03.18 20:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k) DRV:64bit: - [2010.03.18 20:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k) DRV:64bit: - [2010.03.18 20:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010.03.18 20:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010.03.18 20:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010.03.18 20:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010.03.18 20:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2010.03.18 20:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010.03.18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS) DRV:64bit: - [2010.03.18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX) DRV:64bit: - [2010.03.18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS) DRV:64bit: - [2010.03.18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX) DRV:64bit: - [2010.03.18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS) DRV:64bit: - [2010.03.18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX) DRV:64bit: - [2010.03.18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS) DRV:64bit: - [2010.03.18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX) DRV:64bit: - [2009.12.03 06:00:00 | 000,103,224 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\WibuKey64.sys -- (WIBUKEY) DRV:64bit: - [2009.11.10 13:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.11.10 13:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.09.21 08:07:26 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009.08.20 07:02:06 | 000,130,816 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2009.03.13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009.03.13 10:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2009.03.13 10:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2007.04.10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL) DRV:64bit: - [2007.04.10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL) DRV:64bit: - [2007.04.10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL) DRV:64bit: - [2007.04.10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL) DRV:64bit: - [2007.04.10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL) DRV:64bit: - [2007.04.10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL) DRV:64bit: - [2007.04.10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL) DRV - [2011.12.12 20:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.03.13 13:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2008.03.13 13:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ftser2k.sys -- (FTSER2K) DRV - [2005.10.31 21:40:40 | 000,030,932 | ---- | M] (miControl) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\clldrv6.sys -- (CLLDRV6) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D EF 20 65 5F 7D CD 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\D4K!ZZ4\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.http: "77.123.63.113" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.13 10:32:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.29 09:50:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.15 12:15:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.13 10:32:49 | 000,000,000 | ---D | M] [2010.05.15 16:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D4K!ZZ4\AppData\Roaming\mozilla\Extensions [2012.08.15 12:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D4K!ZZ4\AppData\Roaming\mozilla\Firefox\Profiles\13yvpel9.default\extensions [2010.12.20 19:41:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\D4K!ZZ4\AppData\Roaming\mozilla\Firefox\Profiles\13yvpel9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.30 21:35:18 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\D4K!ZZ4\AppData\Roaming\mozilla\Firefox\Profiles\13yvpel9.default\extensions\foxyproxy@eric.h.jung [2012.05.30 21:35:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\D4K!ZZ4\AppData\Roaming\mozilla\Firefox\Profiles\13yvpel9.default\extensions\ich@maltegoetz.de [2012.04.23 20:36:14 | 000,000,889 | ---- | M] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Mozilla\Firefox\Profiles\13yvpel9.default\searchplugins\alternate-gmbh.xml [2011.05.14 13:04:33 | 000,002,012 | ---- | M] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Mozilla\Firefox\Profiles\13yvpel9.default\searchplugins\djtunescom.xml [2010.10.03 13:07:09 | 000,002,280 | ---- | M] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Mozilla\Firefox\Profiles\13yvpel9.default\searchplugins\mafia-wars-wiki-en.xml [2012.08.09 09:55:41 | 000,002,271 | ---- | M] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Mozilla\Firefox\Profiles\13yvpel9.default\searchplugins\minecraft-wiki-de.xml [2010.12.30 21:39:57 | 000,006,454 | ---- | M] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Mozilla\Firefox\Profiles\13yvpel9.default\searchplugins\rezepte-wiki-de.xml [2011.05.14 13:04:47 | 000,002,486 | ---- | M] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Mozilla\Firefox\Profiles\13yvpel9.default\searchplugins\yourwirenet---boerse.xml [2010.06.05 21:52:45 | 000,002,057 | ---- | M] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Mozilla\Firefox\Profiles\13yvpel9.default\searchplugins\youtube-videosuche.xml [2012.03.23 14:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.12.09 21:04:43 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2010.12.09 21:04:40 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2012.06.05 17:54:06 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\D4K!ZZ4\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13YVPEL9.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012.08.15 12:34:59 | 000,341,151 | ---- | M] () (No name found) -- C:\USERS\D4K!ZZ4\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13YVPEL9.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI [2012.07.25 21:30:40 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\D4K!ZZ4\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\13YVPEL9.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012.07.18 09:42:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 18:53:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.04.15 17:51:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.15 17:51:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.04.15 17:51:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.04.15 17:51:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.15 17:51:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.15 17:51:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.05.01 09:34:48 | 000,004,978 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 71i.de O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 hxxp://www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 113 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\D4K!ZZ4\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\D4K!ZZ4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\D4K!ZZ4\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4:64bit: - Startup: C:\Windows\SysNative\GroupPolicy\Machine\Scripts\Shutdown\Backup.bat () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Audio HD Driver = C:\Users\D4K!ZZ4\AppData\Roaming\PScZ5PLBzGTt.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\D4K!ZZ4\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\D4K!ZZ4\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\D4K!ZZ4\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\D4K!ZZ4\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\D4K!ZZ4\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\D4K!ZZ4\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3753BC1-FF7A-4685-B01E-863F8CFD96D2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.05 19:29:40 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - J:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{de12fd72-604e-11df-b4f2-0016e68520fa}\Shell - "" = AutoRun O33 - MountPoints2\{de12fd72-604e-11df-b4f2-0016e68520fa}\Shell\AutoRun\command - "" = I:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.18 20:36:07 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\D4K!ZZ4\Desktop\OTL.exe [2012.08.18 20:24:28 | 000,000,000 | ---D | C] -- C:\Users\D4K!ZZ4\AppData\Roaming\Malwarebytes [2012.08.18 20:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.18 20:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.18 20:23:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.18 20:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.18 20:23:30 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\D4K!ZZ4\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.18 19:40:02 | 000,000,000 | ---D | C] -- C:\Users\D4K!ZZ4\Desktop\Neuer Ordner (2) [2012.08.03 16:14:48 | 000,000,000 | ---D | C] -- C:\Users\D4K!ZZ4\AppData\Roaming\.minecraft [2012.08.02 20:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.07.29 14:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft [2012.07.29 14:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft [2012.07.29 09:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.07.29 09:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.18 20:36:25 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\D4K!ZZ4\Desktop\OTL.exe [2012.08.18 20:33:44 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.18 20:33:44 | 000,700,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.18 20:33:44 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.18 20:33:44 | 000,149,138 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.18 20:33:44 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.18 20:26:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.18 20:25:47 | 2147,131,391 | -HS- | M] () -- C:\hiberfil.sys [2012.08.18 20:23:46 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.18 20:19:26 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\D4K!ZZ4\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.18 20:09:33 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.18 20:07:21 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.18 18:47:12 | 000,387,584 | ---- | M] () -- C:\Users\D4K!ZZ4\Desktop\rescue2usb.exe [2012.08.18 18:34:43 | 000,001,891 | ---- | M] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.18 18:06:06 | 000,067,330 | ---- | M] () -- C:\Users\D4K!ZZ4\Desktop\bookmarks-2012-08-18.json [2012.08.18 18:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.18 17:57:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.18 15:55:47 | 000,025,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.18 15:55:47 | 000,025,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.18 15:47:20 | 008,219,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.18 15:45:48 | 000,034,416 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000000-00001102-00000004-20011102}.rfx [2012.08.18 15:45:48 | 000,034,416 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000000-00001102-00000004-20011102}.rfx [2012.08.18 15:45:48 | 000,030,168 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-20011102}.rfx [2012.08.18 15:45:48 | 000,030,168 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-20011102}.rfx [2012.08.18 15:45:48 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000000-00001102-00000004-20011102}.rfx [2012.08.16 23:11:23 | 004,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000000-00001102-00000004-20011102}.CDF [2012.08.16 23:11:23 | 004,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000000-00001102-00000004-20011102}.BAK [2012.07.29 14:12:54 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk [2012.07.29 14:09:31 | 000,005,766 | RHS- | M] () -- C:\ProgramData\ntuser.pol [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.18 20:23:46 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.18 19:39:49 | 000,387,584 | ---- | C] () -- C:\Users\D4K!ZZ4\Desktop\rescue2usb.exe [2012.08.18 18:34:43 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.18 18:34:43 | 000,001,891 | ---- | C] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.18 18:06:06 | 000,067,330 | ---- | C] () -- C:\Users\D4K!ZZ4\Desktop\bookmarks-2012-08-18.json [2012.07.29 14:12:54 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk [2012.07.29 14:07:44 | 000,005,766 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.11.08 21:13:37 | 000,000,041 | ---- | C] () -- C:\Windows\festo.ini [2011.10.22 14:50:59 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2011.09.24 19:14:06 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\pythoncom23.dll [2011.09.24 19:14:06 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\pywintypes23.dll [2011.09.23 17:52:49 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.09.19 19:17:10 | 000,000,043 | ---- | C] () -- C:\Windows\W3u.INI [2011.09.18 21:51:13 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2011.06.01 10:44:49 | 000,033,134 | ---- | C] () -- C:\Users\D4K!ZZ4\AppData\Roaming\UserTile.png [2011.04.10 17:49:11 | 000,000,119 | ---- | C] () -- C:\Windows\M3UCreator.ini [2011.03.27 16:12:15 | 000,000,132 | ---- | C] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.03.24 20:38:33 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.02.12 14:02:40 | 000,000,375 | ---- | C] () -- C:\Users\D4K!ZZ4\AppData\Roaming\uninstall.vbs [2011.01.30 13:56:41 | 000,000,670 | ---- | C] () -- C:\Windows\wiso.ini [2011.01.29 14:14:22 | 000,438,272 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2011.01.09 12:25:04 | 000,000,144 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.11.27 17:56:14 | 000,006,656 | ---- | C] () -- C:\Users\D4K!ZZ4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.20 20:05:17 | 000,328,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.10.09 14:04:00 | 000,000,089 | ---- | C] () -- C:\Windows\SPL7019.DAT [2010.09.16 19:45:18 | 000,267,743 | ---- | C] () -- C:\Windows\hpwins22.dat.temp [2010.08.14 15:17:07 | 003,772,928 | ---- | C] () -- C:\Program Files (x86)\Common Files\WSCAD54Schule .msi [2010.07.01 23:04:30 | 000,000,132 | ---- | C] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.05.20 21:38:17 | 000,007,598 | ---- | C] () -- C:\Users\D4K!ZZ4\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2012.08.15 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\.minecraft [2011.08.14 17:57:59 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\.Nitrous [2010.05.21 18:44:44 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\3Dconnexion [2011.04.15 13:38:27 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Ableton [2011.10.16 14:44:39 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Acronis [2010.08.28 19:33:06 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Alien Skin [2011.06.06 11:31:50 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Amazon [2012.06.07 08:49:08 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Autodesk [2011.11.13 15:12:04 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Azureus [2011.02.06 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Buhl Data Service [2010.05.23 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.08.02 18:51:27 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Ciwoa [2010.09.24 17:21:21 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\com.adobe.ResourceCentral [2012.04.25 20:41:59 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2010.08.02 18:50:49 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Cygeet [2010.05.19 19:48:39 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\DAEMON Tools Lite [2011.02.15 18:55:04 | 000,000,000 | RHSD | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\default [2012.08.18 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Dropbox [2012.01.08 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\DVDVideoSoft [2011.08.15 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.25 12:55:09 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\DYMO [2011.09.18 21:53:27 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\EDrawings [2010.07.16 13:36:19 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\EIBA sc [2011.10.09 15:01:50 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\elsterformular [2012.04.06 20:59:17 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\ICQ [2010.06.10 21:37:17 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\ImgBurn [2011.09.16 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\JGoodies [2011.08.28 14:41:03 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Kalypso Media [2010.05.21 18:34:02 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Leadertech [2012.06.24 09:39:41 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Lexware [2010.05.20 22:21:51 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\MAXON [2011.06.01 10:44:49 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\PeerNetworking [2011.07.22 19:06:34 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Siemens [2010.05.16 12:48:09 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\SmartTools [2010.11.12 20:35:08 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Steinberg [2012.01.31 17:53:17 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\TuneUp Software [2011.11.22 21:15:21 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Ubisoft [2010.11.12 20:35:08 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\VST3 Presets [2010.11.27 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\WindSolutions [2010.08.14 15:37:55 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\WSCAD [2012.07.29 14:14:02 | 000,000,000 | ---D | M] -- C:\Users\D4K!ZZ4\AppData\Roaming\Xilisoft [2012.06.18 19:52:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > [/CODE] Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.08.2012 20:43:26 - Run 1 OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\D4K!ZZ4\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 77,61% Memory free 16,00 Gb Paging File | 14,37 Gb Available in Paging File | 89,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 7,11 Gb Free Space | 3,05% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 230,03 Gb Free Space | 49,39% Space Free | Partition Type: NTFS Drive J: | 465,66 Gb Total Space | 440,27 Gb Free Space | 94,55% Space Free | Partition Type: NTFS Drive K: | 7,50 Gb Total Space | 6,68 Gb Free Space | 89,13% Space Free | Partition Type: FAT32 Drive X: | 465,76 Gb Total Space | 95,55 Gb Free Space | 20,52% Space Free | Partition Type: NTFS Drive Y: | 465,76 Gb Total Space | 95,55 Gb Free Space | 20,52% Space Free | Partition Type: NTFS Computer Name: WINDOWS7PC | User Name: D4K!ZZ4 | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02290774-023B-482D-9B3E-F31AC73CFECF}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{13F86D6B-FE36-46D3-A61C-00F658E46A8A}" = rport=10243 | protocol=6 | dir=out | app=system | "{15F507FC-35CB-4278-9E82-5392CC9BBD23}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B608C0-D28C-4297-BD64-C1CBEE6EDE4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{282C8298-D13D-460C-898F-378AE6448A3C}" = lport=445 | protocol=6 | dir=in | app=system | "{2852A779-A632-470B-BCF7-6E815C8207F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2AD9FEC9-D335-4199-A0A8-B6CB932AD2F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2BB165C3-BCBA-4FA2-ABAD-C62DF22E8165}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{38B6F96E-AD72-4BD2-AF29-68BC42B5D6E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4113815B-086E-4EBE-A024-56A35F581FE9}" = rport=445 | protocol=6 | dir=out | app=system | "{45D5B3BE-708B-4498-BFD6-3E4EF0146167}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{49C5EAC0-DF90-425B-ADBB-B2BFD401C462}" = lport=137 | protocol=17 | dir=in | app=system | "{5512777E-56F3-4FA4-869F-68E1CE8B94C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5A48210D-BAB0-451A-A07A-658B927A45EE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{63EFE2E4-12D1-41A7-AF86-21126F903E47}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6BF56D65-63A6-4644-8B7F-ADD65DEB560D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{6C59E4FD-1EE8-458D-B4DB-CACA00DBD87E}" = lport=10243 | protocol=6 | dir=in | app=system | "{734675CC-F83B-4F53-9E36-D534103D7410}" = rport=137 | protocol=17 | dir=out | app=system | "{75F8D4DA-1C9A-4167-BFA2-23EE27A57C7D}" = rport=139 | protocol=6 | dir=out | app=system | "{8954D925-0838-4AFC-8F8C-13ABD05B0848}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{94EF7AA0-9E52-4B2A-A3B3-AC5097B47B30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{96AD60F4-123B-4FC2-AEB3-247B9898EE0A}" = rport=138 | protocol=17 | dir=out | app=system | "{9AE36AFD-A595-41F8-B4C6-E4D3ACB6D806}" = lport=49205 | protocol=6 | dir=in | name=akamai netsession interface | "{AF1EC3A2-BA4F-4857-8248-27CE009AE023}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AFEE7019-8777-4596-959A-C3DF33436CC7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{B3A6BAFD-0558-4172-92E0-41B1051975A9}" = lport=138 | protocol=17 | dir=in | app=system | "{BC6C7900-8CD4-490F-9874-F71E5C73AC19}" = lport=2869 | protocol=6 | dir=in | app=system | "{C4DB776C-EAB5-44F6-8973-0735D000DA9E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C55B8ED7-968E-4D6B-952F-1DAA1D02E8EA}" = lport=139 | protocol=6 | dir=in | app=system | "{F76613E5-92AE-4723-85FF-3E8A1AC25E7C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{FBFD1ED1-77F1-476A-891F-C4EB424B45EE}" = lport=49253 | protocol=6 | dir=in | name=akamai netsession interface | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03E7F896-9663-401F-A72E-02FC95FA86DB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{046BE852-0A48-4477-86DA-C996D426333B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{053E8464-7040-4B48-9B9A-8E3B52209174}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | "{057D4CC4-203E-4343-B6EA-487A3BB25F47}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{06FB74CF-54CA-49A7-A2C3-03F5A0F098B1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{0CAED29D-06C8-499E-8E25-88005E767C73}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0DBFF34F-46CC-48AD-A628-0074F7525DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\http_ss_win_pro.exe | "{0E9C2617-D246-4F6B-B046-A4D7B0C764B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{1019BFF2-B43E-499B-A643-A86FFB7FD476}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{10765D45-6938-4AE0-BE3C-52234F656A3C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\http_ss_win_pro.exe | "{109B69E5-8A65-4C25-A844-8684668B077E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{157B57C5-6BE2-481F-A628-433CCD7CC38D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{1730A368-3BAD-401C-9412-F8473673E1A8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{1A8C57B9-6770-435A-9931-91537B16D9BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{1B7C1880-8028-45ED-AE05-652D5EA43B67}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | "{1C7B8D25-AE9F-4901-A0A4-55A37677DB72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1DFDCA6A-2669-431B-8488-198AC6C49B30}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{1F79F6C8-73B3-4898-9FDE-1F17B7A04805}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | "{20143BE0-363B-4B8B-B56D-3375FE16B2B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{215F418F-AFB1-44E3-888A-43BB3ED65AC6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{27694487-D873-44F1-8A5D-8E1A821578AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{29F7ECFF-2DBD-4D43-A82A-C5E317810A61}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{2AB3A2E2-57BC-45AE-A17E-DD41F29BEBFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{311102A4-1FFA-4A6B-AB09-82B1422A6863}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{315B40F5-B65C-44E7-9D9C-F719DB9539BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{38BEA5F3-9809-491D-9C10-5BA2E36A2A8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3B12E1BD-A207-4006-B05A-84F9EBB12CB2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{3DD17717-D190-4EE5-A75B-49D06666B272}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{3E03BCB1-4F79-4FD8-AD8B-8A4D58B46146}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{41101AD1-A8C3-46DB-B319-DC1F1E07C97E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{44BDB9BE-0F73-40FF-8364-979C35E28CBC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{44E8013D-5C53-4674-9C33-D03429D445C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{467CB336-622E-4D5E-8DA3-2D093C43F427}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{485F9303-0C31-4461-8DF2-CDAEDB9CAF17}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{495398C9-AE28-4853-94A0-90AEA4C85B1B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{4CA4CE4B-F4E3-4301-AA58-D829C2DC7ED9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5A92BB58-EF4A-4629-BAC4-D39FE2A8D0A6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{5C39CE10-88B3-46D2-96CF-C24CB0500576}" = protocol=6 | dir=out | app=system | "{62C89BD3-7151-4E3F-A1A2-2DF41E237657}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{632C43F5-3E2B-41C9-A06B-98B0DC551895}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{6BACAF6A-D182-40A4-8515-A8F2E69ABDCC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{6BD44E6A-D88F-43B5-A0C3-9B8C567D0F65}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{6D1C31F7-4FD7-46E8-A9D9-F8785EA2E9B2}" = protocol=17 | dir=in | app=c:\users\d4k!zz4\appdata\roaming\dropbox\bin\dropbox.exe | "{6E0D4A5C-DC87-421D-B3A3-34A7D0F8F3E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{6FDCEC54-AC2F-4FA4-B825-6F32B30B8513}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{7084EE7D-1F71-4319-BDE5-2A221F6B9496}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{76A42379-5C46-4739-B08D-9FAC7DF182E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{76A73623-5D5F-4CAC-8E66-4E540B575D8E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{7974882A-215A-4DD0-BAA9-AF3B5F658B1D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\wiselinkpro.exe | "{7C2A32B0-B4FB-41C7-85F7-A06839025B4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7CB42F99-97D3-4326-BA91-386C0A4B2AC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{7E4D3286-923D-4830-AEA1-5D9751ED8ED0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{7FCC7EA8-71E2-4CC5-9E66-DA4463D26CA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8455F382-A472-4CE0-87FD-5515E222E464}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{851D750B-A5C5-4FD5-B8C3-A5FA9E73F103}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{88BB8726-7FAF-46E5-833B-6FE11A3A414B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{8BDAB355-FCA9-47FF-AFEE-23D3131AF06B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{8DBFBF5A-F70D-4E3D-B9AD-44DAB33B6CC3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{8F3C8AD0-EB4D-4558-8613-487CC114BAC2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{903CE8AB-B42A-4E60-93C4-030864FA8B87}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{93D65723-FE17-40EA-A47D-A0AF8F916A34}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{978032AE-07D7-4214-B0B6-59BBEFB43206}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9972FC59-69D8-4CB8-B6F7-4949B7AB1F66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9B658BAD-70D1-4D37-8E34-AC4E55C7719B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe | "{9BF1E42E-3B81-4878-904D-6FC5F057A3ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{9C6D2ED3-692E-4A96-AE9D-856BD8DBCCF8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{9EB3D7F0-9B6F-4A64-B83E-B2265D24E772}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{A0333E6A-789B-44A8-A7D4-5F90C331D1A3}" = dir=in | app=c:\program files (x86)\kalypso media\tropico 4\tropico4.exe | "{A051B8E1-DC4B-4FE1-9DD3-20E3474CAC26}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe | "{A0B8C842-1707-4DCD-864D-4BD31FD4C391}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\wiselinkpro.exe | "{A5E23048-D437-42D3-B9EA-A08C12DCC17C}" = protocol=17 | dir=in | app=c:\users\d4k!zz4\appdata\local\akamai\netsession_win.exe | "{A8FDBD29-D380-4AD8-B65F-02AD6063D1FE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A95B4689-3EB2-4319-B314-09362BF85E33}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{AAC7DECD-ED36-4C64-9F94-7D4CA25E839C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AF61EC8B-9C06-4817-A960-F3EB4C8A8E34}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | "{B0FBA4B9-D862-44A0-90E0-7BE0CD79D040}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{B6409CB0-1AF6-4E57-ACFC-EE047A1E16E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{B6C9C9E6-DDBD-49EE-B878-C13C9A3A52D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B7D099CA-7CA1-4B79-AB16-D2368A5B0FF9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{B8B693F2-396F-4176-9B3E-D265A40F3228}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{BC9F7E27-3E64-40CC-9049-5FA63C8997BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{BD6108C0-A844-43F3-95DF-1C0486DA0886}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{BD665DA9-4AAF-4A11-B09D-FB3F6CA2AE1E}" = dir=in | app=c:\users\d4k!zz4\downloads\hp\ojp8500va909_full_13\setup\hpznui40.exe | "{BD6F10E2-04BD-4B83-B1FA-1E30FD37F8DC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{BDBDE76D-6811-42E5-A663-46CB6CE01B9C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C5DC7D48-B44D-490B-BA3D-7697A6D5C911}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C9E4F8B7-B9A5-4D11-87B3-70A918D3CA59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CA6121E1-84EB-40E0-BBE1-8E76871739B1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | "{CB2BAF3B-FAA6-4A82-9A82-52520577F8BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CD93AC75-9D43-4352-8BCB-49CEAC7ACBE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D5C404EB-C4BD-405D-9C6D-DB1C4DBCDF54}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | "{D8E663C0-0CE0-474E-A7C3-F44DE150A490}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{DD258AF6-0426-4EB1-B99F-B271710DD1D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{DE276972-2003-4D57-BE4F-2106B2DB6D90}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E2B0294D-3461-469D-8C29-50E93B069596}" = dir=out | app=c:\program files (x86)\kalypso media\tropico 4\tropico4.exe | "{E44064C4-365F-4734-AA85-07E026450776}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{E8F51991-0DF1-4256-A962-5CB17AD2E95D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\addon.exe | "{E8FC4B67-DE16-4031-B49F-B13B7F6D3B99}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EA0641EB-5824-4D68-9568-ACF9AEE70503}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{EAC38EFD-5032-448B-B459-4E7D78F12566}" = protocol=6 | dir=in | app=c:\users\d4k!zz4\appdata\roaming\dropbox\bin\dropbox.exe | "{ECA3D35F-F190-49B0-8D01-4DCF2574C523}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{ED58A7E3-3F03-4168-A38E-18AB146F2D80}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EE48DBE4-DA65-4CED-9DB7-9FAFCF6003B8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{EE64299F-7BB0-492A-B0FD-D327299E9588}" = protocol=6 | dir=in | app=c:\users\d4k!zz4\appdata\local\akamai\netsession_win.exe | "{F76E3192-5D0A-417F-B034-2E133882520A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{FAB5F1DA-254E-45F0-8FA7-69324D6A294E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | "{FADBF552-AFA4-46CD-AABD-564EE06A4F83}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{FFBFE0D1-8E63-4E1D-BBB5-107CA5A2B86A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{27685D70-9167-447A-9ABD-A224A00DF9C9}C:\program files (x86)\anno 2070\anno5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 2070\anno5.exe | "TCP Query User{3294504A-081D-43E5-BC20-814079CE2F6D}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | "TCP Query User{35A3EE38-BE12-4FB3-A9C2-47978CE2FED0}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | "TCP Query User{35D25886-B01E-404B-BE11-F67E64467982}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{660B1FE2-1944-4987-BBD1-3754A25CAA74}C:\program files\autodesk\showcase 2012\bin\showcase.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\showcase 2012\bin\showcase.exe | "TCP Query User{74DA4924-C2DF-4140-AF73-FD2CD74C3987}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{8836C4A7-FA30-4989-9BA9-F92DAF457B58}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{8C925057-5E65-485F-AF1F-691F42A6CA7E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{93F75FFB-A70B-4A15-8B23-0DE352E4B3F9}C:\users\d4k!zz4\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\d4k!zz4\appdata\local\akamai\netsession_win.exe | "TCP Query User{A1327C47-9A1A-4B3C-B541-935EE347AEC8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{ABD62670-B29F-4C49-B814-5A203B91B4C9}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | "TCP Query User{C847226B-3E0C-4108-BDE6-58A0C2E0BBBD}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{EBDDD129-7048-4107-85C7-1D58994AE011}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{F2918F9C-211F-48D5-B025-BA62B8EACC01}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{FC556A7E-3781-45C5-8630-D6B113216B81}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | "UDP Query User{0BFF12A4-6787-410E-A033-BC3C3B6151E0}C:\program files (x86)\anno 2070\anno5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 2070\anno5.exe | "UDP Query User{4E28E575-C591-44AF-96A5-F6FCAC5F8363}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{5D39E7A5-1922-4FE6-8C4D-7D7B9D09F7AE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{6C604EFA-0349-439A-9DC5-41628EC3DF69}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | "UDP Query User{84D0AB5C-C6F3-4617-8E2A-AE26D2844565}C:\program files\autodesk\showcase 2012\bin\showcase.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\showcase 2012\bin\showcase.exe | "UDP Query User{852487EF-53E5-4AD2-8853-721C9C43838F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{85367D61-0FD5-47FD-8158-C74977FE27E4}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{8BD538FD-4357-4D2F-8BF3-91B5899808CF}C:\users\d4k!zz4\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\d4k!zz4\appdata\local\akamai\netsession_win.exe | "UDP Query User{92151565-B564-47A9-A504-34DA3EB62CF0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{99891304-B059-4670-B507-7A2FD4EE1926}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{A8A63487-38F9-4519-B24B-38A1ACC1A81B}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | "UDP Query User{B8C1518B-2964-40CC-ACEC-75185517C9C2}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "UDP Query User{E15A52D7-359C-4736-BF04-472CF8790A9F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "UDP Query User{EC2C7A66-7124-4057-A7AE-6A7874C4EF72}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | "UDP Query User{F86EE172-4E01-4291-8C50-53DE520D81A1}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00060000-0000-1004-8002-0000C06B5161}" = WibuKey Setup (WibuKey Remove) "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1A4CC779-0B89-45A4-A9BA-A8E0AB26491F}" = 3Dconnexion Plug-In for Photoshop CS3 - CS4 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{222B1BC7-7C51-47AF-8602-7C70CAEA1BE6}" = 3Dconnexion Plug-In for 3ds Max v9 - 2010 "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit) "{321C5778-030D-40AC-84E0-9EF9E40CA43F}" = 3Dconnexion 3DxWare (x64) "{3E329006-9EB3-4979-A36B-BA04FB4EB70C}" = 3Dconnexion Add-In for Inventor 11 - 2010 "{4528FB2C-65B7-4B6E-87CD-D82CAA3529D3}" = RHINO Connect Software "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul Language Pack "{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul "{5783F2D7-9001-0407-0102-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch "{5783F2D7-9001-0407-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch "{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011 "{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7244B345-B413-408B-9D04-F55BE1CC93FA}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content) "{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013 "{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013 "{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{8BF20445-0010-1031-853B-F016F3127FCD}" = Autodesk Showcase 2012 64-bit - German "{8BF20445-58A5-4870-853B-F016F3127FCD}" = Autodesk Showcase 2012 64-bit - German "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU "{9226D72B-4CF2-49A1-83C7-215C0148AF03}" = 3Dconnexion Plug-In for NX v3.0 - v7.0 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A4365F0A-5F69-4CC4-81B8-431DBBAF0AFE}" = 3Dconnexion Add-In for AutoCAD 2007 - 2010 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content) "{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D25FF5C1-1664-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2012 "{D25FF5C1-1764-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013 "{E027C59C-4C47-4BE8-8078-BCD3D2680EC3}" = Eco Materials Adviser (x64) "{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU "{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013 "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012 "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack "AutoCAD 2011 - Deutsch" = AutoCAD 2011 - Deutsch "Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012 "Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013 "Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul" = Autodesk Inventor Fusion for Inventor 2012 Add-in "Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German) "Autodesk Showcase 2012 64-bit - German" = Autodesk Showcase 2012 64-bit - German "DVDFab 8 Retail zoo_is1" = DVDFab 8.0.6.8 (05/01/2011) "DWG TrueView 2011" = DWG TrueView 2011 "DWG TrueView 2013" = DWG TrueView 2013 "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "HPOCR" = OCR Software by I.R.I.S. 14.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "Shop for HP Supplies" = Shop for HP Supplies "SP6" = Logitech SetPoint 6.0 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0100BD88-3990-431F-9175-AB60E31AFFDE}" = EPLAN License Client "{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5 "{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013 "{1B33999E-D695-4268-B13A-00354345D5D2}" = Deutsche Post E-Porto "{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD "{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = Sentinel HASP Run-time "{2B1E6CDB-306C-4C64-B192-1E465C5C3012}" = 8500A909g "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012 "{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan "{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3E11734B-E252-449F-A082-64EE338722BB}}_is1" = miControl - mPLC 2.64dk "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{452A1FAC-F5A0-471E-B8AA-F2B0990E18D6}" = Auction Studio "{474B1607-2517-41DA-B7B4-F211236F9A9A}" = deskUNPDF 3 Professional "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 "{4E65DE4D-4019-4DA8-B2B7-9633C933E197}" = Plantville "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01) "{5783F2D7-A029-0407-0002-0060B0CE6BBA}" = AutoCAD ecscad 2012 "{5783F2D7-A029-0407-1002-0060B0CE6BBA}" = AutoCAD ecscad 2012 Language Pack - Deutsch "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012 "{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012 "{8FD4B40F-A794-43D8-8506-10F69C7C6616}" = AbamSoft Finos "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{910D58E9-BB36-48CB-8557-7796B058CE24}" = AutoCAD ecscad 2012 "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CE16FDC-A16D-4C87-8284-05FD4537414B}" = Drive Assistant Ver.3.1 "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011 "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{B132E67C-EEA5-492B-B368-543CD88D8569}" = AnyDVD Registration "{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs "{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 "{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012 "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (x64 Edition) "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{C1ECB98D-1D38-4DBC-976C-457E6BE6EA2B}" = 3Dconnexion Plug-in for Acrobat 3D "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{CBE4F6C3-788E-4CAC-BA25-26FE39A3BC8C}" = Adobe Soundbooth CS5 "{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D3C43647-C6DF-4B35-A228-D366A1F0CA70}" = SolidWorks eDrawings 2011 "{D84CE958-2943-41C4-969C-750DD53569BF}_is1" = Anno 2070 Version v1.0 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DC2C11FB-0C44-4445-90E7-39D1237D86EC}" = AbamSoft Finos "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Akamai" = Akamai NetSession Interface Service "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "AnyDVD" = AnyDVD "Astra R-Nesting_is1" = Astra R-Nesting 5 Evaluation version "Auction Studio" = Auction Studio "AudioCS" = Creative-Audiokonsole "AutoCAD ecscad 2012" = AutoCAD ecscad 2012 "Autodesk Design Review 2013" = Autodesk Design Review 2013 "Avira AntiVir Desktop" = Avira Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "CloneDVD2" = CloneDVD2 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "Creative Software AutoUpdate" = Creative Software AutoUpdate "deskUNPDF 3 Professional" = deskUNPDF 3 Professional "Diablo III" = Diablo III "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EADM" = EA Download Manager "ElsterFormular für Privatanwender und Unternehmer 11.5.3.5585" = ElsterFormular-Update "eMule" = eMule "EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact "EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.12.804 "Free YouTube Download_is1" = Free YouTube Download version 2.10.29 "Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.7.804 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228 "GoldWave v5.58" = GoldWave v5.58 "HyperSnap 6" = HyperSnap 6 "ImgBurn" = ImgBurn "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "JDownloader" = JDownloader "M3U-List Creator V1.3_is1" = M3U-List Creator V1.3 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion) "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "sPlan_70_is1" = sPlan 7.0 "ST6UNST #3" = CopyRite XP "TuneUp Utilities 2012" = TuneUp Utilities 2012 "UnderCoverXP_is1" = UnderCoverXP 1.23 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.5 "World of Warcraft" = World of Warcraft "X3TC Bonuspaket_is1" = X3TC Bonuspaket 4.1.01 "X3TerranConflict_is1" = X3 Terran Conflict v3.1 "Xenofex2" = Alien Skin Xenofex 2 "Xilisoft Blu Ray Ripper" = Xilisoft Blu Ray Ripper "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich. "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22.10.2011 04:19:48 | Computer Name = Windows7PC | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 15 Error - 22.10.2011 04:19:48 | Computer Name = Windows7PC | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 16 Error - 22.10.2011 04:19:48 | Computer Name = Windows7PC | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 17 Error - 22.10.2011 04:19:48 | Computer Name = Windows7PC | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 18 Error - 22.10.2011 04:19:48 | Computer Name = Windows7PC | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 19 Error - 22.10.2011 04:19:48 | Computer Name = Windows7PC | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 20 Error - 22.10.2011 04:19:48 | Computer Name = Windows7PC | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 21 Error - 22.10.2011 04:19:48 | Computer Name = Windows7PC | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 22 Error - 22.10.2011 04:19:48 | Computer Name = Windows7PC | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 23 Error - 22.10.2011 04:19:48 | Computer Name = Windows7PC | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 24 [ System Events ] Error - 18.08.2012 14:36:24 | Computer Name = Windows7PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 18.08.2012 14:41:23 | Computer Name = Windows7PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 18.08.2012 14:41:23 | Computer Name = Windows7PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 18.08.2012 14:41:23 | Computer Name = Windows7PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 18.08.2012 14:43:30 | Computer Name = Windows7PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 18.08.2012 14:43:30 | Computer Name = Windows7PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 18.08.2012 14:43:30 | Computer Name = Windows7PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 18.08.2012 14:48:30 | Computer Name = Windows7PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 18.08.2012 14:48:30 | Computer Name = Windows7PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 18.08.2012 14:48:30 | Computer Name = Windows7PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > [/CODE] Edit: Malwarebates Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.18.06 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 D4K!ZZ4 :: WINDOWS7PC [Administrator] 18.08.2012 20:58:51 mbam-log-2012-08-18 (21-02-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233858 Laufzeit: 2 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Audio HD Driver (Backdoor.SpyNet) -> Daten: C:\Users\D4K!ZZ4\AppData\Roaming\PScZ5PLBzGTt.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\D4K!ZZ4\AppData\Local\Temp\install_0_msi.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt. C:\Users\D4K!ZZ4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) Geändert von D4K!ZZ4 (18.08.2012 um 20:03 Uhr) |
19.08.2012, 18:02 | #2 |
/// Helfer-Team | GUV Trojaner entfernen von Windows7ProFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL SRV - [2012.07.11 17:57:52 | 004,419,392 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421; FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.de/ig" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\D4K!ZZ4\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.http: "77.123.63.113" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\D4K!ZZ4\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4:64bit: - Startup: C:\Windows\SysNative\GroupPolicy\Machine\Scripts\Shutdown\Backup.bat () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Audio HD Driver = C:\Users\D4K!ZZ4\AppData\Roaming\PScZ5PLBzGTt.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - J:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{de12fd72-604e-11df-b4f2-0016e68520fa}\Shell - "" = AutoRun O33 - MountPoints2\{de12fd72-604e-11df-b4f2-0016e68520fa}\Shell\AutoRun\command - "" = I:\start.exe [2012.08.18 20:09:33 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.18 18:34:43 | 000,001,891 | ---- | M] () -- C:\Users\D4K!ZZ4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
20.08.2012, 22:32 | #3 |
| GUV Trojaner entfernen von Windows7Pro Hallo,
__________________vielen Dank schon mal bisher Hier der Inhalt des Logfiles. Code:
ATTFilter All processes killed ========== OTL ========== Service Akamai stopped successfully! Service Akamai deleted successfully! c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully. C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: true removed from browser.search.openintab Prefs.js: "YouTube-Videosuche" removed from browser.search.selectedEngine Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "hxxp://www.google.de/ig" removed from browser.startup.homepage Prefs.js: "file:///C:\\Users\\D4K!ZZ4\\AppData\\Local\\Temp\\proxtube.pac" removed from network.proxy.autoconfig_url Prefs.js: "77.123.63.113" removed from network.proxy.http Prefs.js: 3128 removed from network.proxy.http_port Prefs.js: 2 removed from network.proxy.type 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found. File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found. File C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully. C:\Users\D4K!ZZ4\AppData\Local\Akamai\netsession_win.exe moved successfully. C:\Windows\SysNative\GroupPolicy\Machine\Scripts\Shutdown\Backup.bat moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Audio HD Driver deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! J:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de12fd72-604e-11df-b4f2-0016e68520fa}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de12fd72-604e-11df-b4f2-0016e68520fa}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de12fd72-604e-11df-b4f2-0016e68520fa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de12fd72-604e-11df-b4f2-0016e68520fa}\ not found. File I:\start.exe not found. C:\ProgramData\ism_0_llatsni.pad moved successfully. C:\Users\D4K!ZZ4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\D4K!ZZ4\Desktop\cmd.bat deleted successfully. C:\Users\D4K!ZZ4\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: AppData User: D4K!ZZ4 ->Temp folder emptied: 225317798 bytes ->Temporary Internet Files folder emptied: 90113382 bytes ->Java cache emptied: 28195323 bytes ->FireFox cache emptied: 67809032 bytes ->Apple Safari cache emptied: 23727104 bytes ->Flash cache emptied: 284602 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 128620135 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85163 bytes RecycleBin emptied: 14752120841 bytes Total Files Cleaned = 14.607,00 mb OTL by OldTimer - Version 3.2.58.0 log created on 08202012_181911 |
20.08.2012, 22:48 | #4 |
/// Helfer-Team | GUV Trojaner entfernen von Windows7Pro Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
22.08.2012, 17:03 | #5 |
| GUV Trojaner entfernen von Windows7Pro Hi nochmal, funktioniert eigentlich wieder ganz gut so wies aussieht. Vielen Dank hierfür schonmal. hier das Log vom AdwCleaner: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/22/2012 at 18:01:37 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : D4K!ZZ4 - WINDOWS7PC # Boot Mode : Normal # Running from : C:\Users\D4K!ZZ4\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\D4K!ZZ4\AppData\LocalLow\PriceGong Folder Found : C:\Program Files (x86)\DVDVideoSoftTB ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\DVDVideoSoftTB Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar [x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit [x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong [x64] Key Found : HKCU\Software\AppDataLow\Toolbar ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8DE9056D-79DC-4DE9-A8F0-5BC112CE8DD0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\D4K!ZZ4\AppData\Roaming\Mozilla\Firefox\Profiles\13yvpel9.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [2074 octets] - [22/08/2012 18:01:37] ########## EOF - C:\AdwCleaner[R1].txt - [2202 octets] ########## |
22.08.2012, 17:31 | #6 |
/// Helfer-Team | GUV Trojaner entfernen von Windows7Pro Bitte das Malwarebytes Logfile posten! (Reiter Logberichte)
__________________ --> GUV Trojaner entfernen von Windows7Pro |
22.08.2012, 21:32 | #7 |
| GUV Trojaner entfernen von Windows7Pro Oh ganz vergessen, natürlich hier: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.18.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 D4K!ZZ4 :: WINDOWS7PC [Administrator] 21.08.2012 22:46:07 mbam-log-2012-08-22 (06-50-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 876634 Laufzeit: 3 Stunde(n), 5 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\D4K!ZZ4\Documents\ICQ\179214972\ReceivedFiles\348680733 Flogge\fff-ea95.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. (Ende) |
22.08.2012, 22:03 | #8 |
/// Helfer-Team | GUV Trojaner entfernen von Windows7Pro Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
23.08.2012, 23:07 | #9 |
| GUV Trojaner entfernen von Windows7Pro Hi, hier die neuen Logs. Vielen Dank schon mal. Grüße Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/23/2012 at 19:48:13 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : D4K!ZZ4 - WINDOWS7PC # Boot Mode : Normal # Running from : C:\Users\D4K!ZZ4\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\D4K!ZZ4\AppData\LocalLow\PriceGong Folder Deleted : C:\Program Files (x86)\DVDVideoSoftTB ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\DVDVideoSoftTB Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8DE9056D-79DC-4DE9-A8F0-5BC112CE8DD0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\D4K!ZZ4\AppData\Roaming\Mozilla\Firefox\Profiles\13yvpel9.default\prefs.js C:\Users\D4K!ZZ4\AppData\Roaming\Mozilla\Firefox\Profiles\13yvpel9.default\user.js ... Deleted ! [OK] File is clean. ************************* AdwCleaner[R1].txt - [2193 octets] - [22/08/2012 18:01:37] AdwCleaner[S1].txt - [1841 octets] - [23/08/2012 19:48:13] ########## EOF - C:\AdwCleaner[S1].txt - [1969 octets] ########## Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 23.08.2012 20:05:44 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, E:\, J:\ Archiv Scan: An ADS Scan: An Scan Beginn: 23.08.2012 20:08:13 c:\casino gefunden: Trace.File.carnivalcasino!E1 c:\program files (x86)\etoro\ gefunden: Trace.File.etoro!E1 c:\casino\ gefunden: Trace.File.21novacasino!E1 Value: hkey_current_user\software\classes\eurogrand --> url protocol gefunden: Trace.Registry.eurogrand casino!E1 Value: hkey_current_user\software\eurogrand casino --> options_sounds gefunden: Trace.Registry.eurogrand casino!E1 Value: hkey_current_user\software\eurogrand casino --> options_dealervoiceset gefunden: Trace.Registry.eurogrand casino!E1 Value: hkey_current_user\software\eurogrand casino --> options-fullscreen gefunden: Trace.Registry.eurogrand casino!E1 Value: hkey_current_user\software\eurogrand casino --> options-volume gefunden: Trace.Registry.eurogrand casino!E1 Value: hkey_current_user\software\eurogrand casino --> options_xlslots gefunden: Trace.Registry.eurogrand casino!E1 Value: hkey_current_user\software\eurogrand casino --> options_music gefunden: Trace.Registry.eurogrand casino!E1 Value: hkey_current_user\software\eurogrand casino --> options_dealervoices gefunden: Trace.Registry.eurogrand casino!E1 Key: hkey_local_machine\software\etoro gefunden: Trace.Registry.etoro!E1 Key: hkey_current_user\software\etoro gefunden: Trace.Registry.etoro!E1 C:\Windows\KMSEmulator.exe gefunden: Riskware.ActivationTool.KMS!E2 C:\Windows\SysWOW64\zipfldra.dll gefunden: possible-Threat.Patch.AnyDVD!E2 C:\Windows\System32\zipfldra.dll gefunden: possible-Threat.Patch.AnyDVD!E2 C:\Windows\Installer\38fe1.msi gefunden: possible-Thread.Patch.AnyDVD!E2 C:\Users\D4K!ZZ4\Documents\Fox Killer v8.exe gefunden: possible-Threat.Crack.AnyDVD!E2 C:\Users\D4K!ZZ4\Desktop\Dropbox\Dropbox\Done Flogge\xf-a2012-64bits.rar -> xf-adesk2012x64.exe gefunden: not-a-virus.Keygen.Autodesk2012!E2 C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD Registration.msi gefunden: possible-Thread.Patch.AnyDVD!E2 E:\Downloads\Master Collection CS5.5\Keygen\adobemasterkeygen55.exe gefunden: Riskware.Keygen.Adobe!E2 E:\Downloads\Master Collection CS5.5\Adobe.Creative.Suite.5.5.Master.Collection.GERMAN-DZ-PLZ\Keygen\adobemasterkeygen55.exe gefunden: Riskware.Keygen.Adobe!E2 E:\Downloads\Microsoft.Visio.Premium.2010VL.GERMAN\mini-KMS_Activator_v1.053.exe gefunden: possible-Threat.Activator.MSOffice!E2 E:\Downloads\AuInvP2013.W64.DE-XFO\Autodesk.Inventor.Pro.2013.WIN64.German-XFORCE\Keygen+Serial\Autodesk 2013 Keygen.rar -> xf-invpro2013_x32.exe gefunden: possible-Threat.XForce!E2 E:\Downloads\AuInvP2013.W64.DE-XFO\Autodesk.Inventor.Pro.2013.WIN64.German-XFORCE\Keygen+Serial\Autodesk 2013 Keygen.rar -> xf-invpro2013_x64.exe gefunden: possible-Threat.XForce!E2 E:\Downloads\Adobe CS5.5\Keygen\adobemasterkeygen55.exe gefunden: Riskware.Keygen.Adobe!E2 J:\Program Files\WinRAR\Zip.SFX gefunden: Trojan-Spy.Win32.Delf!E1 Gescannt 1128069 Gefunden 27 Scan Ende: 23.08.2012 23:52:12 Scan Zeit: 3:43:59 |
24.08.2012, 00:04 | #10 |
/// Helfer-Team | GUV Trojaner entfernen von Windows7Pro Die Benutzung von Cracks und Keygens ist illegal und verstoesst gegen unseren Kodex. Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
Themen zu GUV Trojaner entfernen von Windows7Pro |
7-zip, antivir, avira, backdoor.spynet, battle.net, bho, bonjour, conduit, converter, document, downloader, entfernen, error, firefox, flash player, format, google earth, helper, helper.exe, hängen, install.exe, install_0_msi.exe, jdownloader, langs, mozilla, mp3, nvidia update, object, officejet, plug-in, registry, remote control, rundll, scan, security, senden, software, svchost.exe, trojaner, visual studio, windows |