| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit WebcamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.11.2012, 19:34
| #1 |
| |  GVU Trojaner mit Webcam Hallo zusammen, bei mir hat sich der GVU Trojaner eingenistet. Nach einer Chip.de Anleitung mit dem Kaspersky Unlocker besteht das Problem leider noch immer! Ich hab den OTL Scanner nach eurer Anleitung durchlaufen lassen, könnt ihr mir vielleicht weiterhelfen? Hier die OTL.txt Code:
ATTFilter OTL logfile created on: 27.11.2012 19:15:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\peterparker\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 65,83% Memory free 7,73 Gb Paging File | 6,55 Gb Available in Paging File | 84,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,97 Gb Total Space | 302,69 Gb Free Space | 66,82% Space Free | Partition Type: NTFS Computer Name: PETER-PC | User Name: peterparker | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\peterparker\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Services (SafeList) ========== SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {32361cec-8645-4eea-a02e-406794b05835} - C:\Program Files (x86)\softonic-Germany_\prxtbsoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {32361cec-8645-4eea-a02e-406794b05835} - C:\Program Files (x86)\softonic-Germany_\prxtbsoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=6ec8d0310000000000007af1a1d92579 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE444DE444 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=4507575425824172&p2=^A9T^YYYYYY^YY^DE&q={searchTerms} IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQErR9dEn&i=26 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{D5D7DA65-FD84-4437-A917-1F39C2656688}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledAddons: 500ea40e66ec9%40500ea40e66f02.info:1.0 FF - prefs.js..extensions.enabledAddons: crossriderapp2258%40crossrider.com:0.85.90 FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.13.1.89 FF - prefs.js..extensions.enabledAddons: %7B32361cec-8645-4eea-a02e-406794b05835%7D:3.15.1.0 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:10.13.1.89 FF - prefs.js..extensions.enabledAddons: %7B988da70d-b78d-44a1-a9c7-ed11832a9e2e%7D:1.3 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10 FF - prefs.js..extensions.enabledAddons: %7Bc2db4fe6-8409-45ce-8010-189a7b5cce86%7D:3.15.1.0 FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21 FF - prefs.js..extensions.enabledAddons: %7B33044118-6597-4D2F-ABEA-7974BB185379%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B336D0C35-8A85-403a-B9D2-65C292C39087%7D:2.0.0.485 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.12 18:30:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.12 18:30:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 19:58:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\peterparker\AppData\Roaming\16001.009 [2012.11.09 14:55:08 | 000,000,000 | ---D | M] [2012.08.26 16:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\Extensions [2012.11.22 19:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions [2012.10.07 14:50:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2012.08.21 15:26:27 | 000,000,000 | ---D | M] (SFT-Germany_ Community Toolbar) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{32361cec-8645-4eea-a02e-406794b05835} [2012.10.22 17:34:58 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.05.21 17:19:25 | 000,000,000 | ---D | M] (Search Results Toolbar) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b} [2012.10.07 14:49:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.21 15:26:28 | 000,000,000 | ---D | M] (NCH Community Toolbar) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} [2012.03.13 18:41:39 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.07.24 16:34:05 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\500ea40e66ec9@500ea40e66f02.info [2012.10.08 11:21:30 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\crossriderapp2258@crossrider.com [2012.03.13 18:07:29 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\ffxtlbr@babylon.com [2012.07.24 16:33:35 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\ffxtlbr@incredibar.com [2012.08.27 08:57:52 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\toolbar@ask.com [2012.11.22 19:58:49 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\toolbar@web.de [2012.10.08 11:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\crossriderapp2258@crossrider.com\chrome\content\extensionCode [2012.01.14 20:45:34 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\DivXWebPlayer@divx.com.xpi [2012.03.11 11:16:13 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2011.09.18 17:38:45 | 000,087,923 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2012.10.15 18:39:35 | 000,002,413 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\askcom.xml [2012.10.10 16:57:32 | 000,002,306 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\askcomsearch.xml [2012.10.22 17:35:10 | 000,001,028 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\dvdvideosofttb-customized-web-search.xml [2012.07.24 16:33:27 | 000,002,203 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\MyStart Search.xml [2011.09.18 17:42:35 | 000,001,565 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\web-search.xml [2012.02.16 18:09:18 | 000,002,057 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\youtube-videosuche.xml [2012.11.22 19:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.11.22 19:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2012.11.22 19:58:33 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de [2012.09.12 18:30:14 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.11.09 14:55:08 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\PETERPARKER\APPDATA\ROAMING\16001.009 [2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.21 17:19:30 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml [2012.03.13 16:49:21 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=36e086de-91de-47c4-8f4d-7b8c8db37abc&apn_ptnrs=%5EABT&apn_sauid=5477F0AF-2883-4681-83D5-F0B2F630C358&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Avira Toolbar = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\ CHR - Extension: Web Assistant = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\ CHR - Extension: DealPly = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: DownloadnSave = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcccpgeibhlebnekpbfcfagendjaeamn\1.0_0\ CHR - Extension: I Want This = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.20.90_0\crossrider CHR - Extension: I Want This = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.20.90_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (DownloadnSave Class) - {008BC998-00C2-85AB-98FB-A5C5BC4B450D} - C:\ProgramData\DownloadnSave\bhoclass.dll () O2 - BHO: (no name) - {11111111-1111-1111-1111-110011221158} - No CLSID value found. O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (softonic-Germany_ Toolbar) - {32361cec-8645-4eea-a02e-406794b05835} - C:\Program Files (x86)\softonic-Germany_\prxtbsoft.dll (Conduit Ltd.) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-Germany_ Toolbar) - {32361cec-8645-4eea-a02e-406794b05835} - C:\Program Files (x86)\softonic-Germany_\prxtbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com) O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3:64bit: - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (softonic-Germany_ Toolbar) - {32361CEC-8645-4EEA-A02E-406794B05835} - C:\Program Files (x86)\softonic-Germany_\prxtbsoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000..\Run: [Userinit] C:\Users\peterparker\AppData\Roaming\appConf32.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O4 - Startup: C:\Users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\peterparker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE61BBFF-0C83-4242-BD71-7BB94BCED92E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.27 18:45:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\peterparker\Desktop\OTL.exe [2012.11.27 18:43:19 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\Malwarebytes [2012.11.27 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.27 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.27 18:43:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.27 18:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.26 22:54:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.20 19:19:55 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Application Data [2012.11.20 19:19:52 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\Zarb [2012.11.16 01:04:23 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.16 01:04:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.16 00:55:51 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.16 00:55:50 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.16 00:55:50 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.16 00:55:50 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.15 19:59:17 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.15 19:59:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.15 19:59:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.15 19:59:11 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.15 19:59:11 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.15 19:59:11 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.15 19:59:11 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.15 19:59:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.15 19:59:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.15 19:58:53 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.15 19:58:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.09 14:55:08 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\16001.009 [2012.11.08 20:27:47 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\16001.008 [2012.11.08 20:26:24 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\xmldm [2012.11.08 20:26:23 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\kock [2012.11.05 19:26:32 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Desktop\Fotos Klasse [2012.11.02 12:38:42 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Desktop\Global Booty Shake Songs Nov Dez 2012 [8 C:\Users\peterparker\Documents\*.tmp files -> C:\Users\peterparker\Documents\*.tmp -> ] [2 C:\Users\peterparker\AppData\Roaming\*.tmp files -> C:\Users\peterparker\AppData\Roaming\*.tmp -> ] [10 C:\Users\peterparker\Desktop\*.tmp files -> C:\Users\peterparker\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.27 18:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\peterparker\Desktop\OTL.exe [2012.11.27 18:43:09 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.27 18:39:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.27 18:39:33 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2012.11.27 18:36:10 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.27 18:35:03 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.27 18:10:47 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 18:10:47 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 17:24:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.27 17:24:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.26 22:54:10 | 000,000,800 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.26 22:54:08 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.26 22:54:07 | 000,139,792 | ---- | M] () -- C:\Users\peterparker\wgsdgsdgdsgsd.exe [2012.11.26 19:21:14 | 000,421,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.25 19:36:09 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.25 19:36:09 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.25 19:36:09 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.25 19:36:09 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.25 19:36:09 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.22 19:58:40 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.11 14:21:16 | 000,000,051 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\blckdom.res [8 C:\Users\peterparker\Documents\*.tmp files -> C:\Users\peterparker\Documents\*.tmp -> ] [2 C:\Users\peterparker\AppData\Roaming\*.tmp files -> C:\Users\peterparker\AppData\Roaming\*.tmp -> ] [10 C:\Users\peterparker\Desktop\*.tmp files -> C:\Users\peterparker\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.27 18:43:09 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.26 22:54:10 | 000,000,800 | ---- | C] () -- C:\Users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.26 22:54:08 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.26 22:54:07 | 000,139,792 | ---- | C] () -- C:\Users\peterparker\wgsdgsdgdsgsd.exe [2012.11.26 21:36:59 | 008,626,176 | ---- | C] () -- C:\Users\peterparker\Desktop\Israel Kamakawiwoole - Somewhere over the rainbow - What a wonderful world.mp3 [2012.11.16 01:04:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 00:55:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.08 20:27:39 | 000,000,051 | ---- | C] () -- C:\Users\peterparker\AppData\Roaming\blckdom.res [2012.10.09 18:20:16 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2012.10.09 18:20:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012.05.21 17:23:45 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.10.01 17:26:25 | 000,003,584 | ---- | C] () -- C:\Users\peterparker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.09 14:19:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.09 10:36:16 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.08 20:27:47 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\16001.008 [2012.11.09 14:55:08 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\16001.009 [2012.05.21 17:19:29 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\Ask.com [2012.03.13 16:49:17 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\Babylon [2011.08.12 21:25:37 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\Canneverbe Limited [2012.10.09 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\DAEMON Tools Lite [2012.11.27 18:35:24 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\Dropbox [2012.10.07 14:50:09 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\DVDVideoSoft [2012.10.07 14:49:42 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.20 11:13:46 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\elsterformular [2012.11.08 20:26:23 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\kock [2011.10.01 17:26:07 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\MusicNet [2012.08.26 16:34:40 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\NCH Swift Sound [2012.10.07 14:49:25 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\OpenCandy [2012.07.24 16:33:43 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\SendSpace [2012.03.24 09:49:33 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\SNS [2012.11.26 22:55:11 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\SoftGrid Client [2011.08.09 10:37:16 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\TP [2012.10.07 14:51:38 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\TuneUp Software [2012.11.13 21:01:43 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\xmldm [2012.11.20 19:19:52 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\Zarb ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.11.2012 19:15:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\peterparker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 65,83% Memory free
7,73 Gb Paging File | 6,55 Gb Available in Paging File | 84,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,97 Gb Total Space | 302,69 Gb Free Space | 66,82% Space Free | Partition Type: NTFS
Computer Name: PETER-PC | User Name: peterparker | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031B5623-9192-4C09-B58A-F52C2AB033D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{102F24E7-5E96-4721-83D2-2860497FA0F1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C6971DB-442E-48A1-BE47-43D01B1009F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{3A4459F9-D645-45F3-9CC3-3E80C96742DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{421E7B0F-D75F-4897-99E9-5E817DE126B3}" = rport=445 | protocol=6 | dir=out | app=system |
"{5C4490F8-C027-4255-959E-D738B18ADFED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5DC53364-9F48-4283-A397-E8C840AE06F1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F74A36C-AAAE-4B95-BBB9-67DFCCA5EC94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F9F936E-E5C7-4513-9CCF-FF49086C45FB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{773DABBA-97BE-48A6-AF18-00F6A19E90AE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E3868F6-73BD-4D4A-9B89-615BE47555CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C119B1D-C490-471E-AF81-51EA3610F317}" = rport=139 | protocol=6 | dir=out | app=system |
"{8E37D3E8-9F3E-41A9-8FBD-0C2E4B667378}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94FD6ACC-4118-4A20-9F23-605D3EBA1FE9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{961A3035-9BF8-413A-85E4-276AB962C8DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{A499CF87-9125-4338-8C8B-4116DE444BFF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AB962CE6-2FBB-40D4-A969-ADB97E0B7617}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BA12FAB2-DB0A-4B1B-AA9F-BC065A44285C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2BA394A-F116-4063-B316-EEE21DC36712}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9122019-1753-4C37-AA2D-9391FC49C41C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DC7BFD0A-9E81-40B4-B1F0-9C90BB0AB8FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{E8492CF2-8C60-4721-BF2E-84A69262580C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB8B190F-7CB7-495B-A928-1C0ACA1E94C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFD26496-4124-4A9D-AE2A-7E8B3209428C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F63854E7-F6AC-4595-A119-96048E161474}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD4F26C6-4D56-4A5E-B8DF-852C2486C526}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017FCB76-615B-456F-A272-4A6FD8639163}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{064A405D-E2CB-4B83-A3C8-866808D1586B}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{07BC477C-460A-4B39-9724-AEEB43DD9188}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{08BBEA62-3E31-4E05-8DA2-CBD87A01DF92}" = protocol=6 | dir=in | app=c:\program files (x86)\searchresults1\dtuser.exe |
"{12EE5BBD-A234-4420-8BC1-54D8917F1F9D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{153AFCE3-9750-4CA0-BC97-116E7B5FC84C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{153FC112-6C8B-4C5D-A933-EC3159551093}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1AA08DF9-78CB-46A3-BBFD-E90A9F44E292}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2AF7BDA0-6CC2-4403-9571-32A666EFD55B}" = protocol=17 | dir=in | app=d:\fsetup.exe |
"{2B93A7E0-F768-4E66-BD6C-EFD53A79F04D}" = protocol=6 | dir=in | app=d:\fsetup.exe |
"{2E55EE1A-9FE4-4543-A6C5-8A40F88C90C1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{33A0D823-6A02-4DBF-ADC4-2C9E1CB47823}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{363BA88A-0292-49F9-8A6B-8A193E4AD227}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{381B0351-E5F4-4410-9255-6946EC995B7D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{39C1F5FC-2D44-4A09-A616-CE051F9BB7DC}" = protocol=6 | dir=in | app=c:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe |
"{3B6FD5D0-3FB9-40E3-AE9A-549B7D307330}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3D50D7AD-2218-4CB1-B065-FA1DD6D86041}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{3F1B69F3-A483-4347-A65D-218894DD1988}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{524A66FE-672F-484A-A809-996731D544A1}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{556E5ED3-B7DF-4225-A77C-2A7B8F93CFDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63398252-A1C6-4885-9F5D-4079AC7C0A29}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B6775BB-5FEC-41F4-AA92-F4810068BD3A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{708066BD-053B-40A3-8695-5B57467846D3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7373FC48-6C8F-436B-AC70-FF81B5FF525F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78E8CEF9-0F3E-4BCF-92A0-7AD51EBBEA0B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E8EE51D-D5FF-4675-85E9-6527C7160C30}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7F0F7C20-80C7-457B-A289-99355755826C}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{90A0C043-F6F0-4FBC-ABF2-64D9CE950CBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92D35A92-B4D0-4570-9E1E-210D37F196B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E994C95-17DB-4590-9B75-590128C11955}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A1D03904-FFCA-45A6-9E04-FD4DBB44FD32}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A2765A49-054F-45A2-BD86-70B5EC069A43}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A49A6D15-252D-4834-9958-32115C9E94B0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A891B1A1-8713-4C14-94F7-D7BBFB7BE939}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{AD026673-C2FD-422E-A9DD-87AC1A32AE94}" = protocol=6 | dir=in | app=d:\fsetup.exe |
"{AD25143C-4411-424C-B596-EB8554BA3AB9}" = protocol=17 | dir=in | app=c:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe |
"{B549A451-AA8E-477B-816C-2289A50EE869}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B700A413-E020-45A4-9578-CD814DC9A157}" = protocol=6 | dir=out | app=system |
"{BD1861DC-F867-4B1D-90EC-CDC74DE85B72}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C575CDD5-0E28-477A-9E98-EBE700223BC4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C7CCEAF5-E74D-4E72-9257-D2E102CA3AF7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D2000CDD-3A1C-4A94-97F5-40E1C9AAC285}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2D6AAF9-3FFB-49EA-BEDC-283FFC54C189}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6D56DE7-192F-42F8-AF6F-A1981BD07E49}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E3EAA9FA-9A51-4298-8776-B4584A714C80}" = protocol=17 | dir=in | app=c:\program files (x86)\searchresults1\dtuser.exe |
"{E630AFE9-9A55-4700-94EF-1253AE42A643}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{F32F1180-D9EB-40F5-AF81-A774EE38E10F}" = protocol=17 | dir=in | app=d:\fsetup.exe |
"{F38FD9CD-F6CD-414C-8CBD-1B9EFBA1415F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8D7243D-16DC-4D7E-95F4-1E4B408192BF}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{F9519774-1538-4B55-B0A3-4E0B0BF3FD4C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F9E5000C-A27D-4EE7-8272-8FA5DAC9DDD1}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{FD4D65A3-61CA-477B-A35A-10BCC77DF794}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{DCBE6D44-9CAB-490E-962F-665A40C92ED7}C:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{BBDA8669-E9EE-4EF1-8745-AE5B8B2A9D07}C:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}" = ATI Catalyst Install Manager
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{B0B97CF2-5032-A645-7FFC-BD1E39FC4E3F}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WNLT" = Web Optimizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A414EA-0E5F-CD08-61EF-E155F31DFF76}" = Catalyst Control Center Graphics Previews Vista
"{08938019-97FA-1C7A-19E0-0C8D56ED7CB2}" = CCC Help Hungarian
"{0A4D717B-E6E8-11FA-E7D2-385EBB1A4A85}" = CCC Help Japanese
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{13BA5548-1065-4DBE-B115-681AFB77263B}" = CCC Help Swedish
"{16890D7F-1C77-733B-D8E4-F5D4315A5F93}" = Catalyst Control Center Localization All
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CBDB473-E303-EFAE-88D1-6F741ACD5B31}" = CCC Help Czech
"{1D8912B0-343C-EB1F-28EE-B672D444C192}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C59BF0E-66A5-681E-60FE-8D18CE6319A1}" = CCC Help German
"{2C9D4FCA-3E7F-9368-6955-EA6D65F7DC78}" = CCC Help English
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3788B9B7-C15F-4C64-D52B-3DD1BA494B7A}" = CCC Help Korean
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D200EB9-44FC-432F-1E35-C20AB5FDCD77}" = CCC Help Thai
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44D52071-5077-2839-1AE6-863563AEA269}" = CCC Help Russian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"{63C16E81-327C-49B6-9643-4F5EFD8A6B2D}" = winLAME 2010 beta 1
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83299633-1261-47A3-84F3-6F02B4B8CDB1}" = Video Web Camera
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87976D85-DBF6-F263-39B6-500ACB658CE0}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB29A1-C71D-DD1D-66B1-352AAAB13FC6}" = CCC Help Danish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F4D1D9E-5542-B572-81A7-9DCB0AEED1BE}" = CCC Help French
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3EF3FAD-6ABA-1551-AD3B-D09361C5EEC9}" = CCC Help Polish
"{A73FBC00-44F8-0ECF-76FB-14CF62120B55}" = ccc-core-static
"{A8B0DBDE-8119-48B0-8088-D12DA01C36BA}" = DownloadnSave
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AACEAAE9-9CC3-5715-4539-EB13CA3C67BA}" = CCC Help Spanish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{B2463AD3-1334-A30E-A523-D38E8E7B09A2}" = CCC Help Dutch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BA2AD7F2-55AE-87B5-00DD-9B0C6F087FD0}" = Catalyst Control Center Graphics Light
"{BC940CD7-FC71-83C5-2001-CF6FD07BA3D1}" = CCC Help Chinese Traditional
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF847A60-119D-6888-B2DA-EC62F1B66BBB}" = CCC Help Chinese Standard
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C97396A9-44BC-C856-0B92-93A6A417D6A8}" = Catalyst Control Center Graphics Full New
"{CA10114E-3941-E8ED-70A3-17CAA2226AFC}" = CCC Help Turkish
"{CAB89605-7C12-8082-32DF-B419C696BD12}" = Catalyst Control Center Core Implementation
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{d4a2749b-0ad6-40dd-be89-415eda819c9b}" = Nero 9 Essentials
"{D98C2191-0AE0-4087-9153-018A4810DF45}" = CCC Help Norwegian
"{DF7D3C5E-87FC-6AE6-D986-35E0F05FEFD9}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EBA8538C-F0B1-A089-D555-44DBF3A47C9F}" = CCC Help Finnish
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22E305E-BD02-5CC1-92D0-BD7170CDFE45}" = CCC Help Portuguese
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD4B3108-0915-31E1-5A7C-AC5B3C33846C}" = CCC Help Greek
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"conduitEngine" = Conduit Engine
"DealPly" = DealPly
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"ElsterFormular" = ElsterFormular
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"iMesh" = iMesh
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Prism" = Prism Video File Converter
"searchresults1" = Search Results Toolbar
"softonic-Germany_ Toolbar" = softonic-Germany_ Toolbar
"Switch" = Switch Sound File Converter
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 1.1.11
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WT078791" = Bejeweled 2 Deluxe
"WT078806" = Insaniquarium Deluxe
"WT078833" = Zuma Deluxe
"WT078960" = Blasterball 3
"WT078964" = Bob the Builder Can-Do-Zoo
"WT079020" = Faerie Solitaire
"WT079024" = FATE - The Traitor Soul
"WT079064" = Jewel Quest
"WT079068" = Jewel Quest Solitaire 3
"WT079108" = Penguins!
"WT079116" = Polar Bowler
"WT079120" = Polar Golfer
"WT079124" = Polar Pool
"WT079177" = Virtual Villagers - A New Home
"WT079184" = Yahtzee
"WT079363" = Build-a-lot 2
"WT079366" = Chicken Invaders 3 - Revenge of the Yolk
"WT079395" = Escape Rosecliff Island
"WT079397" = Mahjongg Artifacts
"WT079421" = Virtual Families
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"FoxTab Media Player" = FoxTab Media Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.10.2012 21:05:15 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3105
Error - 02.10.2012 21:05:15 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3105
Error - 02.10.2012 21:05:16 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.10.2012 21:05:16 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4119
Error - 02.10.2012 21:05:16 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4119
Error - 02.10.2012 21:05:17 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.10.2012 21:05:17 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5211
Error - 02.10.2012 21:05:17 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5211
Error - 02.10.2012 21:05:18 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.10.2012 21:05:18 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6225
Error - 02.10.2012 21:05:18 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6225
[ Media Center Events ]
Error - 08.08.2011 14:03:35 | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 20:03:35 - Fehler beim Herstellen der Internetverbindung. 20:03:35
- Serververbindung konnte nicht hergestellt werden..
Error - 09.08.2011 03:19:34 | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 09:19:33 - Fehler beim Herstellen der Internetverbindung. 09:19:33
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 27.11.2012 14:15:59 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:17:15 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:17:15 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:17:15 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:18:05 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:18:05 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:18:05 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:21:55 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:21:55 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:21:55 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Grüße, Peter! |
| Themen zu GVU Trojaner mit Webcam |
| avira, avira searchfree toolbar, bho, bonjour, chip.de, converter, dealply, driver genius, error, excel, fehler, firefox, flash player, home, incredibar toolbar, install.exe, intranet, kaspersky, launch, logfile, microsoft office starter 2010, mozilla, mp3, object, optimizer pro, packard bell, plug-in, problem, realtek, registry, scan, search results toolbar, security, senden, software, svchost.exe, trojaner, windows |
Baum-Darstellung