| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: incredibar entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.09.2012, 14:24
| #1 |
 |  incredibar entfernen? Hallo allerseits, auch ich bin leider Opfer der incredibar geworden (Memo an mich selbst: Ich lasse nie wieder meine Freundin unbeobachtet an meinen Laptop  ).Ich habe ein Thread gelesen, in dem ein anderer User das gleiche Problem hatte. Ich habe also schon mal adwcleaner einen Suchlauf machen lassen, hier die Log-Datei: Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/13/2012 um 15:22:04 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : * - *
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\8vo2kksq.default\prefs.js
Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb155?a=6PQFa1KfEy&loc=FF_NT");
*************************
AdwCleaner[R1].txt - [19585 octets] - [13/09/2012 15:00:17]
AdwCleaner[S1].txt - [19425 octets] - [13/09/2012 15:01:04]
AdwCleaner[R2].txt - [967 octets] - [13/09/2012 15:22:04]
########## EOF - C:\AdwCleaner[R2].txt - [1026 octets] ##########
 im Voraus!sorry habe ich vergessen, und hier noch das Logfile von Malwarebytes Antimalware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 * :: * [limitiert] Schutz: Aktiviert 13.09.2012 15:54:53 mbam-log-2012-09-13 (15-54-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366537 Laufzeit: 2 Stunde(n), 3 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b4350d425b12a4b86c30ba07f754f35
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-14 11:01:50
# local_time=2012-09-14 01:01:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 99240437 0 0
# compatibility_mode=8192 67108863 100 0 191 191 0 0
# scanned=182030
# found=11
# cleaned=0
# scan_time=9923
C:\Users\*\AppData\Local\Temp\53e83dd5315bfb1f928441c9b4618b68.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\*\AppData\Local\Temp\DTLite4453-0297.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\*\AppData\Local\Temp\DTLite4454-0315.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\*\AppData\Local\Temp\{09E950AA-7DEB-4EED-B9E6-FE8A9B56BF64}\{7644E42D-B096-457F-8B5B-901238FC81AE}\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\*\AppData\Local\Temp\{B803AB8B-039C-4E96-B3E5-8E70B3A5CF6C}\{7644E42D-B096-457F-8B5B-901238FC81AE}\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\*\AppData\Local\Temp\{C907D8B6-26A8-4130-9F1A-3D249388BCA1}\{7644E42D-B096-457F-8B5B-901238FC81AE}\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\*\Desktop\krims\Age of Empires 2 Windows 7 Patch\Aoe2wide.zip Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Users\*\Desktop\krims\Age of Empires 2 Windows 7 Patch\AoE2WideSetup.msi Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Users\*\Downloads\videora-ipod-600-setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
D:\*\Desktop\DriverSweeper_3.1.0.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
D:\*\Desktop\DriverSweeper_3.1.0.exe.part Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.09.2012 13:20:06 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\*\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,18% Memory free 7,99 Gb Paging File | 5,79 Gb Available in Paging File | 72,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 95,92 Gb Total Space | 22,01 Gb Free Space | 22,95% Space Free | Partition Type: NTFS Drive D: | 202,07 Gb Total Space | 75,02 Gb Free Space | 37,13% Space Free | Partition Type: NTFS Computer Name: * | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.) PRC - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - d:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe () PRC - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe () PRC - d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () PRC - d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.) PRC - D:\Program Files\Folding@Home\FahCore_a4.exe () PRC - D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () MOD - D:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISetting.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISms.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIPhoneBook.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIConnectRecord.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIMms.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIUssd.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIStk.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (UI Assistant Service) -- d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (OODefragAgent) -- D:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Virtual Router) -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Chris Pietschmann (hxxp://pietschsoft.com)) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Folding@home-CPU-[1]) -- D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys () DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.de/ IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 78 07 DD CA 4E CC 01 [binary data] IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2012.09.12 11:29:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.11 17:58:31 | 000,000,000 | ---D | M] [2012.07.24 16:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2012.08.27 08:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions [2012.08.16 06:55:03 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.05.21 15:45:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\ich@maltegoetz.de [2012.08.01 07:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\sk0l8w1k.default\extensions [2012.08.27 08:31:23 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8VO2KKSQ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI [2012.08.22 13:54:18 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- D:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX O1 HOSTS File: ([2012.01.15 20:00:20 | 000,000,878 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [OODefragTray] D:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HD Tune Pro] D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PDF7 Registry Controller] D:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFProHook] D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ICQ] d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.) O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24764378-0C4A-436A-AC70-FD84A931BC07}: NameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F90062A-0C59-4146-8AE6-8C198C4CD8FD}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCD6DDD-3DB9-4E91-A51C-2421A157DEDF}: DhcpNameServer = 212.23.115.132 212.23.115.148 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\AutoRun\command - "" = F:\aoesetup.exe /autorun O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dplay\command - "" = F:\DirectX\dplay61a.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxdiag\command - "" = F:\goodies\ar40deu.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxinfo\command - "" = F:\goodies\DirectX\dxinfo.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxtest\command - "" = F:\DirectX\dxdiag.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxtool\command - "" = F:\goodies\DirectX\dxtool.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\machine\command - "" = F:\goodies\machine\machine.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\setup\command - "" = F:\aoesetup.exe /autorun O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\zone\command - "" = F:\goodies\mszone\zonea600.exe O33 - MountPoints2\{23223ebe-860c-11e1-bbb9-485b399c3e6e}\Shell - "" = AutoRun O33 - MountPoints2\{23223ebe-860c-11e1-bbb9-485b399c3e6e}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{28bace54-babc-11e0-a37d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{28bace54-babc-11e0-a37d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (6)\*) O34 - HKLM BootExecute: (O\*) O34 - HKLM BootExecute: (OOD) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012.09.14 13:17:17 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2012.09.14 10:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.14 10:12:55 | 002,322,184 | ---- | C] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe [2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys [2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys [2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys [2012.09.14 09:38:40 | 000,011,776 | ---- | C] (MBB Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys [2012.09.14 09:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick [2012.09.13 15:52:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.13 15:51:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.13 15:49:09 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\*\Desktop\malware (3).exe [2012.09.13 15:04:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{BA1FD8C4-17B0-4503-9F27-634B0EFE0A52} [2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.12 11:26:29 | 017,653,976 | ---- | C] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe [2012.09.12 08:47:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E9EDE448-3830-436F-B1C6-E602769228A9} [2012.09.12 02:01:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 02:01:43 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 02:01:41 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 02:01:41 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router [2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Router [2012.08.28 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Chris_Pietschmann_(http__ [2012.08.28 21:08:41 | 000,000,000 | ---D | C] -- C:\UserData [2012.08.28 20:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB [2012.08.27 08:46:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Zeon [2012.08.26 16:05:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\FLEXnet [2012.08.22 13:54:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Nuance [2012.08.22 13:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.08.22 13:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2012.08.22 13:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Professional 7 [2012.08.22 13:54:22 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN [2012.08.22 13:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared [2012.08.22 13:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Zeon [2012.08.22 13:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012.08.16 06:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.08.16 06:53:30 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{463A350C-1AC3-4D0C-B327-87FCBAC00764} [2012.08.16 06:53:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5A722665-B236-4EC4-8411-393767937BAA} [2012.08.15 10:17:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 10:17:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 10:17:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 10:17:33 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 10:17:30 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 10:17:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 10:17:29 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.08.15 10:17:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 10:17:27 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 10:17:27 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 10:17:13 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.08.15 10:17:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 10:17:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 10:17:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 10:17:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 10:17:13 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 10:17:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 10:16:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.14 09:17:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{3FECEA40-17D1-4B9A-8152-C2612C40CF75} [2012.08.14 09:17:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{79D0E910-6A90-4CCD-9FCD-67D13AF3B8EB} [2012.08.12 07:38:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{DB5C4CB0-A938-415E-A4A3-7C5D065675D6} [2012.08.11 19:37:56 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1D0B88CF-2B7B-4B24-9C3C-DC67265A890D} [2012.08.11 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FB8DE1CE-92D2-4DD5-A855-5E66ABDD6CA9} [2012.08.04 10:10:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E87E9169-9EDE-4DC6-8CCC-CC2D8277F5BB} [2012.08.03 22:09:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F9353D21-C635-43D7-BA10-4ED51AE80AAF} [2012.08.03 10:08:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{AF06A3C4-F55C-4F7E-A40A-35057035A76B} [2012.08.02 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B6C7207D-8B92-4901-8456-E232835A4911} [2012.08.02 10:07:04 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{93E5EF85-06A7-4FF7-BA79-360671AF956A} [2012.08.01 07:13:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TuneUp Software [2012.08.01 07:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.08.01 07:12:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.08.01 07:12:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.08.01 07:11:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DVDVideoSoft [2012.07.31 21:16:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F68C03EF-C01D-4B56-932E-A6F7BDB6AC0F} [2012.07.31 21:16:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FBB03146-993C-4042-A546-0ABBC75F7D1D} [2012.07.31 21:07:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.07.29 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Macromedia [2012.07.29 17:29:36 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.29 17:28:20 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{8128FB8D-D4D9-4138-9FCF-456F939A63D9} [2012.07.29 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6EDB73E5-39A2-4EDE-B8BD-4B0110D6D715} [2012.07.29 15:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.07.29 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.07.29 15:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2012.09.14 13:17:24 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2012.09.14 12:44:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.14 10:12:57 | 002,322,184 | ---- | M] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe [2012.09.14 09:42:46 | 002,373,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.14 09:42:46 | 001,160,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.14 09:42:46 | 000,686,066 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.14 09:42:46 | 000,605,762 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.14 09:42:46 | 000,006,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.14 09:38:35 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.09.13 15:51:17 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.13 15:50:44 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\*\Desktop\malware (3).exe [2012.09.13 15:10:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 15:10:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 15:03:13 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.09.13 15:02:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.13 15:02:29 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys [2012.09.13 15:02:28 | 000,084,165 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.09.13 14:59:31 | 000,512,399 | ---- | M] () -- C:\Users\*\Desktop\malware (2).exe [2012.09.13 11:24:14 | 009,081,315 | ---- | M] () -- C:\Users\*\Desktop\malware (1).mp3 [2012.09.12 11:26:56 | 017,653,976 | ---- | M] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe [2012.09.12 11:10:38 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.09.12 11:10:38 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.09.08 13:15:45 | 000,002,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.28 20:51:01 | 001,059,840 | ---- | M] () -- C:\Users\*\Desktop\malware (1).msi [2012.08.22 20:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.08.22 20:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.08.22 13:54:24 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk [2012.08.16 06:54:18 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.08.16 03:22:06 | 000,416,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.13 11:34:14 | 000,036,862 | ---- | M] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg [2012.08.02 19:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.08.01 07:12:42 | 000,000,009 | ---- | M] () -- C:\END [2012.07.29 15:33:46 | 000,001,572 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.14 09:38:27 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.09.13 15:51:17 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.13 14:59:22 | 000,512,399 | ---- | C] () -- C:\Users\*\Desktop\malware (2).exe [2012.09.13 11:22:28 | 009,081,315 | ---- | C] () -- C:\Users\*\Desktop\malware (1).mp3 [2012.09.12 11:29:23 | 000,000,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.08 13:15:45 | 000,002,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2012.08.28 21:08:41 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml [2012.08.28 20:50:48 | 001,059,840 | ---- | C] () -- C:\Users\*\Desktop\malware (1).msi [2012.08.22 13:54:24 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk [2012.08.16 06:54:18 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.08.13 11:34:13 | 000,036,862 | ---- | C] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg [2012.08.01 07:12:41 | 000,000,009 | ---- | C] () -- C:\END [2012.07.29 17:29:45 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.29 15:33:46 | 000,001,572 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.05.01 11:59:36 | 000,040,960 | R--- | C] () -- C:\Windows\IGLobbyReg.exe [2012.04.22 11:44:54 | 001,604,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.09 00:00:58 | 000,001,745 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat [2011.09.09 00:00:49 | 000,001,241 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat [2011.09.09 00:00:40 | 000,003,024 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat [2011.09.09 00:00:23 | 000,003,297 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat [2011.09.09 00:00:08 | 000,003,149 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat [2011.09.08 23:59:51 | 000,003,009 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat [2011.09.08 23:59:35 | 000,003,018 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat [2011.09.08 23:59:17 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat [2011.09.08 23:56:01 | 000,011,412 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat [2011.09.08 23:55:09 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat [2011.09.08 23:55:04 | 000,513,200 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011.09.08 23:55:04 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011.07.31 19:38:07 | 000,000,977 | ---- | C] () -- C:\Windows\eReg.dat [2011.07.31 18:11:22 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.07.30 17:24:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.05.19 14:51:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ASCON Installer [2012.07.29 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BOM [2012.08.16 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite [2012.08.02 13:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft [2011.08.30 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\HD Tune Pro [2012.09.06 10:42:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ [2012.08.27 11:06:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nuance [2011.11.06 22:21:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\redsn0w [2012.05.13 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony [2011.08.28 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer [2011.09.17 10:27:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thinstall [2011.07.31 21:56:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TS3Client [2012.08.01 07:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software [2012.08.27 08:46:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeon [2009.07.14 07:08:49 | 000,021,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.09.2012 13:20:06 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\*\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,18% Memory free
7,99 Gb Paging File | 5,79 Gb Available in Paging File | 72,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,92 Gb Total Space | 22,01 Gb Free Space | 22,95% Space Free | Partition Type: NTFS
Drive D: | 202,07 Gb Total Space | 75,02 Gb Free Space | 37,13% Space Free | Partition Type: NTFS
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EDA83B0-27FA-432D-BC55-A5E3F6624E89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11C2953C-8A09-4752-ABC3-DFF2F67AC620}" = rport=137 | protocol=17 | dir=out | app=system |
"{142BD99D-EEA4-488D-B1EF-993DE5037FBA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1AB28611-F8C8-43B1-8BC5-AEEA4B48D81F}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E8F0BD9-8BFD-42CC-80F1-8B7A425A5A03}" = lport=139 | protocol=6 | dir=in | app=system |
"{21B7DB3B-1294-4962-94B5-DBB035B98F10}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E83DBF8-7AAA-43C2-A5E1-385953B3DE6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32B8D5C5-B0E6-40FF-9615-55BD4FBC4A95}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39F90102-78D5-4CA3-A9E8-D5637089880B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{592D1880-9092-46E6-9D55-FD8768BD5E2D}" = lport=137 | protocol=17 | dir=in | app=system |
"{63E37F15-8F55-4C7F-917B-83DD52396C0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{641B1646-02C8-4B4A-8404-C8F0E7A6E1C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77A4B856-3874-40F0-B0F9-77C4E608B4A3}" = lport=445 | protocol=6 | dir=in | app=system |
"{78F1B588-6447-468B-8C4F-2A1F367AE9BF}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\outlook.exe |
"{7CCE254C-C526-4D09-815A-28C219BD2190}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{839F8424-C177-458D-AE0C-7F8E48CC02E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85D535D4-552A-42C1-A80B-DF825F4526DD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9402DE2B-AF9A-410B-85AB-58798DD82F31}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD7C0946-47EC-4CB8-8837-DDD8C3D458EB}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AF0E0674-CB7D-4DB1-98D6-5B886DD506E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7A388F0-64B0-4321-B5EE-C4D903B25C82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB6AAB5D-39B0-4887-9EE6-27C6E018CE52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB9A8162-5BBB-4267-81A3-CF0F66887C1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C61E4086-4B74-4955-9AE1-497BAC9A3479}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DA565AB0-7B60-4562-8516-594349DE98D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF8F2213-AEDD-4676-B365-BAC7A8DCA73A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E11849E7-1823-4612-98CC-BAB229565FE6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E6629363-C61B-4193-9F5F-089A676FA7A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F28DB96F-3DFC-4588-91EF-688B98A48BB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F627736A-9C07-4E74-B7A4-B933102C72CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA2BE645-E9CB-404D-947C-216FDD55352D}" = lport=138 | protocol=17 | dir=in | app=system |
"{FFF1CF93-F39A-4493-8FE4-205057936DC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00335AD6-9D52-422F-BB4A-4EDACA2EBD94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{01C67AC3-DA4A-427A-AA33-63691E6B2A21}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0283E26D-0198-43BB-ADF7-3D2824DAB2AB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{04BE022C-00E8-4917-B65B-0FDE163AEEAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{06414655-B036-4C2C-89AF-ED94410E8128}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{093B7FDE-52ED-4F8E-A47D-64433859B5A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16A3165C-21B9-415C-8BB1-58A8FE9D7CC7}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{279F2BE1-C74D-4258-BB01-C2CC18D93E69}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{2AE1BFEE-E110-4F50-BCF3-4DDB6E90E3CE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{34FC590E-6696-46C0-A88C-69154452F74E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{36FC5ED4-EC32-4A9A-88AB-23C13B75249C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37CD80CF-639D-4A94-98A2-CC327BD7DA89}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3A7EC22D-4AF7-4FB1-BB80-6187FD3C61C7}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{51A1807D-81C2-49E1-8C2D-EFEB5A171A3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AD1A7F5-9E7D-4C66-86C3-60D0930C5C14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D67BD0C-7324-4CD0-8E79-89FE4855E038}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6178BA41-7D8D-4D7E-ADA6-090CAA6A1B70}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{672051A8-4011-48F2-8F4B-290FB7F10CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{682953B7-AE56-4E25-BF71-1E67E43C65B8}" = protocol=17 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{704F7AE3-9138-42E4-8C2C-E120C852B9A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73E0BB44-3A36-46E7-8CCC-56E98EC1370E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{766008AF-E49C-4DC8-964E-553EBA32C59C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{787D0C2A-2943-44B6-8194-55B21438E82B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79B494BD-05F4-4078-B23E-7F8BB7F3B930}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7BB14A4F-EDC1-42CC-8F9F-C3B9E9584960}" = protocol=6 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{7F875149-9A43-483E-B98F-2645755B1266}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"{876E6A99-2FCA-47C5-8BBE-EDB591DEE538}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{896C4C03-8AD8-496E-8DF0-19E403DA1E99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AFB2DAA-E1E9-4E7A-B618-6E828817427F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CCD9234-F593-41C2-B1B4-B2B7773D0212}" = protocol=6 | dir=out | app=system |
"{8E0B24AC-A7DD-4E7A-9217-58CA3AA2D1BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E214F9F-23CB-4E24-AE02-73C4AEE997C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{903A6FAE-1D4A-45A4-92C8-325F579E3FEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{90C263B9-6C45-4CDB-B033-7AC002DA29AE}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{9EA99183-507A-4152-AD62-F96F9DDF1DB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A01770D8-4147-45AB-9DFD-33857FF2D698}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A61CC20E-270F-441F-8486-8376F4E49754}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{A7CDCAD7-9205-4655-893E-F55B954E0716}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{AE9544A0-ACB0-4873-A798-EA1B319C96FB}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{B072EF32-2E13-4326-B0C8-FDF8C8382D3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B34D98D1-FC6B-4441-A622-D6506A4717AC}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{C586B53B-B964-4113-94A2-7C4DF96F9ED8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C7BC6012-DFE4-44C3-A488-B8D00331F4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{CC3A49F6-31DE-46DF-B05D-31F78321905B}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{CF6399B2-620C-45C1-9F36-E376C23F7EF6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D11951E6-C703-4FC7-B327-C0C1753B4E3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9F80F44-7349-4EA1-96C5-01D5E954F865}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{E28D0E79-C552-411F-9DD8-77D92F3DF39E}" = protocol=58 | dir=in | app=system |
"{EA77DC6E-939A-4BB3-B362-62C3EAEEBB88}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{EE7AAC3A-6060-4B2F-9EDD-2DCCEF3EA97B}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{FAE5915E-A1F0-4FF7-9085-75484590B986}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDF3374F-6ED2-42B8-8903-4D16DDE3FBB2}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"TCP Query User{36910637-98BE-47F9-BC8A-4410B057F05C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{4240073D-316F-4C7F-9986-9BFA276588E9}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{5C08ED59-AC5B-41CB-AE82-5E7EC50DC078}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{BCCB8D2C-E2C9-4696-90ED-BC6AD76E0C7D}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{11E37A08-E842-4D80-A226-795D76C3A086}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{17FF11C0-2014-4D2F-87BA-C02C7577A481}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{3C6FCD97-55B6-4B6D-90EF-25611139CD6C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{427D142D-94DB-4C38-B378-D08F73C27ED5}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CE7326-01AA-44C5-A323-45E52C5D4D0D}" = O&O Defrag Professional
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1934BCF7-A63A-4C1F-809D-2B33C8F03B8F}" = O&O PartitionManager Professional
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21D0374C-C358-0748-CAF9-7CBE65EB6FFF}" = AMD Fuel
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.0.2827 x64
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F84EB50D-0FCA-4E59-B18A-44CFA6BD7687}" = Nuance PDF Converter Professional 7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC8C70-66B9-420D-942C-2C2A8441C744}" = Imperial Glory
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.110.12050
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C82C515A-CAE3-44B3-B5CC-81C5E4A92E8F}" = Nero Prerequisite Installer 1.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBPowerAMP Mp2 and BwfMp2 codec" = dBPowerAMP Mp2 and BwfMp2 codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBPowerAMP Real Audio (Helix) Encoder" = dBPowerAMP Real Audio (Helix) Encoder
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"ESET Online Scanner" = ESET Online Scanner v3
"FLAC To MP3_is1" = FLAC To MP3 V4.0.4
"HD Tune Pro_is1" = HD Tune Pro 4.61
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Update Engine" = Sony Ericsson Update Engine
"Videora iPod Converter" = Videora iPod Converter 6
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.09.2012 03:37:18 | Computer Name = * | Source = RasClient | ID = 20227
Description =
Error - 14.09.2012 03:37:30 | Computer Name = * | Source = RasClient | ID = 20227
Description =
Error - 14.09.2012 03:39:25 | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Program Files
(x86)\1&1 Surf-Stick\Component\BKATProtocol.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.09.2012 03:39:25 | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Program Files
(x86)\1&1 Surf-Stick\Component\BKATProtocol.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.09.2012 03:42:43 | Computer Name = * | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 14.09.2012 03:42:43 | Computer Name = * | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 14.09.2012 03:42:43 | Computer Name = * | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 14.09.2012 04:12:56 | Computer Name = * | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*\Desktop\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 14.09.2012 04:12:57 | Computer Name = * | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*\Desktop\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 14.09.2012 04:13:01 | Computer Name = * | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*\Desktop\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 13.09.2012 14:28:39 | Computer Name = * | Source = ipnathlp | ID = 31004
Description =
Error - 14.09.2012 03:38:49 | Computer Name = * | Source = Service Control Manager | ID = 7030
Description = Der Dienst "UI Assistant Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 14.09.2012 03:41:14 | Computer Name = Lappy | Source = ipnathlp | ID = 31004
Description =
< End of report >
|
|
16.09.2012, 07:33
| #2 |
| /// the machine /// TB-Ausbilder    | incredibar entfernen? Hi,
__________________Sorry für die Verspätung. Brauchst Du immer noch Hilfe?
__________________ |
|
16.09.2012, 08:13
| #3 |
| | incredibar entfernen? morgen,
__________________macht doch nichts, ich vermute mal ich bin nicht der Einzige mit nem Wehwehchen  ja brauche noch Hilfe, ich habe mal bei adwcleaner auf Löschen geklickt, aber das brachte keine Besserung. Bei mir ist konkret das Problem, dass im Firefox die Startseite bei neuen Tabs immer wieder auf incredibar umgestellt wird. Ich hoffe es gibt Rettung für mich |
|
16.09.2012, 08:27
| #4 |
| /// the machine /// TB-Ausbilder | incredibar entfernen? Ok  Bitte poste ein neues OTL logfile, dann kümmern wir uns darum
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.09.2012, 09:16
| #5 |
| | incredibar entfernen? vielen lieben Dank Hier kommen die guten Stücke:OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.09.2012 09:49:03 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\*\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 43,46% Memory free 7,99 Gb Paging File | 5,59 Gb Available in Paging File | 69,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 95,92 Gb Total Space | 21,66 Gb Free Space | 22,58% Space Free | Partition Type: NTFS Drive D: | 202,07 Gb Total Space | 76,61 Gb Free Space | 37,91% Space Free | Partition Type: NTFS Computer Name: * | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.) PRC - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - d:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe () PRC - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe () PRC - d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () PRC - d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.) PRC - D:\Program Files\Folding@Home\FahCore_a4.exe () PRC - D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () MOD - D:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISetting.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISms.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIPhoneBook.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIConnectRecord.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIMms.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIUssd.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIStk.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (UI Assistant Service) -- d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (OODefragAgent) -- D:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Virtual Router) -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Chris Pietschmann (hxxp://pietschsoft.com)) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Folding@home-CPU-[1]) -- D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys () DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.de/ IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 78 07 DD CA 4E CC 01 [binary data] IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2012.09.12 11:29:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.11 17:58:31 | 000,000,000 | ---D | M] [2012.07.24 16:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2012.09.14 15:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions [2012.08.16 06:55:03 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.05.21 15:45:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\ich@maltegoetz.de [2012.09.14 15:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\staged [2012.08.01 07:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\sk0l8w1k.default\extensions [2012.08.01 07:12:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\sk0l8w1k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.27 08:31:23 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8VO2KKSQ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI [2012.08.22 13:54:18 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- D:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX O1 HOSTS File: ([2012.01.15 20:00:20 | 000,000,878 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [OODefragTray] D:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [FILSHtray] d:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH) O4 - HKLM..\Run: [HD Tune Pro] D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PDF7 Registry Controller] D:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFProHook] D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ICQ] d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.) O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24764378-0C4A-436A-AC70-FD84A931BC07}: NameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F90062A-0C59-4146-8AE6-8C198C4CD8FD}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCD6DDD-3DB9-4E91-A51C-2421A157DEDF}: DhcpNameServer = 212.23.115.132 212.23.115.148 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\AutoRun\command - "" = F:\aoesetup.exe /autorun O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dplay\command - "" = F:\DirectX\dplay61a.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxdiag\command - "" = F:\goodies\ar40deu.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxinfo\command - "" = F:\goodies\DirectX\dxinfo.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxtest\command - "" = F:\DirectX\dxdiag.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxtool\command - "" = F:\goodies\DirectX\dxtool.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\machine\command - "" = F:\goodies\machine\machine.exe O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\setup\command - "" = F:\aoesetup.exe /autorun O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\zone\command - "" = F:\goodies\mszone\zonea600.exe O33 - MountPoints2\{23223ebe-860c-11e1-bbb9-485b399c3e6e}\Shell - "" = AutoRun O33 - MountPoints2\{23223ebe-860c-11e1-bbb9-485b399c3e6e}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{28bace54-babc-11e0-a37d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{28bace54-babc-11e0-a37d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (6)\*) O34 - HKLM BootExecute: (O\*) O34 - HKLM BootExecute: (OOD) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012.09.14 13:17:17 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2012.09.14 10:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.14 10:12:55 | 002,322,184 | ---- | C] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe [2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys [2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys [2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys [2012.09.14 09:38:40 | 000,011,776 | ---- | C] (MBB Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys [2012.09.14 09:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick [2012.09.13 15:52:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.13 15:51:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.13 15:49:09 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\*\Desktop\malware (3).exe [2012.09.13 15:04:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{BA1FD8C4-17B0-4503-9F27-634B0EFE0A52} [2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.12 11:26:29 | 017,653,976 | ---- | C] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe [2012.09.12 08:47:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E9EDE448-3830-436F-B1C6-E602769228A9} [2012.09.12 02:01:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 02:01:43 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 02:01:41 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 02:01:41 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router [2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Router [2012.08.28 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Chris_Pietschmann_(http__ [2012.08.28 21:08:41 | 000,000,000 | ---D | C] -- C:\UserData [2012.08.28 20:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB [2012.08.27 08:46:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Zeon [2012.08.26 16:05:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\FLEXnet [2012.08.22 13:54:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Nuance [2012.08.22 13:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.08.22 13:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2012.08.22 13:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Professional 7 [2012.08.22 13:54:22 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN [2012.08.22 13:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared [2012.08.22 13:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Zeon [2012.08.22 13:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012.08.16 06:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.08.16 06:53:30 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{463A350C-1AC3-4D0C-B327-87FCBAC00764} [2012.08.16 06:53:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5A722665-B236-4EC4-8411-393767937BAA} [2012.08.15 10:17:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 10:17:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 10:17:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 10:17:33 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 10:17:30 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 10:17:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 10:17:29 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.08.15 10:17:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 10:17:27 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 10:17:27 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 10:17:13 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.08.15 10:17:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 10:17:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 10:17:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 10:17:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 10:17:13 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 10:17:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 10:16:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.14 09:17:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{3FECEA40-17D1-4B9A-8152-C2612C40CF75} [2012.08.14 09:17:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{79D0E910-6A90-4CCD-9FCD-67D13AF3B8EB} [2012.08.12 07:38:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{DB5C4CB0-A938-415E-A4A3-7C5D065675D6} [2012.08.11 19:37:56 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1D0B88CF-2B7B-4B24-9C3C-DC67265A890D} [2012.08.11 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FB8DE1CE-92D2-4DD5-A855-5E66ABDD6CA9} [2012.08.04 10:10:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E87E9169-9EDE-4DC6-8CCC-CC2D8277F5BB} [2012.08.03 22:09:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F9353D21-C635-43D7-BA10-4ED51AE80AAF} [2012.08.03 10:08:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{AF06A3C4-F55C-4F7E-A40A-35057035A76B} [2012.08.02 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B6C7207D-8B92-4901-8456-E232835A4911} [2012.08.02 10:07:04 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{93E5EF85-06A7-4FF7-BA79-360671AF956A} [2012.08.01 07:13:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TuneUp Software [2012.08.01 07:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.08.01 07:12:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.08.01 07:12:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.08.01 07:11:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DVDVideoSoft [2012.07.31 21:16:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F68C03EF-C01D-4B56-932E-A6F7BDB6AC0F} [2012.07.31 21:16:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FBB03146-993C-4042-A546-0ABBC75F7D1D} [2012.07.31 21:07:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.07.29 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Macromedia [2012.07.29 17:29:36 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.29 17:28:20 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{8128FB8D-D4D9-4138-9FCF-456F939A63D9} [2012.07.29 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6EDB73E5-39A2-4EDE-B8BD-4B0110D6D715} [2012.07.29 15:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.07.29 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.07.29 15:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.07.28 12:59:27 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\ Spiele [18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2012.09.16 09:47:27 | 002,417,808 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.16 09:47:27 | 001,174,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.16 09:47:27 | 000,700,274 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.16 09:47:27 | 000,618,572 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.16 09:47:27 | 000,006,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.16 09:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.14 13:17:24 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2012.09.14 10:12:57 | 002,322,184 | ---- | M] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe [2012.09.14 09:38:35 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.09.13 15:51:17 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.13 15:50:44 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\*\Desktop\malware (3).exe [2012.09.13 15:10:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 15:10:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 15:03:13 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.09.13 15:02:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.13 15:02:29 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys [2012.09.13 15:02:28 | 000,084,165 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.09.13 14:59:31 | 000,512,399 | ---- | M] () -- C:\Users\*\Desktop\adwcleaner.exe [2012.09.13 11:24:14 | 009,081,315 | ---- | M] () -- C:\Users\*\Desktop\malware (1).mp3 [2012.09.12 11:26:56 | 017,653,976 | ---- | M] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe [2012.09.12 11:10:38 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.09.12 11:10:38 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.09.08 13:15:45 | 000,002,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.28 20:51:01 | 001,059,840 | ---- | M] () -- C:\Users\*\Desktop\virtualrouter.msi [2012.08.22 20:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.08.22 20:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.08.22 13:54:24 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk [2012.08.16 06:54:18 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.08.16 03:22:06 | 000,416,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.13 11:34:14 | 000,036,862 | ---- | M] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg [2012.08.02 19:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.08.01 07:12:42 | 000,000,009 | ---- | M] () -- C:\END [2012.07.29 15:33:46 | 000,001,572 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.07.28 13:12:20 | 003,910,192 | ---- | M] () -- C:\Users\*\Desktop\des 0.9.7.zip [18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.14 09:38:27 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.09.13 15:51:17 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.13 14:59:22 | 000,512,399 | ---- | C] () -- C:\Users\*\Desktop\adwcleaner.exe [2012.09.13 11:22:28 | 009,081,315 | ---- | C] () -- C:\Users\*\Desktop\malware (1).mp3 [2012.09.12 11:29:23 | 000,000,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.08 13:15:45 | 000,002,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2012.09.03 19:42:50 | 000,095,872 | ---- | C] () -- C:\Users\*\Desktop\schneller Kotzer.3gp [2012.08.28 21:08:41 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml [2012.08.28 20:50:48 | 001,059,840 | ---- | C] () -- C:\Users\*\Desktop\virtualrouter.msi [2012.08.26 11:16:13 | 000,096,625 | ---- | C] () -- C:\Users\*\Desktop\Harter Stoff.3gp [2012.08.26 11:16:13 | 000,045,596 | ---- | C] () -- C:\Users\*\Desktop\Fast gekotzt.3gp [2012.08.22 13:54:24 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk [2012.08.16 06:54:18 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.08.13 11:34:13 | 000,036,862 | ---- | C] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg [2012.08.01 07:12:41 | 000,000,009 | ---- | C] () -- C:\END [2012.07.29 17:29:45 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.29 15:33:46 | 000,001,572 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.07.28 13:12:20 | 003,910,192 | ---- | C] () -- C:\Users\*\Desktop\des 0.9.7.zip [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.05.01 11:59:36 | 000,040,960 | R--- | C] () -- C:\Windows\IGLobbyReg.exe [2012.04.22 11:44:54 | 001,604,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.09 00:00:58 | 000,001,745 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat [2011.09.09 00:00:49 | 000,001,241 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat [2011.09.09 00:00:40 | 000,003,024 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat [2011.09.09 00:00:23 | 000,003,297 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat [2011.09.09 00:00:08 | 000,003,149 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat [2011.09.08 23:59:51 | 000,003,009 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat [2011.09.08 23:59:35 | 000,003,018 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat [2011.09.08 23:59:17 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat [2011.09.08 23:56:01 | 000,011,412 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat [2011.09.08 23:55:09 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat [2011.09.08 23:55:04 | 000,513,200 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011.09.08 23:55:04 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011.07.31 19:38:07 | 000,000,977 | ---- | C] () -- C:\Windows\eReg.dat [2011.07.31 18:11:22 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.07.30 17:24:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.05.19 14:51:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ASCON Installer [2012.07.29 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BOM [2012.08.16 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite [2012.08.02 13:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft [2011.08.30 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\HD Tune Pro [2012.09.06 10:42:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ [2012.08.27 11:06:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nuance [2011.11.06 22:21:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\redsn0w [2012.05.13 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony [2011.08.28 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer [2011.09.17 10:27:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thinstall [2011.07.31 21:56:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TS3Client [2012.08.01 07:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software [2012.08.27 08:46:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeon [2009.07.14 07:08:49 | 000,021,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.09.2012 09:49:03 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\*\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 43,46% Memory free
7,99 Gb Paging File | 5,59 Gb Available in Paging File | 69,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,92 Gb Total Space | 21,66 Gb Free Space | 22,58% Space Free | Partition Type: NTFS
Drive D: | 202,07 Gb Total Space | 76,61 Gb Free Space | 37,91% Space Free | Partition Type: NTFS
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EDA83B0-27FA-432D-BC55-A5E3F6624E89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11C2953C-8A09-4752-ABC3-DFF2F67AC620}" = rport=137 | protocol=17 | dir=out | app=system |
"{142BD99D-EEA4-488D-B1EF-993DE5037FBA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1AB28611-F8C8-43B1-8BC5-AEEA4B48D81F}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E8F0BD9-8BFD-42CC-80F1-8B7A425A5A03}" = lport=139 | protocol=6 | dir=in | app=system |
"{21B7DB3B-1294-4962-94B5-DBB035B98F10}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E83DBF8-7AAA-43C2-A5E1-385953B3DE6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32B8D5C5-B0E6-40FF-9615-55BD4FBC4A95}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39F90102-78D5-4CA3-A9E8-D5637089880B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{592D1880-9092-46E6-9D55-FD8768BD5E2D}" = lport=137 | protocol=17 | dir=in | app=system |
"{63E37F15-8F55-4C7F-917B-83DD52396C0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{641B1646-02C8-4B4A-8404-C8F0E7A6E1C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77A4B856-3874-40F0-B0F9-77C4E608B4A3}" = lport=445 | protocol=6 | dir=in | app=system |
"{78F1B588-6447-468B-8C4F-2A1F367AE9BF}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\outlook.exe |
"{7CCE254C-C526-4D09-815A-28C219BD2190}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{839F8424-C177-458D-AE0C-7F8E48CC02E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85D535D4-552A-42C1-A80B-DF825F4526DD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9402DE2B-AF9A-410B-85AB-58798DD82F31}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD7C0946-47EC-4CB8-8837-DDD8C3D458EB}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AF0E0674-CB7D-4DB1-98D6-5B886DD506E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7A388F0-64B0-4321-B5EE-C4D903B25C82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB6AAB5D-39B0-4887-9EE6-27C6E018CE52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB9A8162-5BBB-4267-81A3-CF0F66887C1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C61E4086-4B74-4955-9AE1-497BAC9A3479}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DA565AB0-7B60-4562-8516-594349DE98D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF8F2213-AEDD-4676-B365-BAC7A8DCA73A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E11849E7-1823-4612-98CC-BAB229565FE6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E6629363-C61B-4193-9F5F-089A676FA7A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F28DB96F-3DFC-4588-91EF-688B98A48BB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F627736A-9C07-4E74-B7A4-B933102C72CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA2BE645-E9CB-404D-947C-216FDD55352D}" = lport=138 | protocol=17 | dir=in | app=system |
"{FFF1CF93-F39A-4493-8FE4-205057936DC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00335AD6-9D52-422F-BB4A-4EDACA2EBD94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{01C67AC3-DA4A-427A-AA33-63691E6B2A21}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0283E26D-0198-43BB-ADF7-3D2824DAB2AB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{04BE022C-00E8-4917-B65B-0FDE163AEEAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{06414655-B036-4C2C-89AF-ED94410E8128}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{093B7FDE-52ED-4F8E-A47D-64433859B5A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16A3165C-21B9-415C-8BB1-58A8FE9D7CC7}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{279F2BE1-C74D-4258-BB01-C2CC18D93E69}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{2AE1BFEE-E110-4F50-BCF3-4DDB6E90E3CE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{34FC590E-6696-46C0-A88C-69154452F74E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{36FC5ED4-EC32-4A9A-88AB-23C13B75249C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37CD80CF-639D-4A94-98A2-CC327BD7DA89}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3A7EC22D-4AF7-4FB1-BB80-6187FD3C61C7}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{51A1807D-81C2-49E1-8C2D-EFEB5A171A3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AD1A7F5-9E7D-4C66-86C3-60D0930C5C14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D67BD0C-7324-4CD0-8E79-89FE4855E038}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6178BA41-7D8D-4D7E-ADA6-090CAA6A1B70}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{672051A8-4011-48F2-8F4B-290FB7F10CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{682953B7-AE56-4E25-BF71-1E67E43C65B8}" = protocol=17 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{704F7AE3-9138-42E4-8C2C-E120C852B9A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73E0BB44-3A36-46E7-8CCC-56E98EC1370E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{766008AF-E49C-4DC8-964E-553EBA32C59C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{787D0C2A-2943-44B6-8194-55B21438E82B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79B494BD-05F4-4078-B23E-7F8BB7F3B930}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7BB14A4F-EDC1-42CC-8F9F-C3B9E9584960}" = protocol=6 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{7F875149-9A43-483E-B98F-2645755B1266}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"{896C4C03-8AD8-496E-8DF0-19E403DA1E99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AFB2DAA-E1E9-4E7A-B618-6E828817427F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CCD9234-F593-41C2-B1B4-B2B7773D0212}" = protocol=6 | dir=out | app=system |
"{8E0B24AC-A7DD-4E7A-9217-58CA3AA2D1BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E214F9F-23CB-4E24-AE02-73C4AEE997C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{903A6FAE-1D4A-45A4-92C8-325F579E3FEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{90C263B9-6C45-4CDB-B033-7AC002DA29AE}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{9EA99183-507A-4152-AD62-F96F9DDF1DB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A01770D8-4147-45AB-9DFD-33857FF2D698}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A61CC20E-270F-441F-8486-8376F4E49754}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{A7CDCAD7-9205-4655-893E-F55B954E0716}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{AE9544A0-ACB0-4873-A798-EA1B319C96FB}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{B072EF32-2E13-4326-B0C8-FDF8C8382D3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B34D98D1-FC6B-4441-A622-D6506A4717AC}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{C586B53B-B964-4113-94A2-7C4DF96F9ED8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C7BC6012-DFE4-44C3-A488-B8D00331F4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{CC3A49F6-31DE-46DF-B05D-31F78321905B}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{CF6399B2-620C-45C1-9F36-E376C23F7EF6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D11951E6-C703-4FC7-B327-C0C1753B4E3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9F80F44-7349-4EA1-96C5-01D5E954F865}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{EA77DC6E-939A-4BB3-B362-62C3EAEEBB88}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{EE7AAC3A-6060-4B2F-9EDD-2DCCEF3EA97B}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{F96E646B-58AC-42D8-BE93-08924E0A60F7}" = protocol=58 | dir=in | app=system |
"{FAE5915E-A1F0-4FF7-9085-75484590B986}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDF3374F-6ED2-42B8-8903-4D16DDE3FBB2}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{FDFE809D-7953-4A42-A01D-3D243CE0D4D0}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"TCP Query User{36910637-98BE-47F9-BC8A-4410B057F05C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{4240073D-316F-4C7F-9986-9BFA276588E9}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{5C08ED59-AC5B-41CB-AE82-5E7EC50DC078}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{BCCB8D2C-E2C9-4696-90ED-BC6AD76E0C7D}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{11E37A08-E842-4D80-A226-795D76C3A086}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{17FF11C0-2014-4D2F-87BA-C02C7577A481}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{3C6FCD97-55B6-4B6D-90EF-25611139CD6C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{427D142D-94DB-4C38-B378-D08F73C27ED5}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CE7326-01AA-44C5-A323-45E52C5D4D0D}" = O&O Defrag Professional
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1934BCF7-A63A-4C1F-809D-2B33C8F03B8F}" = O&O PartitionManager Professional
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21D0374C-C358-0748-CAF9-7CBE65EB6FFF}" = AMD Fuel
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.0.2827 x64
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F84EB50D-0FCA-4E59-B18A-44CFA6BD7687}" = Nuance PDF Converter Professional 7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0844CC2A-512E-4BA1-872B-02887E7A2672}" = FILSHtray
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC8C70-66B9-420D-942C-2C2A8441C744}" = Imperial Glory
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.11
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.110.12050
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C82C515A-CAE3-44B3-B5CC-81C5E4A92E8F}" = Nero Prerequisite Installer 1.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBPowerAMP Mp2 and BwfMp2 codec" = dBPowerAMP Mp2 and BwfMp2 codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBPowerAMP Real Audio (Helix) Encoder" = dBPowerAMP Real Audio (Helix) Encoder
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"ESET Online Scanner" = ESET Online Scanner v3
"FLAC To MP3_is1" = FLAC To MP3 V4.0.4
"HD Tune Pro_is1" = HD Tune Pro 4.61
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Update Engine" = Sony Ericsson Update Engine
"Videora iPod Converter" = Videora iPod Converter 6
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.09.2012 13:55:52 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 14.09.2012 13:55:52 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 14.09.2012 18:32:26 | Computer Name = Lappy | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 14.09.2012 18:34:37 | Computer Name = Lappy | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\*\Desktop\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 16.09.2012 03:11:28 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 16.09.2012 03:11:28 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 16.09.2012 03:11:28 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 16.09.2012 03:47:24 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 16.09.2012 03:47:24 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 16.09.2012 03:47:24 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 15.09.2012 14:01:39 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 15.09.2012 14:01:39 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
< End of report >
|
|
16.09.2012, 09:27
| #6 |
| /// the machine /// TB-Ausbilder | incredibar entfernen? Hi, ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. (ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)
__________________ --> incredibar entfernen? |
|
16.09.2012, 09:42
| #8 |
| /// the machine /// TB-Ausbilder | incredibar entfernen? Nee laut anleitung sollst du CCleaner vorher noch laufen lassen, kannst du aber weg lassen. lade combofix und lass es direkt laufen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.09.2012, 10:49
| #9 |
| | incredibar entfernen? ich glaube hier ist leider was schief gegangen... Ich bin auf meinen PC ausgewichen, weil seitdem combofix auf meinem Laptop fertig war, kann ich keine Datien und Programme mehr öffnen. Die Fehlermeldung lautet "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde." Ich konnte das Logfile aber auf einen Stick kopieren, hier ist es: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-09-15.02 - * 16.09.2012 10:47:04.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.2363 [GMT 2:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\SET3405.tmp
c:\windows\SysWow64\SET356E.tmp
c:\windows\SysWow64\SET4D1E.tmp
c:\windows\SysWow64\SET531C.tmp
c:\windows\SysWow64\SET536C.tmp
c:\windows\SysWow64\SET55B5.tmp
c:\windows\SysWow64\SET5707.tmp
c:\windows\SysWow64\SET5AD0.tmp
c:\windows\SysWow64\SET65E0.tmp
c:\windows\SysWow64\SET7041.tmp
c:\windows\SysWow64\SET70DF.tmp
c:\windows\SysWow64\SET7348.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-16 bis 2012-09-16 ))))))))))))))))))))))))))))))
.
.
2012-09-16 08:58 . 2012-09-16 08:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-14 10:20 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1509450-77D2-48DF-A09B-D5489B3D1501}\mpengine.dll
2012-09-14 08:13 . 2012-09-14 08:13 -------- d-----w- c:\program files (x86)\ESET
2012-09-14 07:38 . 2011-03-26 08:37 123520 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-09-14 07:38 . 2011-03-26 08:37 123520 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-09-14 07:38 . 2011-03-26 08:37 123520 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-09-14 07:38 . 2011-03-26 08:37 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-09-13 13:52 . 2012-09-13 13:52 -------- d-----w- c:\users\*\AppData\Roaming\Malwarebytes
2012-09-13 13:51 . 2012-09-13 13:51 -------- d-----w- c:\programdata\Malwarebytes
2012-09-13 13:51 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 09:29 . 2012-09-12 09:29 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-12 00:01 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 00:01 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 00:01 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 00:01 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 00:01 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 00:01 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 00:01 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-08 11:15 . 2012-09-08 11:15 -------- d-----w- c:\program files (x86)\Virtual Router
2012-08-28 19:10 . 2012-09-08 11:20 -------- d-----w- c:\users\*\AppData\Local\Chris_Pietschmann_(http__
2012-08-28 19:08 . 2012-08-28 19:08 -------- d-----w- C:\UserData
2012-08-28 18:47 . 2012-09-14 07:38 -------- d-----w- c:\windows\SysWow64\SupportAppCB
2012-08-27 06:46 . 2012-08-27 06:46 -------- d-----w- c:\users\*\AppData\Roaming\Zeon
2012-08-26 14:05 . 2012-08-26 14:05 -------- d-----w- c:\users\*\AppData\Roaming\FLEXnet
2012-08-22 11:54 . 2012-08-27 09:06 -------- d-----w- c:\users\*\AppData\Roaming\Nuance
2012-08-22 11:54 . 2012-08-27 06:46 -------- d-----w- c:\programdata\Nuance
2012-08-22 11:54 . 2012-08-22 11:54 -------- d-----w- c:\windows\PIXTRAN
2012-08-22 11:53 . 2012-08-22 11:53 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared
2012-08-22 11:53 . 2012-08-22 11:53 -------- d-----w- c:\programdata\Zeon
2012-08-22 11:53 . 2012-08-22 11:53 -------- d-----w- c:\programdata\FLEXnet
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 09:10 . 2012-07-29 15:29 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-12 09:10 . 2011-07-30 22:21 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 01:01 . 2011-08-01 13:45 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-18 18:15 . 2012-08-15 08:16 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-05 10:14 . 2012-07-05 10:14 45056 ----a-r- c:\users\*\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe
2012-07-05 10:14 . 2012-07-05 10:14 45056 ----a-r- c:\users\*\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe
2012-07-04 22:16 . 2012-08-15 08:17 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 08:17 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 08:17 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 08:17 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-27 07:06 . 2012-08-15 08:17 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-06-27 07:06 . 2012-08-15 08:17 1494016 ----a-w- c:\windows\system32\urlmon.dll
2012-06-27 07:06 . 2012-08-15 08:17 134144 ----a-w- c:\windows\system32\url.dll
2012-06-27 07:03 . 2012-08-15 08:17 9059840 ----a-w- c:\windows\system32\mshtml.dll
2012-06-27 07:03 . 2012-08-15 08:17 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-27 07:03 . 2012-08-15 08:17 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-27 07:02 . 2012-08-15 08:17 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-27 07:02 . 2012-08-15 08:17 247808 ----a-w- c:\windows\system32\ieui.dll
2012-06-27 07:02 . 2012-08-15 08:17 2453504 ----a-w- c:\windows\system32\iertutil.dll
2012-06-27 07:02 . 2012-08-15 08:17 12297216 ----a-w- c:\windows\system32\ieframe.dll
2012-06-27 05:53 . 2012-08-15 08:17 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-27 04:53 . 2012-08-15 08:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-27 04:10 . 2012-08-15 08:17 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="d:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-10 127040]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"FILSHtray"="d:\program files (x86)\FILSHtray\FILSHtray.exe" [2012-04-18 594432]
"avgnt"="d:\program files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"PDF7 Registry Controller"="d:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe" [2011-09-09 141160]
"PDFProHook"="d:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe" [2011-09-09 1787752]
"UIExec"="d:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2012-01-17 153424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FILSHtray.lnk - d:\program files (x86)\FILSHtray\FILSHtray.exe [2012-4-18 594432]
Virtual Router Manager.lnk - c:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe [2012-9-8 22486]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\06)\*\0O\*\0OOD\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 250568]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-05-13 13352]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 11776]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AntiVirSchedulerService;Avira Planer;d:\program files (x86)\Avira\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 OODefragAgent;O&O Defrag;d:\program files\OO Software\Defrag\oodag.exe [2011-09-18 3271496]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 UI Assistant Service;UI Assistant Service;d:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2012-01-17 270672]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 09:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="d:\program files\OO Software\Defrag\oodtray.exe" [2011-09-18 3993416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 7 - d:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - d:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\8vo2kksq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="2E07381C400BD9A8F6D1D03099BC9D23CA4E2C88CE6FF3B6B56E3323BB06BA26CC5452C20273BDC113B0DE41881780FC25AD4AF15A3C5CA03D7027954D9FE9FD83A67D5BFB01C3BC2E26F0F30ACC09376E1AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B555A3D7771CAC1FC3E8DE303256923E454E6A727D09D4027A3ACEF6E2DC488C2198D4B0B165887C0A6A26B9524D82C70EE7C2F7570953AACCCA4651E79E729B3D93FDEAF7FA315C8AEE477FD3DC830F4BA04C3DF1C49EE4FE80023BA38065535B8E807D89BD25E5F28CA3815837A01320AD85E97760EEA7C754BC26673725446B64F3BEF91355E2081DCFA25A8FD9F5C3091F09E401F011F480E4E553F82BA2EDAFA5EEB16228BF1DBC1428A522207E80737F898C52C2DFE5049C33DF8364C8F5CF932DEA9977901E4CECBBDCAB5C9837EB40BF1581FB778E213A2AD615B2322F6AF10138A7928909F18B6E726EE9525ABAAEE2F64321E07861C94CD571E98056E728D2FA82B9856F1653B0B12F165F7169CA0E01CD3047BD0D887CD26054F93CF250706B22A40279675DD7B5B6259597454C41D3DA187A90B6E803912D2E84C5FC3D0A9604FB215F54F5216ED44D70FB611CDEE5A93E6E36AE928EAF2828AE6EB86F365BA75EA870149EA923D93A8FE214D7AF027CF8BB840CDEAC19A4E7AAC0209FED6C92DC038E9F8A736A9B0BB3A1F6505D431A961DE72CDCD3117A864A5FEE398ED24E7FBC3133A3653374D14625E80B791E4D547362ACCFDAB08410897F245C596B65BE09605185CA3CC017506C8A41F457E4684387F0AC0061A486036A04DAF3646A89BCBC3E80CF1BE3D48289C3622908B379B2FEA09E62E03B5E797C97BDE7C0EF4053F6039908B741F92E253D8FD01F10248F85A58507C23281D028AB41225A90BAE8D56C8969D0446A4AFA669B8BDD5379476BB0F1546EF44D91724E53F55BE74341B38D3C5075DA7BF2D8F0135C5A5E7B701433AA991E7210E874D59795C41795417EB852780B75FA66A1D232AAFD1323C0F9662B06DF1F1228DB58659D69436571B90A2106CA8925874FC66B4206D75D952744A12E98F20A44E8B3C988F193D802F9DB30FDC092AEDC6AC9E1D10597086E3D0C700A7CE72756F20802B9D93689446AD13CCCCE8BBD12141FF26DE0C0F96FEFC0AEF6187E871BE0380576EFDA06AD49CFB63FA7F8EEF47ECB280C5346F8DF87A9A5B3C8BA4372316D76665936CE58687E4387D5DE4E7AF09BC50AE99DC1ABE052D5E543A461E17513B4190E015B812FCBB93D35C66137C69A402685C284636B096F168C46DF9251D9CD7F57F8950C9669A75AF7BE9FE6701D41835DB4E53A2B61DA2F01312F52"
"OODEFRAG14.00.00.01PROFESSIONAL"="FC5523A3D9F765DDA4262A395C5DC11BF8E5126BCEEC4546742F6F65993EB000FE67BC9A13323D95518E007BECA4FBD2ECD6EFF53472CDB3A4952CC45C51DFD1B0FE0D8FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933FEBC9E127BECC74CC038D530D6EB3452523DA9E16EDBFBC600F051436EF2F132C337CCCC1879E69ABF1DA27472933479D8774BE4BBD34C1FC4B7B67481EEFAD0279460EA414F47BAC178EB9FA8EB5BAC34CADDDB54767DB1C701DB18A95C1CE94F077D013C0B6B3E14EF31D3441409DE57FCAE022795BB965E6FF42E0976BCEA123064737AF59187ACC3DB79A8057686F80AEC6526F459FB9FDA9C8B4371E5D58865B7F971501C9045E2B650BBAB7E3393202E6ACB4E4A23E7CF4E5782F1C5C110AD7DA19C4C12E1DD74F168E866210267A1E946924E28DF588C6D8D71142CD849C59E4C76119E1D36D09EA71E0A0329F7A5FC84F8962F9CD3843EFCC1E392D91A1FEB2D83B910F3D68636C8CEDD6BEF0BF4288385BB41D602E0EA4AA8639016ABDD964E48D55B2E08D61358F11FC6B22D100F75BC47E120D1FA806D5D8AE4F3E9D9340CCD679426D737F53A01FCA4E22D29BB632D35BA9BEFE3F0321EC071EE8620C097A2E6F74D1AD100A17B9CB8031D2618A563F61906D3DD90382BE6BB93F7711A75D83DE4A464023A99E2155CACD421F6EBF573ECA933E119F1484C6E05F44282FC054B5DC410DB1180BFF1090CEF698AB97A004CE88A9A28A9BDB8D5F87D3BA0DD41E309D83C2452879AB3DF604D016DE40DEC6E399A683F79DA65E43BD0B8FE96AACCB19FC953303304CE257F8F1F9A184EF9322368DDC351EC80B2A874CA0B7C6442C76C601845DF0D2BC0501F2FF15261DB16C53A427EF3CBACF6B3B13697B712F25C2868538A394E243D4FA5CC3966EC3C42CF9D129EFBCC7F116316F35B47DE82A8CB121CE0C1DF8ACC0E134D98FB9E37FC88617C33D2CF8281D17130717978078567CEB909CF6222C0AE1AB51C0DA3DF34C89BE4B33A33B4702DDA4B56F38F0B731FD3AA2E8B782393EBB241B4E83239F87D22627744DB87A436A95AEE30DA8F14289C2059F44739DF10185EB5B07F3C7F2793423ED7B3608F457CA5FE7A9285AED0E5807B5CFA0565FB48AED7DC49D7215DCE02A6B3271AC0C3B229B2F2F5D52EF533E4E567421907A4878938B74E6A5A4777D5B8E42683EEB07396981045D9A18B491BD090CE7ECE125CF9D6DF524BCCA2F526DC51A5DDF39DA7D1219847E1BB99B32458A4D632E76012BD19C79C43BC40F68C60AF9D5ECC30FA72A4AAC430D4BABFB5FBC716A222BE37C64538F88E1487EA5B738B0C309CA4DEC55D360C7B651D01B81EEC4B35F1F220BD89C8B7DDDD6F0613AD44"
"OODEFRAG15.00.00.01PROFESSIONAL"="30EEDEA95207436E397DDEA6F70B72F617DECE23F6113ED2CD369DD72CE1A85DA9ABB4CA2292E3B89EC00EB35A1FF9C6F9AD01F4E993D2246E5AF01FE9C806B261D9470830AD753F1384B4745D2042AA9393D1C9B85B0D29055882575D6F8314B2FAB0AEB54BC444F1D2D28549DA0E03DA42472FD72C3F0749AA7B2147312A06B374610F6002AD4D4E9B3D09583C2FF67ED03C372FEE54A42534D920DE1096CE2B909D7DD28AA3A2E9AE1D24B8590CEF61BBDC79FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74C787376447A447E3B6C67441FD3D27FBC396BD2F0F12A36FD74261051DBB6C1EEED59A6F6D50F5A7FFB7B2DA40C4F2C999DE525A29D93FD27608DD0D8F0742826A04E4B60D41DE2D39544823DF46D555E2E34EE13262908AEB90B2BFBEDBF953CEA66CEE1721A39769F2DA36D2AFE22B87EBAA306DE082053E21BC8E1051E18209BD52F9F6192D1A7F4C405F8F63D0CDB17804C80D3AF63DAB0DF676F207A944874F6FE82047AF62F653E2D6CDDC25FFE74B384CF4306C78C6B9CD7D2D8A041ABAAC763B8F42843D4B2EFB793948E405B06A27C819FD190B251BAFEFB7F432BC8E8E998B3FED5A86895D6D282048323B0B0C278E9103FDB1E9248581E1776B01ECCA3EA27A3216B38368EC30F4A6BD1C0CB29D1206E6195215474ED32D73408B2685EBD8D170D251DB65C6052B8EE6A53A293F3FD49290295AF1563752D5AB60EC2290623C200C16F29A693AB549FDEB1F5E15FA4E3F1B6D532A3EC65B6A9193CD434D0E9C044828C1378DC3CD7EFF3AB7A18A7F4B376A0415B3CD3C7C7C7DFCE0E56B9276588FB57717F51EA3036C494575DF51863567C3CA21F76A567BD0ED94D8AF3E231DF96B4339016E1FDAF3EC0287E0677D298DD2DEEB2C448517AFA76EB6C46E95FBE908D39A1E70F97FAA20C7E6A29C312A3AB819D7FC4C2754D54C033BF0B4F5B80F8CF5DCC1523079B87555D36C2EEEAC4A02701B18FE777EC175A5FE8AF67C56435ED6851009609F8D57FBC184A31D4ABCA13DC1B52D02EF21967A47336CAF38B7EDD1B93A22310DD4DF009ED4E0680EC8E3C6AAF4E5826DA818FA78C36576D7D6197271985C541FA7D142136ECAACE81A09E5688599E1E09CB818385D82EEE24BE9A348DCAC1F462CD58DB16DB2458C48D3AC2635C0909C0C8EBC5555DB369CCCAE6DC3F239CB90CF7AE7DD36138E47933914420543F902C9A84EF159511012C8E8331A0D5A05154080F45DCDC73F4C044ADE3C3D22D0E57BA83F782E6B48ED6E6F93349C0DCB078627361BFBB233BA4C8199DF87C0312B5F3A549804DCE9D4805D6D9F451A1819DBADB77B1845C9C1399E3E30A0CB4"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\program files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-16 11:20:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-16 09:20
.
Vor Suchlauf: 12 Verzeichnis(se), 23.170.428.928 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 25.035.165.696 Bytes frei
.
- - End Of File - - B870288E035AC54D039380C019BE6AE2
|
|
16.09.2012, 10:53
| #10 |
| /// the machine /// TB-Ausbilder | incredibar entfernen? Rechner einmal neustarten, dann ist der fehler weg . Bitte um Rückmeldung wenn es so ist
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.09.2012, 11:05
| #11 |
| | incredibar entfernen? puuuh Glück gehabt Es lässt sich wieder alles öffnen Ich hatte schon die Hosen voll Die Startseite der Firefox-Tabs ist aber leider immer noch incredibar :/ |
|
16.09.2012, 11:07
| #12 |
| /// the machine /// TB-Ausbilder | incredibar entfernen? Poste mal bitte ein frisches OTL logfile
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.09.2012, 11:31
| #13 |
| | incredibar entfernen? hier das frische OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.09.2012 12:10:15 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\*\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,41% Memory free 7,99 Gb Paging File | 6,10 Gb Available in Paging File | 76,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 95,92 Gb Total Space | 23,19 Gb Free Space | 24,18% Space Free | Partition Type: NTFS Drive D: | 202,07 Gb Total Space | 76,61 Gb Free Space | 37,91% Space Free | Partition Type: NTFS Computer Name: LAPPY | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.) PRC - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - D:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe () PRC - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe () PRC - d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () PRC - D:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.) PRC - D:\Program Files\Folding@Home\FahCore_a4.exe () PRC - D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () MOD - D:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISetting.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISms.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIPhoneBook.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIConnectRecord.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIMms.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIUssd.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIStk.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll () MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll () MOD - D:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (UI Assistant Service) -- d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (OODefragAgent) -- D:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Virtual Router) -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Chris Pietschmann (hxxp://pietschsoft.com)) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Folding@home-CPU-[1]) -- D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys () DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.de/ IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 78 07 DD CA 4E CC 01 [binary data] IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2012.09.12 11:29:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.11 17:58:31 | 000,000,000 | ---D | M] [2012.07.24 16:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2012.09.16 11:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions [2012.09.16 11:58:30 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.05.21 15:45:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\ich@maltegoetz.de [2012.08.01 07:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\sk0l8w1k.default\extensions [2012.08.01 07:12:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\sk0l8w1k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.16 11:58:30 | 000,270,876 | ---- | M] () (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8VO2KKSQ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI [2012.08.22 13:54:18 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- D:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX O1 HOSTS File: ([2012.09.16 10:59:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [OODefragTray] D:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [FILSHtray] d:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH) O4 - HKLM..\Run: [HD Tune Pro] D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PDF7 Registry Controller] D:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFProHook] D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ICQ] d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.) O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24764378-0C4A-436A-AC70-FD84A931BC07}: NameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F90062A-0C59-4146-8AE6-8C198C4CD8FD}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCD6DDD-3DB9-4E91-A51C-2421A157DEDF}: DhcpNameServer = 212.23.115.132 212.23.115.148 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (6)\*) O34 - HKLM BootExecute: (O\*) O34 - HKLM BootExecute: (OOD) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012.09.16 11:20:28 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.09.16 11:02:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.09.16 10:44:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.09.16 10:44:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.09.16 10:44:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.09.16 10:44:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.16 10:44:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.16 10:28:46 | 004,754,503 | R--- | C] (Swearware) -- C:\Users\*\Desktop\ComboFix.exe [2012.09.14 13:17:17 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2012.09.14 10:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.14 10:12:55 | 002,322,184 | ---- | C] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe [2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys [2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys [2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys [2012.09.14 09:38:40 | 000,011,776 | ---- | C] (MBB Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys [2012.09.14 09:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick [2012.09.13 15:52:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.13 15:51:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.13 15:49:09 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\*\Desktop\malware (3).exe [2012.09.13 15:04:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{BA1FD8C4-17B0-4503-9F27-634B0EFE0A52} [2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.12 11:26:29 | 017,653,976 | ---- | C] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe [2012.09.12 08:47:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E9EDE448-3830-436F-B1C6-E602769228A9} [2012.09.12 02:01:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 02:01:43 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 02:01:41 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 02:01:41 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router [2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Router [2012.08.28 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Chris_Pietschmann_(http__ [2012.08.28 21:08:41 | 000,000,000 | ---D | C] -- C:\UserData [2012.08.28 20:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB [2012.08.27 08:46:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Zeon [2012.08.26 16:05:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\FLEXnet [2012.08.22 13:54:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Nuance [2012.08.22 13:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.08.22 13:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2012.08.22 13:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Professional 7 [2012.08.22 13:54:22 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN [2012.08.22 13:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared [2012.08.22 13:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Zeon [2012.08.22 13:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012.08.16 06:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.08.16 06:53:30 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{463A350C-1AC3-4D0C-B327-87FCBAC00764} [2012.08.16 06:53:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5A722665-B236-4EC4-8411-393767937BAA} [2012.08.15 10:17:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 10:17:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 10:17:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 10:17:33 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 10:17:30 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 10:17:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 10:17:29 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.08.15 10:17:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 10:17:27 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 10:17:27 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 10:17:13 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.08.15 10:17:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 10:17:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 10:17:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 10:17:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 10:17:13 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 10:17:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 10:16:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.14 09:17:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{3FECEA40-17D1-4B9A-8152-C2612C40CF75} [2012.08.14 09:17:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{79D0E910-6A90-4CCD-9FCD-67D13AF3B8EB} [2012.08.12 07:38:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{DB5C4CB0-A938-415E-A4A3-7C5D065675D6} [2012.08.11 19:37:56 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1D0B88CF-2B7B-4B24-9C3C-DC67265A890D} [2012.08.11 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FB8DE1CE-92D2-4DD5-A855-5E66ABDD6CA9} [2012.08.04 10:10:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E87E9169-9EDE-4DC6-8CCC-CC2D8277F5BB} [2012.08.03 22:09:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F9353D21-C635-43D7-BA10-4ED51AE80AAF} [2012.08.03 10:08:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{AF06A3C4-F55C-4F7E-A40A-35057035A76B} [2012.08.02 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B6C7207D-8B92-4901-8456-E232835A4911} [2012.08.02 10:07:04 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{93E5EF85-06A7-4FF7-BA79-360671AF956A} [2012.08.01 07:13:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TuneUp Software [2012.08.01 07:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.08.01 07:12:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.08.01 07:12:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.08.01 07:11:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DVDVideoSoft [2012.07.31 21:16:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F68C03EF-C01D-4B56-932E-A6F7BDB6AC0F} [2012.07.31 21:16:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FBB03146-993C-4042-A546-0ABBC75F7D1D} [2012.07.31 21:07:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.07.29 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Macromedia [2012.07.29 17:29:36 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.29 17:28:20 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{8128FB8D-D4D9-4138-9FCF-456F939A63D9} [2012.07.29 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6EDB73E5-39A2-4EDE-B8BD-4B0110D6D715} [2012.07.29 15:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.07.29 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.07.29 15:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.07.28 12:59:27 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Spiele [18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2012.09.16 12:04:04 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.16 12:04:04 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.16 12:02:40 | 002,462,184 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.16 12:02:40 | 001,187,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.16 12:02:40 | 000,714,482 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.16 12:02:40 | 000,631,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.16 12:02:39 | 000,006,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.16 11:56:55 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.09.16 11:55:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.16 11:55:34 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys [2012.09.16 11:55:33 | 000,086,715 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.09.16 11:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.16 10:59:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.09.16 10:29:09 | 004,754,503 | R--- | M] (Swearware) -- C:\Users\*\Desktop\ComboFix.exe [2012.09.14 13:17:24 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2012.09.14 10:12:57 | 002,322,184 | ---- | M] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe [2012.09.14 09:38:35 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.09.13 15:51:17 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.13 15:50:44 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\*\Desktop\malware (3).exe [2012.09.13 14:59:31 | 000,512,399 | ---- | M] () -- C:\Users\*\Desktop\adwcleaner.exe [2012.09.13 11:24:14 | 009,081,315 | ---- | M] () -- C:\Users\*\Desktop\malware (1).mp3 [2012.09.12 11:26:56 | 017,653,976 | ---- | M] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe [2012.09.12 11:10:38 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.09.12 11:10:38 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.09.08 13:15:45 | 000,002,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.28 20:51:01 | 001,059,840 | ---- | M] () -- C:\Users\*\Desktop\virtualrouter.msi [2012.08.22 20:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.08.22 20:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.08.22 13:54:24 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk [2012.08.16 06:54:18 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.08.16 03:22:06 | 000,416,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.13 11:34:14 | 000,036,862 | ---- | M] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg [2012.08.02 19:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.08.01 07:12:42 | 000,000,009 | ---- | M] () -- C:\END [2012.07.29 15:33:46 | 000,001,572 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.07.28 13:12:20 | 003,910,192 | ---- | M] () -- C:\Users\*\Desktop\desmume 0.9.7.zip [18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.16 10:44:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.09.16 10:44:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.09.16 10:44:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.09.16 10:44:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.09.16 10:44:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.09.14 09:38:27 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.09.13 15:51:17 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.13 14:59:22 | 000,512,399 | ---- | C] () -- C:\Users\*\Desktop\adwcleaner.exe [2012.09.13 11:22:28 | 009,081,315 | ---- | C] () -- C:\Users\*\Desktop\malware (1).mp3 [2012.09.12 11:29:23 | 000,000,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.08 13:15:45 | 000,002,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2012.09.03 19:42:50 | 000,095,872 | ---- | C] () -- C:\Users\*\Desktop\schneller Kotzer.3gp [2012.08.28 21:08:41 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml [2012.08.28 20:50:48 | 001,059,840 | ---- | C] () -- C:\Users\*\Desktop\virtualrouter.msi [2012.08.26 11:16:13 | 000,096,625 | ---- | C] () -- C:\Users\*\Desktop\Harter Stoff.3gp [2012.08.26 11:16:13 | 000,045,596 | ---- | C] () -- C:\Users\*\Desktop\Fast gekotzt.3gp [2012.08.22 13:54:24 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk [2012.08.16 06:54:18 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.08.13 11:34:13 | 000,036,862 | ---- | C] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg [2012.08.01 07:12:41 | 000,000,009 | ---- | C] () -- C:\END [2012.07.29 17:29:45 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.29 15:33:46 | 000,001,572 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.07.28 13:12:20 | 003,910,192 | ---- | C] () -- C:\Users\*\Desktop\desmume 0.9.7.zip [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.05.01 11:59:36 | 000,040,960 | R--- | C] () -- C:\Windows\IGLobbyReg.exe [2012.04.22 11:44:54 | 001,604,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.09 00:00:58 | 000,001,745 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat [2011.09.09 00:00:49 | 000,001,241 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat [2011.09.09 00:00:40 | 000,003,024 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat [2011.09.09 00:00:23 | 000,003,297 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat [2011.09.09 00:00:08 | 000,003,149 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat [2011.09.08 23:59:51 | 000,003,009 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat [2011.09.08 23:59:35 | 000,003,018 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat [2011.09.08 23:59:17 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat [2011.09.08 23:56:01 | 000,011,412 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat [2011.09.08 23:55:09 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat [2011.09.08 23:55:04 | 000,513,200 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011.09.08 23:55:04 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011.07.31 19:38:07 | 000,000,977 | ---- | C] () -- C:\Windows\eReg.dat [2011.07.31 18:11:22 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.07.30 17:24:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.05.19 14:51:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ASCON Installer [2012.07.29 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BOM [2012.08.16 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite [2012.08.02 13:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft [2011.08.30 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\HD Tune Pro [2012.09.06 10:42:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ [2012.08.27 11:06:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nuance [2011.11.06 22:21:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\redsn0w [2012.05.13 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony [2011.08.28 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer [2011.09.17 10:27:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thinstall [2011.07.31 21:56:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TS3Client [2012.08.01 07:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software [2012.08.27 08:46:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeon [2009.07.14 07:08:49 | 000,022,050 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.09.2012 12:10:15 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\*\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,41% Memory free
7,99 Gb Paging File | 6,10 Gb Available in Paging File | 76,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,92 Gb Total Space | 23,19 Gb Free Space | 24,18% Space Free | Partition Type: NTFS
Drive D: | 202,07 Gb Total Space | 76,61 Gb Free Space | 37,91% Space Free | Partition Type: NTFS
Computer Name: LAPPY | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EDA83B0-27FA-432D-BC55-A5E3F6624E89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11C2953C-8A09-4752-ABC3-DFF2F67AC620}" = rport=137 | protocol=17 | dir=out | app=system |
"{142BD99D-EEA4-488D-B1EF-993DE5037FBA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1AB28611-F8C8-43B1-8BC5-AEEA4B48D81F}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E8F0BD9-8BFD-42CC-80F1-8B7A425A5A03}" = lport=139 | protocol=6 | dir=in | app=system |
"{21B7DB3B-1294-4962-94B5-DBB035B98F10}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E83DBF8-7AAA-43C2-A5E1-385953B3DE6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32B8D5C5-B0E6-40FF-9615-55BD4FBC4A95}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39F90102-78D5-4CA3-A9E8-D5637089880B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{592D1880-9092-46E6-9D55-FD8768BD5E2D}" = lport=137 | protocol=17 | dir=in | app=system |
"{63E37F15-8F55-4C7F-917B-83DD52396C0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{641B1646-02C8-4B4A-8404-C8F0E7A6E1C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77A4B856-3874-40F0-B0F9-77C4E608B4A3}" = lport=445 | protocol=6 | dir=in | app=system |
"{78F1B588-6447-468B-8C4F-2A1F367AE9BF}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\outlook.exe |
"{7CCE254C-C526-4D09-815A-28C219BD2190}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{839F8424-C177-458D-AE0C-7F8E48CC02E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85D535D4-552A-42C1-A80B-DF825F4526DD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9402DE2B-AF9A-410B-85AB-58798DD82F31}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD7C0946-47EC-4CB8-8837-DDD8C3D458EB}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AF0E0674-CB7D-4DB1-98D6-5B886DD506E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7A388F0-64B0-4321-B5EE-C4D903B25C82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB6AAB5D-39B0-4887-9EE6-27C6E018CE52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB9A8162-5BBB-4267-81A3-CF0F66887C1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C61E4086-4B74-4955-9AE1-497BAC9A3479}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DA565AB0-7B60-4562-8516-594349DE98D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF8F2213-AEDD-4676-B365-BAC7A8DCA73A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E11849E7-1823-4612-98CC-BAB229565FE6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E6629363-C61B-4193-9F5F-089A676FA7A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F28DB96F-3DFC-4588-91EF-688B98A48BB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F627736A-9C07-4E74-B7A4-B933102C72CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA2BE645-E9CB-404D-947C-216FDD55352D}" = lport=138 | protocol=17 | dir=in | app=system |
"{FFF1CF93-F39A-4493-8FE4-205057936DC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00335AD6-9D52-422F-BB4A-4EDACA2EBD94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{01C67AC3-DA4A-427A-AA33-63691E6B2A21}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0283E26D-0198-43BB-ADF7-3D2824DAB2AB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{04BE022C-00E8-4917-B65B-0FDE163AEEAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{06414655-B036-4C2C-89AF-ED94410E8128}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{093B7FDE-52ED-4F8E-A47D-64433859B5A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16A3165C-21B9-415C-8BB1-58A8FE9D7CC7}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{279F2BE1-C74D-4258-BB01-C2CC18D93E69}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{2AE1BFEE-E110-4F50-BCF3-4DDB6E90E3CE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{34FC590E-6696-46C0-A88C-69154452F74E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{36FC5ED4-EC32-4A9A-88AB-23C13B75249C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37CD80CF-639D-4A94-98A2-CC327BD7DA89}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3A7EC22D-4AF7-4FB1-BB80-6187FD3C61C7}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{51A1807D-81C2-49E1-8C2D-EFEB5A171A3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AD1A7F5-9E7D-4C66-86C3-60D0930C5C14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D67BD0C-7324-4CD0-8E79-89FE4855E038}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6178BA41-7D8D-4D7E-ADA6-090CAA6A1B70}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{672051A8-4011-48F2-8F4B-290FB7F10CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{682953B7-AE56-4E25-BF71-1E67E43C65B8}" = protocol=17 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{704F7AE3-9138-42E4-8C2C-E120C852B9A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73E0BB44-3A36-46E7-8CCC-56E98EC1370E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{766008AF-E49C-4DC8-964E-553EBA32C59C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{787D0C2A-2943-44B6-8194-55B21438E82B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79B494BD-05F4-4078-B23E-7F8BB7F3B930}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7BB14A4F-EDC1-42CC-8F9F-C3B9E9584960}" = protocol=6 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{7F875149-9A43-483E-B98F-2645755B1266}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"{896C4C03-8AD8-496E-8DF0-19E403DA1E99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AFB2DAA-E1E9-4E7A-B618-6E828817427F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BED79F2-992D-49B8-9D87-902E30C5A392}" = protocol=58 | dir=in | app=system |
"{8CCD9234-F593-41C2-B1B4-B2B7773D0212}" = protocol=6 | dir=out | app=system |
"{8E0B24AC-A7DD-4E7A-9217-58CA3AA2D1BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E214F9F-23CB-4E24-AE02-73C4AEE997C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{903A6FAE-1D4A-45A4-92C8-325F579E3FEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{90C263B9-6C45-4CDB-B033-7AC002DA29AE}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{9EA99183-507A-4152-AD62-F96F9DDF1DB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A01770D8-4147-45AB-9DFD-33857FF2D698}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A61CC20E-270F-441F-8486-8376F4E49754}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{A7CDCAD7-9205-4655-893E-F55B954E0716}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{AE9544A0-ACB0-4873-A798-EA1B319C96FB}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{B072EF32-2E13-4326-B0C8-FDF8C8382D3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B34D98D1-FC6B-4441-A622-D6506A4717AC}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{C586B53B-B964-4113-94A2-7C4DF96F9ED8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C7BC6012-DFE4-44C3-A488-B8D00331F4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{CC3A49F6-31DE-46DF-B05D-31F78321905B}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{CCF1C21F-4DAE-4D2B-BE12-1F2321876B13}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{CF6399B2-620C-45C1-9F36-E376C23F7EF6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D11951E6-C703-4FC7-B327-C0C1753B4E3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9F80F44-7349-4EA1-96C5-01D5E954F865}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{EA77DC6E-939A-4BB3-B362-62C3EAEEBB88}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{EE7AAC3A-6060-4B2F-9EDD-2DCCEF3EA97B}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{FAE5915E-A1F0-4FF7-9085-75484590B986}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDF3374F-6ED2-42B8-8903-4D16DDE3FBB2}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"TCP Query User{36910637-98BE-47F9-BC8A-4410B057F05C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{4240073D-316F-4C7F-9986-9BFA276588E9}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{5C08ED59-AC5B-41CB-AE82-5E7EC50DC078}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{BCCB8D2C-E2C9-4696-90ED-BC6AD76E0C7D}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{11E37A08-E842-4D80-A226-795D76C3A086}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{17FF11C0-2014-4D2F-87BA-C02C7577A481}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{3C6FCD97-55B6-4B6D-90EF-25611139CD6C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{427D142D-94DB-4C38-B378-D08F73C27ED5}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CE7326-01AA-44C5-A323-45E52C5D4D0D}" = O&O Defrag Professional
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1934BCF7-A63A-4C1F-809D-2B33C8F03B8F}" = O&O PartitionManager Professional
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21D0374C-C358-0748-CAF9-7CBE65EB6FFF}" = AMD Fuel
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.0.2827 x64
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F84EB50D-0FCA-4E59-B18A-44CFA6BD7687}" = Nuance PDF Converter Professional 7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0844CC2A-512E-4BA1-872B-02887E7A2672}" = FILSHtray
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC8C70-66B9-420D-942C-2C2A8441C744}" = Imperial Glory
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.11
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.110.12050
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C82C515A-CAE3-44B3-B5CC-81C5E4A92E8F}" = Nero Prerequisite Installer 1.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBPowerAMP Mp2 and BwfMp2 codec" = dBPowerAMP Mp2 and BwfMp2 codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBPowerAMP Real Audio (Helix) Encoder" = dBPowerAMP Real Audio (Helix) Encoder
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"ESET Online Scanner" = ESET Online Scanner v3
"FLAC To MP3_is1" = FLAC To MP3 V4.0.4
"HD Tune Pro_is1" = HD Tune Pro 4.61
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Update Engine" = Sony Ericsson Update Engine
"Videora iPod Converter" = Videora iPod Converter 6
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.09.2012 05:05:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 16.09.2012 05:05:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 16.09.2012 05:05:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 16.09.2012 05:37:44 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 16.09.2012 05:37:44 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 16.09.2012 05:37:44 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 16.09.2012 05:57:24 | Computer Name = Lappy | Source = WinMgmt | ID = 10
Description =
Error - 16.09.2012 06:02:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 16.09.2012 06:02:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 16.09.2012 06:02:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 16.09.2012 04:47:01 | Computer Name = Lappy | Source = Service Control Manager | ID = 7034
Description = Dienst "Folding@home-CPU-[1]" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 16.09.2012 04:49:50 | Computer Name = Lappy | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 16.09.2012 04:53:16 | Computer Name = Lappy | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 16.09.2012 04:59:19 | Computer Name = Lappy | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 16.09.2012 05:00:37 | Computer Name = Lappy | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 16.09.2012 05:01:00 | Computer Name = Lappy | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 16.09.2012 05:01:40 | Computer Name = Lappy | Source = Service Control Manager | ID = 7034
Description = Dienst "Folding@home-CPU-[1]" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 16.09.2012 05:02:41 | Computer Name = Lappy | Source = ipnathlp | ID = 31004
Description =
Error - 16.09.2012 05:55:41 | Computer Name = Lappy | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 16.09.2012 05:56:48 | Computer Name = Lappy | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
liebe Grüße |
|
16.09.2012, 12:03
| #14 |
| /// the machine /// TB-Ausbilder | incredibar entfernen? Hi, Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook: - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
:files
c:\users\*\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}
:Commands
[emptytemp]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! Geändert von schrauber (16.09.2012 um 12:15 Uhr) |
|
16.09.2012, 12:10
| #15 |
| | incredibar entfernen? gehört das "[list][*]" mit in das Feld "Benutzerdefinierte Scans/Fixes"? |
|
| Themen zu incredibar entfernen? |
| appdata, benutzer, betriebssystem, browser, dateien, desktop, dienste, document, entfernen, explorer, firefox, freundin, internet, internet browser, internet explorer, laptop, log-datei, modus, mozilla, opfer, ordner, plug-in, problem, registrierungsdatenbank, richtlinie, roaming, service, suche, thread, version., windows, windows 7 |
.
Linear-Darstellung
