| |
| |||||||
Log-Analyse und Auswertung: Googleproblem --> Tracking999Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.11.2012, 21:17
| #1 |
 |  Googleproblem --> Tracking999 Hallo ich habe seit Gestern 28.11.2012 folgendes Problem Wenn ich in Goolge was suche und auf dem Suchergebniss auf einen Link klicke, werde ich immer auf eine weiße Seite weitergeleitet wo etwas mit tracking999.com in der Adressleiste steht. In Google wird man bei diesem Fehler nur auf verschiedene Anti Spy Ware Programme weitergeleitet und in diesem Forum habe ich erst einen Post gefunden. Habe alle tools die von euch vorgeschlagen wurde ausprobiert und die .txt files gespeichert. Ich weis jetzt nur nicht wie ich die ganzen .txt files hochladen soll?? Könntet ihr mir bitte weiter helfen? Danke im vorraus. |
|
30.11.2012, 15:14
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Googleproblem --> Tracking999 Hallo und
__________________ Zitat:
Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
30.11.2012, 16:57
| #3 |
| | Googleproblem --> Tracking999 Hab vorhin Spybod und Ativir über meine Festplatte laufen lassen ohne Befund.
__________________alles klar danke dann post ich hier mal die einzellen CODES adwcleaner: Code:
ATTFilter # AdwCleaner v2.009 - Datei am 29/11/2012 um 20:08:09 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Peter Hagedorn - PETERHAGEDORN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Peter Hagedorn\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\AutocompletePro
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Peter Hagedorn\AppData\Local\Ilivid Player
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\TENCENT
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\prefs.js
C:\Users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "2255279500000000000000030da4e330");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15668");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.819:11:25");
*************************
AdwCleaner[R1].txt - [3064 octets] - [29/11/2012 20:07:22]
AdwCleaner[S1].txt - [3105 octets] - [29/11/2012 20:08:09]
########## EOF - C:\AdwCleaner[S1].txt - [3165 octets] ##########
OTL: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 29.11.2012 20:41:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter Hagedorn\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,79% Memory free 7,93 Gb Paging File | 6,35 Gb Available in Paging File | 80,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86) Drive C: | 97,66 Gb Total Space | 40,19 Gb Free Space | 41,16% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 14,54 Gb Free Space | 14,89% Space Free | Partition Type: NTFS Drive E: | 172,69 Gb Total Space | 78,12 Gb Free Space | 45,24% Space Free | Partition Type: NTFS Drive G: | 97,66 Gb Total Space | 35,87 Gb Free Space | 36,73% Space Free | Partition Type: NTFS Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.29 20:10:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter Hagedorn\Desktop\OTL.exe PRC - [2012.08.08 16:04:24 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 19:58:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 19:58:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- E:\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- E:\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- e:\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.08 20:36:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.07 16:11:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 19:58:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 19:58:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.09.22 16:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- e:\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.02 11:47:18 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012.05.21 03:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.05.21 03:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.05.08 19:58:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 19:58:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 11:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.01.18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 05:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012.01.11 07:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.22 20:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.07.14 12:42:56 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 40 63 3F 6D CA CD 01 [binary data] IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12 FF - prefs.js..extensions.enabledAddons: AX1FMU@w19hh.com:11 FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: E:\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: E:\Mozilla Firefox\plugins [2011.11.16 15:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Extensions [2012.11.27 22:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions [2012.11.21 15:54:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.11.27 22:04:58 | 000,003,233 | ---- | M] () (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\firefox\profiles\n3qsqsb5.default\extensions\AX1FMU@w19hh.com.xpi [2011.11.19 12:58:32 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\firefox\profiles\n3qsqsb5.default\extensions\youtube2mp3@mondayx.de.xpi O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [avgnt] C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [Intel(R)GraphicsControls] C:\Users\Peter Hagedorn\AppData\Roaming\Intel\Intel(R)GraphicsControls.exe File not found O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [msconflg] C:\Users\Peter Hagedorn\AppData\Roaming\msconflg.exe File not found O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [SpybotSD TeaTimer] e:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBD288FE-D362-44E5-BDE3-B673B8EB2E7E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.29 20:10:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Peter Hagedorn\Desktop\OTL.exe [2012.11.29 18:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.25 16:53:21 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\Desktop\Neuer Ordner [2012.11.24 19:12:54 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Windows Sidebar [2012.11.24 19:12:40 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\TuneUp Software [2012.11.24 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.11.24 19:12:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.11.24 19:12:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.11.24 19:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2012.11.13 18:31:02 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\PDAppFlex [2012.11.13 18:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.11.12 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.11.12 21:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86) [2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Google [2012.11.05 17:54:30 | 000,000,000 | ---D | C] -- C:\yParser16_1 [2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2012.05.09 20:55:05 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.11.29 20:37:25 | 001,800,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.29 20:37:25 | 000,763,270 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.29 20:37:25 | 000,718,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.29 20:37:25 | 000,173,624 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.29 20:37:25 | 000,146,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.29 20:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.29 20:16:54 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.29 20:16:54 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.29 20:10:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter Hagedorn\Desktop\OTL.exe [2012.11.29 20:09:16 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.29 20:09:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.29 20:09:04 | 3193,618,432 | -HS- | M] () -- C:\hiberfil.sys [2012.11.29 19:59:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.29 19:54:04 | 000,480,125 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\adwcleaner.exe [2012.11.29 18:14:20 | 000,000,770 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk [2012.11.24 19:11:13 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2012.11.24 19:00:29 | 000,000,020 | ---- | M] () -- C:\ProgramData\droidcam-settings [2012.11.15 19:29:30 | 000,262,122 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg [2012.11.15 14:28:44 | 004,916,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.04 18:00:21 | 000,000,541 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk [2012.11.01 18:08:23 | 001,778,032 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2012.11.29 19:54:03 | 000,480,125 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\adwcleaner.exe [2012.11.29 18:14:20 | 000,000,770 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk [2012.11.24 18:58:17 | 000,000,020 | ---- | C] () -- C:\ProgramData\droidcam-settings [2012.11.24 18:57:45 | 000,000,562 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam.lnk [2012.11.15 19:29:30 | 000,262,122 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg [2012.11.05 17:54:35 | 002,076,672 | ---- | C] () -- C:\Windows\libmysql.dll [2012.11.04 18:00:21 | 000,000,541 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk [2012.10.10 14:38:18 | 000,154,283 | -H-- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\Peter Hagedorn-wchelper.dll [2012.09.26 16:27:42 | 000,001,536 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe [2012.08.15 20:22:23 | 000,003,584 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.04 16:06:07 | 000,135,935 | ---- | C] () -- C:\Users\Peter Hagedorn\475740_389447054439980_1180347956_o.jpg [2012.08.04 16:06:07 | 000,060,954 | ---- | C] () -- C:\Users\Peter Hagedorn\228083_174335632621194_5063792_n.jpg [2012.08.04 16:06:07 | 000,037,292 | ---- | C] () -- C:\Users\Peter Hagedorn\311782_212727452115345_5678760_n.jpg [2012.08.04 16:06:07 | 000,032,854 | ---- | C] () -- C:\Users\Peter Hagedorn\555235_397545003630185_814928582_n.jpg [2012.08.03 22:02:41 | 000,048,236 | ---- | C] () -- C:\Users\Peter Hagedorn\556715_397633903621295_831462772_n.jpg [2012.08.03 22:02:41 | 000,041,440 | ---- | C] () -- C:\Users\Peter Hagedorn\524484_420877571291805_1147114674_n.jpg [2012.08.03 22:02:41 | 000,030,823 | ---- | C] () -- C:\Users\Peter Hagedorn\308400_246757268708960_2084032314_n.jpg [2012.08.03 22:02:41 | 000,024,195 | ---- | C] () -- C:\Users\Peter Hagedorn\373785_424387980945887_289037230_n.jpg [2012.07.01 21:58:51 | 001,778,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.09 20:55:05 | 000,099,384 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\inst.exe [2012.05.09 20:55:05 | 000,007,859 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.cat [2012.05.09 20:55:05 | 000,001,167 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.inf [2012.05.09 20:44:25 | 000,001,057 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\vso_ts_preview.xml [2012.01.29 18:23:08 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL-EXTRA: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.11.2012 20:41:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter Hagedorn\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,79% Memory free
7,93 Gb Paging File | 6,35 Gb Available in Paging File | 80,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86)
Drive C: | 97,66 Gb Total Space | 40,19 Gb Free Space | 41,16% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 14,54 Gb Free Space | 14,89% Space Free | Partition Type: NTFS
Drive E: | 172,69 Gb Total Space | 78,12 Gb Free Space | 45,24% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 35,87 Gb Free Space | 36,73% Space Free | Partition Type: NTFS
Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AD4037-6633-4E61-8AB5-D0280BBAFA67}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2C0D109E-0709-4C57-9AE2-7C7093F19ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3096A1C2-D0E4-46B8-8A1B-1E8ED1B55C1A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3410E138-6BCB-4F40-B546-A9EFF3E6120C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{40360C25-0035-44F7-BA02-BB904571EB70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46E45664-B26C-4DA1-BCA3-0B1C77EC802A}" = lport=137 | protocol=17 | dir=in | app=system |
"{551CAB9D-2EA4-4CC9-823B-9D52FFB67215}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5A35CEA5-9C12-4755-996B-E642E22384B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C186FB8-DB19-43A4-A2E9-1B4DC4159E19}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E2A20E8-2D9A-4DEA-BD68-91DE2043FC10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF620EC-14B9-44BD-8205-C85E2EF5CF5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9AD45986-2CE5-4D75-AAEC-4E7177C758FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{B74622B0-2E9F-4043-8EDB-61B22E46DC82}" = rport=445 | protocol=6 | dir=out | app=system |
"{B83C169E-9B66-4ECD-AC53-DAAE36F18619}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2542559-9FA8-4E67-B1EF-6D72D37BD97C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC7C2826-C261-4C6A-8330-7CA87EA4AC1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D012EE79-9DDA-4000-AF1A-10C4D971CCEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E22891A7-0416-47C4-98A5-C49618E93A2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E313490C-1098-4B94-BA58-68253E11824C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2EFE722-282E-45E3-BF89-4345BC819229}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F46C0CD0-26B6-4C97-BC53-E0FD85D80D45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F69278B0-1298-49E0-9715-B4FE66BF06A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{F98281DB-66F1-4378-9F6F-4D8C0EDC225B}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAB003B5-3813-40D1-ACE3-D37860FB3CE1}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B5601-35C4-4C55-A0A6-03343FE362FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04E465CD-337E-4ECC-AFAD-0B6970056013}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18EB8771-BC06-40E4-9E96-2F140C002B1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21166C00-FB3D-4B21-BD13-3E7C6099F59C}" = protocol=6 | dir=in | app=e:\droidcam\droidcamapp.exe |
"{2CA5A946-FBDD-4C49-A797-20D9E45F7003}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{31968711-CEC4-4F64-A511-46BB114E7B38}" = protocol=6 | dir=out | app=system |
"{370E6152-1ED8-424F-AFB0-C13E2A30418E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B816396-68C1-413F-A8EE-3BA0BEAA45BC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{401321D0-10BA-4DA0-988C-CDCAA20DDDD9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4E99166B-8474-43C7-BC87-BFC6E85D72EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{509EBDB6-92B3-473D-B137-B8FB76E9F272}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53F5A6C5-02DF-4F20-939E-D383E1CEF7EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6848284E-A832-45EC-B37B-6C8E2ADD9F6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A9CFA0D-9A44-4B3E-A799-7A4570F8DE48}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A960264-90A8-419F-9CBC-03461D9D83AC}" = protocol=17 | dir=in | app=e:\qqintl\bin\qq.exe |
"{7C9F30A9-0A20-411D-924C-8B9AC6BE4752}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DF5519F-44B4-489F-AE8E-548106BEA2E8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{89544430-00D8-465D-9AB5-6200C2CBE1F9}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9318EE68-5279-460D-98EE-3BB86FA42C6C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{969DD71E-D2D1-481C-A3E8-08D43E5A82DD}" = protocol=6 | dir=in | app=e:\qqintl\bin\qq.exe |
"{980067A2-8F45-4E44-9734-F521FD6B054B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{997071DE-A982-4D69-B748-E0E9CE05645F}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{9EC7D912-007D-4C59-9DCB-CC4210C1B126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0D20957-E9E4-4D86-BE47-40D1DE8BD7C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8117704-7B9E-4C80-B660-CF4F845B0BBA}" = dir=in | app=e:\mpk\mpkview.exe |
"{AD88D1C6-B339-46DD-95BB-E8300A832652}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AFFD8E8B-53BA-492C-B24D-45EC07DFAB49}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B23353BC-272B-4BA3-A4AB-B0CD54C9B629}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C2810B02-168B-45A7-AD63-8DC9261347A4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C3342031-BCFB-4F22-9074-CD318DE5B986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D315465C-3FC1-48D0-BC64-8E4DE79223FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAD8E0DC-2C32-4B9F-B306-0A40B05D5C20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8392474-4166-4396-81CD-0526ED8EAAF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5AF0C33-8BBE-4D5D-935D-8487A779E55C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F6349756-FF65-4BA5-AF16-65BD12AF4B4D}" = dir=in | app=e:\mpk\mpk.exe |
"{FB4CD95B-CDAE-4A02-A453-EA5323D43FA0}" = protocol=17 | dir=in | app=e:\droidcam\droidcamapp.exe |
"TCP Query User{0952F30B-0032-4DE4-8DB4-B4B3087A3E85}E:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"TCP Query User{15014167-183E-4AF3-8D20-EC51DE34BF95}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"TCP Query User{354C1C9D-F71C-4A76-A56C-B3414E08BB0D}E:\tibiacast\tibiacast client.exe" = protocol=6 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"TCP Query User{40E00FB3-3158-406D-87A0-1826F4735FD5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5EB9B314-0D55-4689-A3D1-DA5A9ADC6D14}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{97F7E791-8B15-4477-A84A-2ACBBFCA4ADD}E:\london 2012\london2012.exe" = protocol=6 | dir=in | app=e:\london 2012\london2012.exe |
"TCP Query User{DBCC130A-41D4-4656-876C-47EBB333FA8D}E:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=e:\sopcast\sopcast.exe |
"TCP Query User{E468BA5C-951C-4899-9D9A-A9FCFEA1F9A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{EA892FEA-B02C-4FC5-9DEA-2A6714ADE6C4}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{FF90AE82-3CFD-4DD8-B572-D3A53D4F3D0C}E:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=e:\miranda im\miranda32.exe |
"UDP Query User{0A08BB74-59B2-48E9-9D93-F9D73213D0F6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{40BF9E0F-1A8F-4F7B-901D-1CEF755A7536}E:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=e:\sopcast\sopcast.exe |
"UDP Query User{53E9C828-031C-40A7-AAA3-2A1165D64C66}E:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"UDP Query User{59269D52-7EC9-45DB-A4C0-C57101119A55}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{5DD068B0-C1EA-4DEB-AA8B-D0FBFF4FD6E6}E:\london 2012\london2012.exe" = protocol=17 | dir=in | app=e:\london 2012\london2012.exe |
"UDP Query User{92CF29D5-2E29-420E-A327-12409DDBE51D}E:\tibiacast\tibiacast client.exe" = protocol=17 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"UDP Query User{9E8705C5-80B8-4932-AE5A-FF5ECC744FA0}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{ACFD954A-F829-4605-9313-B7B6DC1A81D6}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{EEFB6FC5-EBF2-4E12-ADE5-863C773493D6}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"UDP Query User{F15019E7-E37F-4D3C-B16B-31E914A78C46}E:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=e:\miranda im\miranda32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5FB5C4-7F23-4EB3-A7FA-DFD0B2F30341}" = Tibiacast
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.5.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Picasa 3" = Picasa 3
"PS3 Media Server" = PS3 Media Server
"SopCast" = SopCast 3.5.0
"Tibia_is1" = Tibia
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.10.2012 11:47:00 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Error - 26.10.2012 12:24:20 | Computer Name = PeterHagedorn | Source = Application
Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Taskmgr.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78d21
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006f0138
ID des fehlerhaften Prozesses: 0xb0c
Startzeit der fehlerhaften Anwendung: 0x01cdb3965079c809
Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Taskmgr.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 9827f94a-1f89-11e2-afaa-00030da4e330
Error - 26.10.2012 12:24:22 | Computer Name = PeterHagedorn | Source = Application
Error | ID = 1000
Error - 26.10.2012 12:24:34 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Taskmgr.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce78d21 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0150010 Fehleroffset: 0x00084699 ID des fehlerhaften
Prozesses: 0xb0c Startzeit der fehlerhaften Anwendung: 0x01cdb3965079c809 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\Taskmgr.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\ntdll.dll Berichtskennung: a02255f6-1f89-11e2-afaa-00030da4e330
Error - 01.11.2012 12:24:04 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680,
Zeitstempel: 0x50882871 Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680,
Zeitstempel: 0x508827d6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00130ef7 ID des fehlerhaften
Prozesses: 0x1388 Startzeit der fehlerhaften Anwendung: 0x01cdb84446004987 Pfad der
fehlerhaften Anwendung: E:\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls:
E:\Mozilla Firefox\xul.dll Berichtskennung: 8cb3853e-2440-11e2-a862-00030da4e330
Error - 05.11.2012 12:54:39 | Computer Name = PeterHagedorn | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.2.100
for ServerName .
Error - 06.11.2012 17:52:20 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_4_402_287.exe,
Version: 11.4.402.287, Zeitstempel: 0x5066dda3 Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll,
Version: 11.4.402.287, Zeitstempel: 0x5066df1c Ausnahmecode: 0xc0000005 Fehleroffset:
0x004254cf ID des fehlerhaften Prozesses: 0x588 Startzeit der fehlerhaften Anwendung:
0x01cdbc5e9e46131a Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
Berichtskennung:
3cb32c37-285c-11e2-98e4-00030da4e330
[ System Events ]
Error - 14.06.2012 10:12:48 | Computer Name = PeterHagedorn | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 17.06.2012 10:05:43 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?06.?2012 um 16:04:51 unerwartet heruntergefahren.
Error - 19.06.2012 12:21:58 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 19.06.2012 12:22:00 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 20.06.2012 18:10:22 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?06.?2012 um 00:09:26 unerwartet heruntergefahren.
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 23.06.2012 09:59:03 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:51 on 29/11/2012 (Peter Hagedorn)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
asWMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-29 20:54:30
-----------------------------
20:54:30.737 OS Version: Windows x64 6.1.7601 Service Pack 1
20:54:30.737 Number of processors: 2 586 0x1706
20:54:30.737 ComputerName: PETERHAGEDORN UserName:
20:54:31.658 Initialize success
20:57:41.839 AVAST engine defs: 12112900
20:57:58.251 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:57:58.251 Disk 0 Vendor: Hitachi_HTS725050A9A364 PC4OC70E Size: 476940MB BusType: 11
20:57:58.266 Disk 0 MBR read successfully
20:57:58.266 Disk 0 MBR scan
20:57:58.282 Disk 0 Windows 7 default MBR code
20:57:58.282 Disk 0 Partition 1 00 42 SFS 0 MB offset 63
20:57:58.297 Disk 0 Partition 2 80 (A) 42 SFS NTFS 100 MB offset 2048
20:57:58.313 Disk 0 Partition 3 00 42 SFS NTFS 100000 MB offset 206848
20:57:58.329 Disk 0 Partition 4 00 42 SFS NTFS 376838 MB offset 205006848
20:57:58.344 Disk 0 scanning C:\Windows\system32\drivers
20:57:58.344 Service scanning
20:58:32.058 Modules scanning
20:58:32.058 Disk 0 trace - called modules:
20:58:32.620 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:58:32.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c226d0]
20:58:32.667 3 CLASSPNP.SYS[fffff8800199443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046a8060]
20:58:33.572 AVAST engine scan C:\Windows
20:58:33.572 AVAST engine scan C:\Windows\system32
20:58:33.587 AVAST engine scan C:\Windows\system32\drivers
20:58:33.618 AVAST engine scan C:\Users\Peter Hagedorn
20:58:33.634 AVAST engine scan C:\ProgramData
20:58:33.665 Scan finished successfully
20:58:55.227 Disk 0 MBR has been saved successfully to "C:\Users\Peter Hagedorn\Desktop\MBR.dat"
20:58:55.237 The log file has been saved successfully to "C:\Users\Peter Hagedorn\Desktop\aswMBR.txt"
TDSSKiller: Code:
ATTFilter 20:59:37.0977 1872 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:59:38.0207 1872 ============================================================
20:59:38.0207 1872 Current date / time: 2012/11/29 20:59:38.0207
20:59:38.0207 1872 SystemInfo:
20:59:38.0207 1872
20:59:38.0207 1872 OS Version: 6.1.7601 ServicePack: 1.0
20:59:38.0207 1872 Product type: Workstation
20:59:38.0207 1872 ComputerName: PETERHAGEDORN
20:59:38.0207 1872 UserName: Peter Hagedorn
20:59:38.0207 1872 Windows directory: C:\Windows
20:59:38.0207 1872 System windows directory: C:\Windows
20:59:38.0207 1872 Running under WOW64
20:59:38.0207 1872 Processor architecture: Intel x64
20:59:38.0207 1872 Number of processors: 2
20:59:38.0207 1872 Page size: 0x1000
20:59:38.0207 1872 Boot type: Normal boot
20:59:38.0207 1872 ============================================================
20:59:39.0267 1872 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:59:39.0267 1872 ============================================================
20:59:39.0267 1872 \Device\Harddisk0\DR0:
20:59:39.0267 1872 MBR partitions:
20:59:39.0267 1872 Initialize success
20:59:39.0267 1872 ============================================================
20:59:49.0890 3236 ============================================================
20:59:49.0890 3236 Scan started
20:59:49.0890 3236 Mode: Manual;
20:59:49.0890 3236 ============================================================
20:59:50.0342 3236 ================ Scan system memory ========================
20:59:50.0342 3236 System memory - ok
20:59:50.0342 3236 ================ Scan services =============================
20:59:50.0373 3236 1394ohci - ok
20:59:50.0389 3236 ACPI - ok
20:59:50.0389 3236 AcpiPmi - ok
20:59:50.0404 3236 AdobeARMservice - ok
20:59:50.0420 3236 AdobeFlashPlayerUpdateSvc - ok
20:59:50.0436 3236 adp94xx - ok
20:59:50.0436 3236 adpahci - ok
20:59:50.0436 3236 adpu320 - ok
20:59:50.0451 3236 AeLookupSvc - ok
20:59:50.0467 3236 AFD - ok
20:59:50.0482 3236 agp440 - ok
20:59:50.0482 3236 ALG - ok
20:59:50.0482 3236 aliide - ok
20:59:50.0498 3236 amdide - ok
20:59:50.0498 3236 AmdK8 - ok
20:59:50.0498 3236 AmdPPM - ok
20:59:50.0498 3236 amdsata - ok
20:59:50.0514 3236 amdsbs - ok
20:59:50.0514 3236 amdxata - ok
20:59:50.0545 3236 AntiVirSchedulerService - ok
20:59:50.0545 3236 AntiVirService - ok
20:59:50.0560 3236 AppID - ok
20:59:50.0560 3236 AppIDSvc - ok
20:59:50.0560 3236 Appinfo - ok
20:59:50.0576 3236 AppMgmt - ok
20:59:50.0576 3236 arc - ok
20:59:50.0576 3236 arcsas - ok
20:59:50.0607 3236 aspnet_state - ok
20:59:50.0607 3236 AsyncMac - ok
20:59:50.0623 3236 atapi - ok
20:59:50.0623 3236 AudioEndpointBuilder - ok
20:59:50.0623 3236 AudioSrv - ok
20:59:50.0638 3236 avgntflt - ok
20:59:50.0638 3236 avipbb - ok
20:59:50.0638 3236 avkmgr - ok
20:59:50.0638 3236 AxInstSV - ok
20:59:50.0654 3236 b06bdrv - ok
20:59:50.0654 3236 b57nd60a - ok
20:59:50.0670 3236 BDESVC - ok
20:59:50.0680 3236 Beep - ok
20:59:50.0690 3236 BFE - ok
20:59:50.0700 3236 BITS - ok
20:59:50.0710 3236 blbdrive - ok
20:59:50.0710 3236 bowser - ok
20:59:50.0720 3236 BrFiltLo - ok
20:59:50.0720 3236 BrFiltUp - ok
20:59:50.0730 3236 Browser - ok
20:59:50.0730 3236 Brserid - ok
20:59:50.0740 3236 BrSerWdm - ok
20:59:50.0740 3236 BrUsbMdm - ok
20:59:50.0750 3236 BrUsbSer - ok
20:59:50.0750 3236 BTHMODEM - ok
20:59:50.0770 3236 bthserv - ok
20:59:50.0780 3236 cdfs - ok
20:59:50.0790 3236 cdrom - ok
20:59:50.0800 3236 CertPropSvc - ok
20:59:50.0810 3236 circlass - ok
20:59:50.0810 3236 CLFS - ok
20:59:50.0810 3236 clr_optimization_v2.0.50727_32 - ok
20:59:50.0820 3236 clr_optimization_v2.0.50727_64 - ok
20:59:50.0820 3236 clr_optimization_v4.0.30319_32 - ok
20:59:50.0830 3236 clr_optimization_v4.0.30319_64 - ok
20:59:50.0840 3236 CmBatt - ok
20:59:50.0850 3236 cmdide - ok
20:59:50.0850 3236 CNG - ok
20:59:50.0860 3236 Compbatt - ok
20:59:50.0870 3236 CompositeBus - ok
20:59:50.0880 3236 COMSysApp - ok
20:59:50.0880 3236 crcdisk - ok
20:59:50.0890 3236 CryptSvc - ok
20:59:50.0890 3236 CSC - ok
20:59:50.0900 3236 CscService - ok
20:59:50.0900 3236 DcomLaunch - ok
20:59:50.0910 3236 defragsvc - ok
20:59:50.0910 3236 DfsC - ok
20:59:50.0930 3236 dg_ssudbus - ok
20:59:50.0930 3236 Dhcp - ok
20:59:50.0940 3236 discache - ok
20:59:50.0940 3236 Disk - ok
20:59:50.0950 3236 Dnscache - ok
20:59:50.0950 3236 dot3svc - ok
20:59:50.0960 3236 DPS - ok
20:59:50.0960 3236 drmkaud - ok
20:59:50.0970 3236 DXGKrnl - ok
20:59:50.0970 3236 EapHost - ok
20:59:50.0980 3236 ebdrv - ok
20:59:50.0980 3236 EFS - ok
20:59:50.0990 3236 ehRecvr - ok
20:59:50.0990 3236 ehSched - ok
20:59:50.0990 3236 elxstor - ok
20:59:51.0000 3236 ErrDev - ok
20:59:51.0010 3236 EventSystem - ok
20:59:51.0010 3236 exfat - ok
20:59:51.0020 3236 fastfat - ok
20:59:51.0020 3236 Fax - ok
20:59:51.0030 3236 fdc - ok
20:59:51.0030 3236 fdPHost - ok
20:59:51.0040 3236 FDResPub - ok
20:59:51.0040 3236 FileInfo - ok
20:59:51.0050 3236 Filetrace - ok
20:59:51.0050 3236 flpydisk - ok
20:59:51.0060 3236 FltMgr - ok
20:59:51.0060 3236 FontCache - ok
20:59:51.0070 3236 FontCache3.0.0.0 - ok
20:59:51.0070 3236 FsDepends - ok
20:59:51.0080 3236 Fs_Rec - ok
20:59:51.0090 3236 fvevol - ok
20:59:51.0090 3236 gagp30kx - ok
20:59:51.0100 3236 gpsvc - ok
20:59:51.0120 3236 gupdate - ok
20:59:51.0130 3236 gupdatem - ok
20:59:51.0140 3236 gusvc - ok
20:59:51.0140 3236 hcw85cir - ok
20:59:51.0150 3236 HdAudAddService - ok
20:59:51.0160 3236 HDAudBus - ok
20:59:51.0170 3236 HidBatt - ok
20:59:51.0170 3236 HidBth - ok
20:59:51.0180 3236 HidIr - ok
20:59:51.0180 3236 hidserv - ok
20:59:51.0190 3236 HidUsb - ok
20:59:51.0190 3236 hkmsvc - ok
20:59:51.0200 3236 HomeGroupListener - ok
20:59:51.0200 3236 HomeGroupProvider - ok
20:59:51.0210 3236 HpSAMD - ok
20:59:51.0210 3236 HTTP - ok
20:59:51.0210 3236 hwpolicy - ok
20:59:51.0220 3236 i8042prt - ok
20:59:51.0230 3236 iaStorV - ok
20:59:51.0230 3236 idsvc - ok
20:59:51.0230 3236 iirsp - ok
20:59:51.0240 3236 IKEEXT - ok
20:59:51.0250 3236 intelide - ok
20:59:51.0250 3236 intelppm - ok
20:59:51.0260 3236 IPBusEnum - ok
20:59:51.0260 3236 IpFilterDriver - ok
20:59:51.0270 3236 iphlpsvc - ok
20:59:51.0270 3236 IPMIDRV - ok
20:59:51.0280 3236 IPNAT - ok
20:59:51.0280 3236 IRENUM - ok
20:59:51.0290 3236 isapnp - ok
20:59:51.0290 3236 iScsiPrt - ok
20:59:51.0290 3236 kbdclass - ok
20:59:51.0300 3236 kbdhid - ok
20:59:51.0310 3236 KeyIso - ok
20:59:51.0310 3236 KSecDD - ok
20:59:51.0320 3236 KSecPkg - ok
20:59:51.0320 3236 ksthunk - ok
20:59:51.0330 3236 KtmRm - ok
20:59:51.0330 3236 LanmanServer - ok
20:59:51.0330 3236 LanmanWorkstation - ok
20:59:51.0350 3236 lltdio - ok
20:59:51.0350 3236 lltdsvc - ok
20:59:51.0360 3236 lmhosts - ok
20:59:51.0370 3236 LSI_FC - ok
20:59:51.0370 3236 LSI_SAS - ok
20:59:51.0380 3236 LSI_SAS2 - ok
20:59:51.0380 3236 LSI_SCSI - ok
20:59:51.0380 3236 luafv - ok
20:59:51.0390 3236 LVRS64 - ok
20:59:51.0400 3236 LVUVC64 - ok
20:59:51.0420 3236 ManyCam - ok
20:59:51.0420 3236 mcaudrv_simple - ok
20:59:51.0430 3236 Mcx2Svc - ok
20:59:51.0440 3236 megasas - ok
20:59:51.0440 3236 MegaSR - ok
20:59:51.0450 3236 MMCSS - ok
20:59:51.0450 3236 Modem - ok
20:59:51.0460 3236 monitor - ok
20:59:51.0460 3236 mouclass - ok
20:59:51.0460 3236 mouhid - ok
20:59:51.0480 3236 mountmgr - ok
20:59:51.0500 3236 MozillaMaintenance - ok
20:59:51.0500 3236 mpio - ok
20:59:51.0510 3236 mpsdrv - ok
20:59:51.0510 3236 MpsSvc - ok
20:59:51.0520 3236 MRxDAV - ok
20:59:51.0520 3236 mrxsmb - ok
20:59:51.0530 3236 mrxsmb10 - ok
20:59:51.0530 3236 mrxsmb20 - ok
20:59:51.0540 3236 msahci - ok
20:59:51.0540 3236 msdsm - ok
20:59:51.0550 3236 MSDTC - ok
20:59:51.0560 3236 Msfs - ok
20:59:51.0560 3236 mshidkmdf - ok
20:59:51.0570 3236 msisadrv - ok
20:59:51.0570 3236 MSiSCSI - ok
20:59:51.0580 3236 msiserver - ok
20:59:51.0580 3236 MSKSSRV - ok
20:59:51.0590 3236 MSPCLOCK - ok
20:59:51.0590 3236 MSPQM - ok
20:59:51.0600 3236 MsRPC - ok
20:59:51.0600 3236 mssmbios - ok
20:59:51.0610 3236 MSSQL$SQLEXPRESS - ok
20:59:51.0620 3236 MSSQLServerADHelper100 - ok
20:59:51.0630 3236 MSTEE - ok
20:59:51.0630 3236 MTConfig - ok
20:59:51.0640 3236 Mup - ok
20:59:51.0640 3236 napagent - ok
20:59:51.0640 3236 NativeWifiP - ok
20:59:51.0650 3236 NDIS - ok
20:59:51.0650 3236 NdisCap - ok
20:59:51.0660 3236 NdisTapi - ok
20:59:51.0660 3236 Ndisuio - ok
20:59:51.0670 3236 NdisWan - ok
20:59:51.0670 3236 NDProxy - ok
20:59:51.0680 3236 NetBIOS - ok
20:59:51.0680 3236 NetBT - ok
20:59:51.0690 3236 Netlogon - ok
20:59:51.0700 3236 Netman - ok
20:59:51.0710 3236 NetMsmqActivator - ok
20:59:51.0730 3236 NetPipeActivator - ok
20:59:51.0730 3236 netprofm - ok
20:59:51.0740 3236 NetTcpActivator - ok
20:59:51.0750 3236 NetTcpPortSharing - ok
20:59:51.0750 3236 netw5v64 - ok
20:59:51.0760 3236 NETwNs64 - ok
20:59:51.0760 3236 nfrd960 - ok
20:59:51.0780 3236 NlaSvc - ok
20:59:51.0780 3236 Npfs - ok
20:59:51.0780 3236 nsi - ok
20:59:51.0790 3236 nsiproxy - ok
20:59:51.0790 3236 Ntfs - ok
20:59:51.0800 3236 Null - ok
20:59:51.0800 3236 nvlddmkm - ok
20:59:51.0810 3236 nvraid - ok
20:59:51.0810 3236 nvstor - ok
20:59:51.0820 3236 nvsvc - ok
20:59:51.0830 3236 nv_agp - ok
20:59:51.0830 3236 ohci1394 - ok
20:59:51.0840 3236 p2pimsvc - ok
20:59:51.0840 3236 p2psvc - ok
20:59:51.0850 3236 Parport - ok
20:59:51.0850 3236 partmgr - ok
20:59:51.0860 3236 PcaSvc - ok
20:59:51.0860 3236 pci - ok
20:59:51.0860 3236 pciide - ok
20:59:51.0870 3236 pcmcia - ok
20:59:51.0870 3236 pcw - ok
20:59:51.0880 3236 PEAUTH - ok
20:59:51.0880 3236 PeerDistSvc - ok
20:59:51.0890 3236 PerfHost - ok
20:59:51.0900 3236 pla - ok
20:59:51.0900 3236 PlugPlay - ok
20:59:51.0910 3236 PNRPAutoReg - ok
20:59:51.0910 3236 PNRPsvc - ok
20:59:51.0920 3236 PolicyAgent - ok
20:59:51.0930 3236 Power - ok
20:59:51.0940 3236 PptpMiniport - ok
20:59:51.0940 3236 Processor - ok
20:59:51.0940 3236 ProfSvc - ok
20:59:51.0950 3236 ProtectedStorage - ok
20:59:51.0960 3236 Psched - ok
20:59:51.0960 3236 ql2300 - ok
20:59:51.0970 3236 ql40xx - ok
20:59:51.0970 3236 QWAVE - ok
20:59:51.0970 3236 QWAVEdrv - ok
20:59:51.0980 3236 RasAcd - ok
20:59:51.0990 3236 RasAgileVpn - ok
20:59:51.0990 3236 RasAuto - ok
20:59:51.0990 3236 Rasl2tp - ok
20:59:52.0000 3236 RasMan - ok
20:59:52.0000 3236 RasPppoe - ok
20:59:52.0010 3236 RasSstp - ok
20:59:52.0010 3236 rdbss - ok
20:59:52.0020 3236 rdpbus - ok
20:59:52.0020 3236 RDPCDD - ok
20:59:52.0030 3236 RDPDR - ok
20:59:52.0030 3236 RDPENCDD - ok
20:59:52.0040 3236 RDPREFMP - ok
20:59:52.0050 3236 RdpVideoMiniport - ok
20:59:52.0050 3236 RDPWD - ok
20:59:52.0060 3236 rdyboost - ok
20:59:52.0060 3236 RemoteAccess - ok
20:59:52.0070 3236 RemoteRegistry - ok
20:59:52.0070 3236 RpcEptMapper - ok
20:59:52.0080 3236 RpcLocator - ok
20:59:52.0080 3236 RpcSs - ok
20:59:52.0090 3236 RsFx0105 - ok
20:59:52.0100 3236 rspndr - ok
20:59:52.0100 3236 RTL8167 - ok
20:59:52.0110 3236 s3cap - ok
20:59:52.0110 3236 SamSs - ok
20:59:52.0110 3236 sbp2port - ok
20:59:52.0120 3236 SBSDWSCService - ok
20:59:52.0130 3236 SCardSvr - ok
20:59:52.0130 3236 scfilter - ok
20:59:52.0130 3236 Schedule - ok
20:59:52.0140 3236 SCPolicySvc - ok
20:59:52.0140 3236 SDRSVC - ok
20:59:52.0150 3236 secdrv - ok
20:59:52.0160 3236 seclogon - ok
20:59:52.0160 3236 SENS - ok
20:59:52.0170 3236 SensrSvc - ok
20:59:52.0170 3236 Serenum - ok
20:59:52.0180 3236 Serial - ok
20:59:52.0190 3236 sermouse - ok
20:59:52.0200 3236 SessionEnv - ok
20:59:52.0210 3236 sffdisk - ok
20:59:52.0210 3236 sffp_mmc - ok
20:59:52.0210 3236 sffp_sd - ok
20:59:52.0220 3236 sfloppy - ok
20:59:52.0220 3236 SharedAccess - ok
20:59:52.0230 3236 ShellHWDetection - ok
20:59:52.0230 3236 SiSRaid2 - ok
20:59:52.0240 3236 SiSRaid4 - ok
20:59:52.0250 3236 SkypeUpdate - ok
20:59:52.0250 3236 Smb - ok
20:59:52.0260 3236 SNMPTRAP - ok
20:59:52.0280 3236 spldr - ok
20:59:52.0280 3236 Spooler - ok
20:59:52.0290 3236 sppsvc - ok
20:59:52.0290 3236 sppuinotify - ok
20:59:52.0300 3236 sptd - ok
20:59:52.0310 3236 SQLAgent$SQLEXPRESS - ok
20:59:52.0310 3236 SQLBrowser - ok
20:59:52.0320 3236 SQLWriter - ok
20:59:52.0320 3236 srv - ok
20:59:52.0330 3236 srv2 - ok
20:59:52.0330 3236 srvnet - ok
20:59:52.0340 3236 SSDPSRV - ok
20:59:52.0340 3236 SstpSvc - ok
20:59:52.0350 3236 ssudmdm - ok
20:59:52.0360 3236 StarWindServiceAE - ok
20:59:52.0360 3236 stexstor - ok
20:59:52.0370 3236 stisvc - ok
20:59:52.0380 3236 storflt - ok
20:59:52.0380 3236 storvsc - ok
20:59:52.0390 3236 swenum - ok
20:59:52.0390 3236 swprv - ok
20:59:52.0410 3236 Synth3dVsc - ok
20:59:52.0410 3236 SysMain - ok
20:59:52.0420 3236 TabletInputService - ok
20:59:52.0420 3236 TapiSrv - ok
20:59:52.0430 3236 TBS - ok
20:59:52.0430 3236 Tcpip - ok
20:59:52.0430 3236 TCPIP6 - ok
20:59:52.0440 3236 tcpipreg - ok
20:59:52.0450 3236 TDPIPE - ok
20:59:52.0450 3236 TDTCP - ok
20:59:52.0460 3236 tdx - ok
20:59:52.0460 3236 TermDD - ok
20:59:52.0460 3236 TermService - ok
20:59:52.0470 3236 Themes - ok
20:59:52.0470 3236 THREADORDER - ok
20:59:52.0480 3236 TrkWks - ok
20:59:52.0480 3236 TrustedInstaller - ok
20:59:52.0490 3236 tssecsrv - ok
20:59:52.0490 3236 TsUsbFlt - ok
20:59:52.0500 3236 tsusbhub - ok
20:59:52.0540 3236 tunnel - ok
20:59:52.0550 3236 uagp35 - ok
20:59:52.0550 3236 udfs - ok
20:59:52.0560 3236 UI0Detect - ok
20:59:52.0560 3236 uliagpkx - ok
20:59:52.0570 3236 umbus - ok
20:59:52.0570 3236 UmPass - ok
20:59:52.0580 3236 UmRdpService - ok
20:59:52.0580 3236 UMVPFSrv - ok
20:59:52.0590 3236 upnphost - ok
20:59:52.0590 3236 usbaudio - ok
20:59:52.0600 3236 usbccgp - ok
20:59:52.0600 3236 usbcir - ok
20:59:52.0600 3236 usbehci - ok
20:59:52.0610 3236 usbhub - ok
20:59:52.0610 3236 usbohci - ok
20:59:52.0620 3236 usbprint - ok
20:59:52.0620 3236 USBSTOR - ok
20:59:52.0630 3236 usbuhci - ok
20:59:52.0630 3236 usbvideo - ok
20:59:52.0640 3236 UxSms - ok
20:59:52.0640 3236 VaultSvc - ok
20:59:52.0640 3236 vdrvroot - ok
20:59:52.0660 3236 vds - ok
20:59:52.0660 3236 vga - ok
20:59:52.0670 3236 VgaSave - ok
20:59:52.0670 3236 VGPU - ok
20:59:52.0680 3236 vhdmp - ok
20:59:52.0680 3236 viaide - ok
20:59:52.0680 3236 vmbus - ok
20:59:52.0690 3236 VMBusHID - ok
20:59:52.0690 3236 volmgr - ok
20:59:52.0700 3236 volmgrx - ok
20:59:52.0710 3236 volsnap - ok
20:59:52.0710 3236 vsmraid - ok
20:59:52.0720 3236 VSS - ok
20:59:52.0720 3236 vwifibus - ok
20:59:52.0730 3236 vwififlt - ok
20:59:52.0740 3236 W32Time - ok
20:59:52.0740 3236 WacomPen - ok
20:59:52.0760 3236 WANARP - ok
20:59:52.0760 3236 Wanarpv6 - ok
20:59:52.0770 3236 wbengine - ok
20:59:52.0770 3236 WbioSrvc - ok
20:59:52.0780 3236 wcncsvc - ok
20:59:52.0780 3236 WcsPlugInService - ok
20:59:52.0790 3236 Wd - ok
20:59:52.0790 3236 Wdf01000 - ok
20:59:52.0790 3236 WdiServiceHost - ok
20:59:52.0800 3236 WdiSystemHost - ok
20:59:52.0800 3236 WebClient - ok
20:59:52.0810 3236 Wecsvc - ok
20:59:52.0810 3236 wercplsupport - ok
20:59:52.0830 3236 WerSvc - ok
20:59:52.0830 3236 WfpLwf - ok
20:59:52.0840 3236 WIMMount - ok
20:59:52.0840 3236 WinDefend - ok
20:59:52.0850 3236 WinHttpAutoProxySvc - ok
20:59:52.0850 3236 Winmgmt - ok
20:59:52.0860 3236 WinRM - ok
20:59:52.0880 3236 WinUsb - ok
20:59:52.0880 3236 Wlansvc - ok
20:59:52.0890 3236 wlidsvc - ok
20:59:52.0890 3236 WmiAcpi - ok
20:59:52.0900 3236 wmiApSrv - ok
20:59:52.0900 3236 WMPNetworkSvc - ok
20:59:52.0910 3236 WPCSvc - ok
20:59:52.0910 3236 WPDBusEnum - ok
20:59:52.0920 3236 ws2ifsl - ok
20:59:52.0920 3236 wscsvc - ok
20:59:52.0930 3236 WSearch - ok
20:59:52.0930 3236 wuauserv - ok
20:59:52.0940 3236 WudfPf - ok
20:59:52.0950 3236 WUDFRd - ok
20:59:52.0950 3236 wudfsvc - ok
20:59:52.0960 3236 WwanSvc - ok
20:59:52.0970 3236 ================ Scan global ===============================
20:59:52.0970 3236 [Global] - ok
20:59:52.0970 3236 ================ Scan MBR ==================================
20:59:52.0980 3236 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:59:53.0210 3236 \Device\Harddisk0\DR0 - ok
20:59:53.0210 3236 ================ Scan VBR ==================================
20:59:53.0210 3236 ============================================================
20:59:53.0210 3236 Scan finished
20:59:53.0210 3236 ============================================================
20:59:53.0220 2404 Detected object count: 0
20:59:53.0220 2404 Actual detected object count: 0
21:00:10.0710 3772 Deinitialize success
|
|
30.11.2012, 21:22
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Googleproblem --> Tracking999 Bitte ein Log mit CF machen ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.11.2012, 23:13
| #5 |
| | Googleproblem --> Tracking999 danke für die schnellen Antworten ComoFix: Code:
ATTFilter ComboFix 12-11-30.02 - Peter Hagedorn 30.11.2012 23:06:05.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4061.2899 [GMT 1:00]
ausgeführt von:: c:\users\Peter Hagedorn\Desktop\Trojaner Logs\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\timerintray
c:\users\Peter Hagedorn\4.0
c:\users\Peter Hagedorn\AppData\Roaming\commen.exe
c:\users\Peter Hagedorn\AppData\Roaming\inst.exe
c:\users\Peter Hagedorn\AppData\Roaming\Peter Hagedorn-wchelper.dll
c:\users\Peter Hagedorn\AppData\Roaming\vso_ts_preview.xml
c:\windows\libmysql.dll
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-28 bis 2012-11-30 ))))))))))))))))))))))))))))))
.
.
2012-11-30 22:10 . 2012-11-30 22:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-30 06:28 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F880897A-FC09-4506-81A8-4F65221F3687}\mpengine.dll
2012-11-24 18:12 . 2012-11-24 18:12 -------- d-----w- c:\users\Peter Hagedorn\AppData\Roaming\TuneUp Software
2012-11-24 18:12 . 2012-11-24 18:12 -------- d-----w- c:\programdata\TuneUp Software
2012-11-24 18:12 . 2012-11-24 18:12 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-11-24 18:12 . 2012-11-24 18:12 -------- d--h--w- c:\programdata\Common Files
2012-11-13 17:31 . 2012-11-13 17:31 -------- d-----w- c:\users\Peter Hagedorn\AppData\Roaming\PDAppFlex
2012-11-13 17:30 . 2012-11-13 17:30 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-11-12 20:36 . 2012-11-12 20:36 -------- d-----w- c:\users\Peter Hagedorn\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-11-12 20:36 . 2012-11-12 20:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-11-06 05:01 . 2012-11-24 18:12 -------- d-----w- C:\Programme (x86)
2012-11-05 16:54 . 2012-11-05 17:05 -------- d-----w- C:\yParser16_1
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-20 11:07 . 2011-11-17 05:21 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-08 19:36 . 2012-04-07 06:39 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 19:36 . 2011-11-16 16:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-24 21:16 . 2012-10-19 10:52 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 19:19 . 2012-10-20 10:55 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-20 10:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-04 07:46 . 2012-07-10 11:18 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 07:46 . 2011-11-24 05:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 SBSDWSCService;SBSD Security Center Service;e:\spybot - search & destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 19:36]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 14:33]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 14:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-01 16336488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-19 05:51; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-27 22:04; AX1FMU@w19hh.com; c:\users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\extensions\AX1FMU@w19hh.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-msconflg - c:\users\Peter Hagedorn\AppData\Roaming\msconflg.exe
Wow6432Node-HKCU-Run-Intel(R)GraphicsControls - c:\users\Peter Hagedorn\AppData\Roaming\Intel\Intel(R)GraphicsControls.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-30 23:12:03
ComboFix-quarantined-files.txt 2012-11-30 22:12
.
Vor Suchlauf: 10 Verzeichnis(se), 43.494.080.512 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 43.366.408.192 Bytes frei
.
- - End Of File - - 4EC82B53F99A3450489B1EA08E9F1956
|
|
01.12.2012, 00:22
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Googleproblem --> Tracking999 Dir ist klar, dass da offensichtlich kompletter Vor- und Nachname von dir steht? Zitat:
__________________ --> Googleproblem --> Tracking999 |
|
01.12.2012, 09:16
| #7 |
| | Googleproblem --> Tracking999 Ich weiß jetzt nicht ganz was du meinst. Nein den Ordner kenn ich nicht ist aber Leer. |
|
03.12.2012, 09:53
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Googleproblem --> Tracking999 adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.12.2012, 17:50
| #9 |
| | Googleproblem --> Tracking999 AdwCleaner Code Code:
ATTFilter # AdwCleaner v2.011 - Datei am 03/12/2012 um 17:49:09 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Peter Hagedorn - PETERHAGEDORN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Peter Hagedorn\Desktop\Trojaner Logs\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [2147 octets] - [03/12/2012 17:49:09]
########## EOF - C:\AdwCleaner[R2].txt - [2207 octets] ##########
|
|
03.12.2012, 19:46
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Googleproblem --> Tracking999 adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.12.2012, 20:43
| #11 |
| | Googleproblem --> Tracking999 adwcleaner: Code:
ATTFilter # AdwCleaner v2.011 - Datei am 03/12/2012 um 20:26:32 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Peter Hagedorn - PETERHAGEDORN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Peter Hagedorn\Desktop\Trojaner Logs\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [2274 octets] - [03/12/2012 17:49:09]
AdwCleaner[R3].txt - [2334 octets] - [03/12/2012 20:26:24]
AdwCleaner[S2].txt - [2269 octets] - [03/12/2012 20:26:32]
########## EOF - C:\AdwCleaner[S2].txt - [2329 octets] ##########
OTL Code:
ATTFilter OTL logfile created on: 03.12.2012 20:33:16 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = D:\Trojaner 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 67,20% Memory free 7,93 Gb Paging File | 6,49 Gb Available in Paging File | 81,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86) Drive C: | 97,66 Gb Total Space | 40,15 Gb Free Space | 41,12% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 66,50 Gb Free Space | 68,10% Space Free | Partition Type: NTFS Drive E: | 172,69 Gb Total Space | 81,17 Gb Free Space | 47,00% Space Free | Partition Type: NTFS Drive G: | 97,66 Gb Total Space | 35,68 Gb Free Space | 36,54% Space Free | Partition Type: NTFS Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Trojaner\OTL.exe (OldTimer Tools) PRC - C:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - E:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - e:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (No Company Name) ========== MOD - E:\Mozilla Firefox\mozjs.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (SQLBrowser) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- e:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 B3 4C 59 76 D0 CD 01 [binary data] IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: E:\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: E:\Mozilla Firefox\plugins [2011.11.16 15:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Extensions [2012.11.27 22:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions [2012.11.21 15:54:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.11.27 22:04:58 | 000,003,233 | ---- | M] () (No name found) -- C:\USERS\PETER HAGEDORN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N3QSQSB5.DEFAULT\EXTENSIONS\AX1FMU@W19HH.COM.XPI [2011.11.19 12:58:32 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\PETER HAGEDORN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N3QSQSB5.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI O1 HOSTS File: ([2012.11.30 23:10:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [avgnt] C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [SpybotSD TeaTimer] e:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBD288FE-D362-44E5-BDE3-B673B8EB2E7E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.01 09:09:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.30 23:12:05 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.30 23:05:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.30 23:05:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.30 23:05:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.30 23:05:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.30 23:04:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.30 19:13:50 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\Desktop\Neuer Ordner [2012.11.30 14:50:56 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\Desktop\Trojaner Logs [2012.11.29 18:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.24 19:12:54 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Windows Sidebar [2012.11.24 19:12:40 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\TuneUp Software [2012.11.24 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.11.24 19:12:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.11.24 19:12:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.11.24 19:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2012.11.13 18:31:02 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\PDAppFlex [2012.11.13 18:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.11.12 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.11.12 21:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86) [2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Google [2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2012.05.09 20:55:05 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.12.03 20:36:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.03 20:35:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 20:35:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 20:27:43 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.03 20:27:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.03 20:27:21 | 3193,618,432 | -HS- | M] () -- C:\hiberfil.sys [2012.12.03 19:59:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.03 18:06:15 | 000,069,193 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\IMG-20121203-WA0000.jpg [2012.12.02 22:06:41 | 001,800,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.02 22:06:41 | 000,763,270 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.02 22:06:41 | 000,718,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.02 22:06:41 | 000,173,624 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.02 22:06:41 | 000,146,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.30 23:10:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.29 20:51:56 | 000,000,020 | ---- | M] () -- C:\Users\Peter Hagedorn\defogger_reenable [2012.11.29 18:14:20 | 000,000,770 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk [2012.11.24 19:11:13 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2012.11.24 19:00:29 | 000,000,020 | ---- | M] () -- C:\ProgramData\droidcam-settings [2012.11.15 19:29:30 | 000,262,122 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg [2012.11.15 14:28:44 | 004,916,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.04 18:00:21 | 000,000,541 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk ========== Files Created - No Company Name ========== [2012.12.03 18:07:03 | 000,069,193 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\IMG-20121203-WA0000.jpg [2012.11.30 23:05:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.30 23:05:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.30 23:05:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.30 23:05:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.30 23:05:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.29 20:51:56 | 000,000,020 | ---- | C] () -- C:\Users\Peter Hagedorn\defogger_reenable [2012.11.29 18:14:20 | 000,000,770 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk [2012.11.24 18:58:17 | 000,000,020 | ---- | C] () -- C:\ProgramData\droidcam-settings [2012.11.24 18:57:45 | 000,000,562 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam.lnk [2012.11.15 19:29:30 | 000,262,122 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg [2012.11.04 18:00:21 | 000,000,541 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk [2012.08.15 20:22:23 | 000,003,584 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.04 16:06:07 | 000,135,935 | ---- | C] () -- C:\Users\Peter Hagedorn\475740_389447054439980_1180347956_o.jpg [2012.08.04 16:06:07 | 000,060,954 | ---- | C] () -- C:\Users\Peter Hagedorn\228083_174335632621194_5063792_n.jpg [2012.08.04 16:06:07 | 000,037,292 | ---- | C] () -- C:\Users\Peter Hagedorn\311782_212727452115345_5678760_n.jpg [2012.08.04 16:06:07 | 000,032,854 | ---- | C] () -- C:\Users\Peter Hagedorn\555235_397545003630185_814928582_n.jpg [2012.08.03 22:02:41 | 000,048,236 | ---- | C] () -- C:\Users\Peter Hagedorn\556715_397633903621295_831462772_n.jpg [2012.08.03 22:02:41 | 000,041,440 | ---- | C] () -- C:\Users\Peter Hagedorn\524484_420877571291805_1147114674_n.jpg [2012.08.03 22:02:41 | 000,030,823 | ---- | C] () -- C:\Users\Peter Hagedorn\308400_246757268708960_2084032314_n.jpg [2012.08.03 22:02:41 | 000,024,195 | ---- | C] () -- C:\Users\Peter Hagedorn\373785_424387980945887_289037230_n.jpg [2012.07.01 21:58:51 | 001,778,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.09 20:55:05 | 000,007,859 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.cat [2012.05.09 20:55:05 | 000,001,167 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.inf [2012.01.29 18:23:08 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll < End of report > OTL Extra Code:
ATTFilter OTL Extras logfile created on: 03.12.2012 20:33:16 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = D:\Trojaner
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 67,20% Memory free
7,93 Gb Paging File | 6,49 Gb Available in Paging File | 81,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86)
Drive C: | 97,66 Gb Total Space | 40,15 Gb Free Space | 41,12% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,50 Gb Free Space | 68,10% Space Free | Partition Type: NTFS
Drive E: | 172,69 Gb Total Space | 81,17 Gb Free Space | 47,00% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 35,68 Gb Free Space | 36,54% Space Free | Partition Type: NTFS
Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AD4037-6633-4E61-8AB5-D0280BBAFA67}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2C0D109E-0709-4C57-9AE2-7C7093F19ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3096A1C2-D0E4-46B8-8A1B-1E8ED1B55C1A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3410E138-6BCB-4F40-B546-A9EFF3E6120C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{40360C25-0035-44F7-BA02-BB904571EB70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46E45664-B26C-4DA1-BCA3-0B1C77EC802A}" = lport=137 | protocol=17 | dir=in | app=system |
"{551CAB9D-2EA4-4CC9-823B-9D52FFB67215}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5A35CEA5-9C12-4755-996B-E642E22384B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C186FB8-DB19-43A4-A2E9-1B4DC4159E19}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E2A20E8-2D9A-4DEA-BD68-91DE2043FC10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF620EC-14B9-44BD-8205-C85E2EF5CF5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9AD45986-2CE5-4D75-AAEC-4E7177C758FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{B74622B0-2E9F-4043-8EDB-61B22E46DC82}" = rport=445 | protocol=6 | dir=out | app=system |
"{B83C169E-9B66-4ECD-AC53-DAAE36F18619}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2542559-9FA8-4E67-B1EF-6D72D37BD97C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC7C2826-C261-4C6A-8330-7CA87EA4AC1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D012EE79-9DDA-4000-AF1A-10C4D971CCEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E22891A7-0416-47C4-98A5-C49618E93A2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E313490C-1098-4B94-BA58-68253E11824C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2EFE722-282E-45E3-BF89-4345BC819229}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F46C0CD0-26B6-4C97-BC53-E0FD85D80D45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F69278B0-1298-49E0-9715-B4FE66BF06A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{F98281DB-66F1-4378-9F6F-4D8C0EDC225B}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAB003B5-3813-40D1-ACE3-D37860FB3CE1}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B5601-35C4-4C55-A0A6-03343FE362FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04E465CD-337E-4ECC-AFAD-0B6970056013}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18EB8771-BC06-40E4-9E96-2F140C002B1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21166C00-FB3D-4B21-BD13-3E7C6099F59C}" = protocol=6 | dir=in | app=e:\droidcam\droidcamapp.exe |
"{2CA5A946-FBDD-4C49-A797-20D9E45F7003}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{31968711-CEC4-4F64-A511-46BB114E7B38}" = protocol=6 | dir=out | app=system |
"{370E6152-1ED8-424F-AFB0-C13E2A30418E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B816396-68C1-413F-A8EE-3BA0BEAA45BC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{401321D0-10BA-4DA0-988C-CDCAA20DDDD9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4E99166B-8474-43C7-BC87-BFC6E85D72EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{509EBDB6-92B3-473D-B137-B8FB76E9F272}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53F5A6C5-02DF-4F20-939E-D383E1CEF7EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6848284E-A832-45EC-B37B-6C8E2ADD9F6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A9CFA0D-9A44-4B3E-A799-7A4570F8DE48}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A960264-90A8-419F-9CBC-03461D9D83AC}" = protocol=17 | dir=in | app=e:\qqintl\bin\qq.exe |
"{7C9F30A9-0A20-411D-924C-8B9AC6BE4752}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DF5519F-44B4-489F-AE8E-548106BEA2E8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{89544430-00D8-465D-9AB5-6200C2CBE1F9}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9318EE68-5279-460D-98EE-3BB86FA42C6C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{969DD71E-D2D1-481C-A3E8-08D43E5A82DD}" = protocol=6 | dir=in | app=e:\qqintl\bin\qq.exe |
"{980067A2-8F45-4E44-9734-F521FD6B054B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{997071DE-A982-4D69-B748-E0E9CE05645F}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{9EC7D912-007D-4C59-9DCB-CC4210C1B126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0D20957-E9E4-4D86-BE47-40D1DE8BD7C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8117704-7B9E-4C80-B660-CF4F845B0BBA}" = dir=in | app=e:\mpk\mpkview.exe |
"{AD88D1C6-B339-46DD-95BB-E8300A832652}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AFFD8E8B-53BA-492C-B24D-45EC07DFAB49}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B23353BC-272B-4BA3-A4AB-B0CD54C9B629}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C2810B02-168B-45A7-AD63-8DC9261347A4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C3342031-BCFB-4F22-9074-CD318DE5B986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D315465C-3FC1-48D0-BC64-8E4DE79223FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAD8E0DC-2C32-4B9F-B306-0A40B05D5C20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8392474-4166-4396-81CD-0526ED8EAAF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5AF0C33-8BBE-4D5D-935D-8487A779E55C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F6349756-FF65-4BA5-AF16-65BD12AF4B4D}" = dir=in | app=e:\mpk\mpk.exe |
"{FB4CD95B-CDAE-4A02-A453-EA5323D43FA0}" = protocol=17 | dir=in | app=e:\droidcam\droidcamapp.exe |
"TCP Query User{0952F30B-0032-4DE4-8DB4-B4B3087A3E85}E:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"TCP Query User{15014167-183E-4AF3-8D20-EC51DE34BF95}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"TCP Query User{354C1C9D-F71C-4A76-A56C-B3414E08BB0D}E:\tibiacast\tibiacast client.exe" = protocol=6 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"TCP Query User{40E00FB3-3158-406D-87A0-1826F4735FD5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5EB9B314-0D55-4689-A3D1-DA5A9ADC6D14}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{97F7E791-8B15-4477-A84A-2ACBBFCA4ADD}E:\london 2012\london2012.exe" = protocol=6 | dir=in | app=e:\london 2012\london2012.exe |
"TCP Query User{DBCC130A-41D4-4656-876C-47EBB333FA8D}E:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=e:\sopcast\sopcast.exe |
"TCP Query User{E468BA5C-951C-4899-9D9A-A9FCFEA1F9A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{EA892FEA-B02C-4FC5-9DEA-2A6714ADE6C4}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{FF90AE82-3CFD-4DD8-B572-D3A53D4F3D0C}E:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=e:\miranda im\miranda32.exe |
"UDP Query User{0A08BB74-59B2-48E9-9D93-F9D73213D0F6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{40BF9E0F-1A8F-4F7B-901D-1CEF755A7536}E:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=e:\sopcast\sopcast.exe |
"UDP Query User{53E9C828-031C-40A7-AAA3-2A1165D64C66}E:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"UDP Query User{59269D52-7EC9-45DB-A4C0-C57101119A55}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{5DD068B0-C1EA-4DEB-AA8B-D0FBFF4FD6E6}E:\london 2012\london2012.exe" = protocol=17 | dir=in | app=e:\london 2012\london2012.exe |
"UDP Query User{92CF29D5-2E29-420E-A327-12409DDBE51D}E:\tibiacast\tibiacast client.exe" = protocol=17 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"UDP Query User{9E8705C5-80B8-4932-AE5A-FF5ECC744FA0}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{ACFD954A-F829-4605-9313-B7B6DC1A81D6}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{EEFB6FC5-EBF2-4E12-ADE5-863C773493D6}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"UDP Query User{F15019E7-E37F-4D3C-B16B-31E914A78C46}E:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=e:\miranda im\miranda32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5FB5C4-7F23-4EB3-A7FA-DFD0B2F30341}" = Tibiacast
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.5.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Picasa 3" = Picasa 3
"PS3 Media Server" = PS3 Media Server
"SopCast" = SopCast 3.5.0
"Tibia_is1" = Tibia
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.11.2012 12:54:39 | Computer Name = PeterHagedorn | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.2.100
for ServerName .
Error - 06.11.2012 17:52:20 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_4_402_287.exe,
Version: 11.4.402.287, Zeitstempel: 0x5066dda3 Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll,
Version: 11.4.402.287, Zeitstempel: 0x5066df1c Ausnahmecode: 0xc0000005 Fehleroffset:
0x004254cf ID des fehlerhaften Prozesses: 0x588 Startzeit der fehlerhaften Anwendung:
0x01cdbc5e9e46131a Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
Berichtskennung:
3cb32c37-285c-11e2-98e4-00030da4e330
Error - 30.11.2012 02:32:24 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 30.11.2012 20:20:12 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.11.0, Zeitstempel:
0x4e1edf37 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften Prozesses:
0xe04 Startzeit der fehlerhaften Anwendung: 0x01cdcf57fc4c28c3 Pfad der fehlerhaften
Anwendung: E:\VLC\vlc.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
ded8f918-3b4c-11e2-93ec-00030da4e330
Error - 01.12.2012 09:00:46 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 02.12.2012 08:46:03 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 03.12.2012 14:23:35 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 17.06.2012 10:05:43 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?06.?2012 um 16:04:51 unerwartet heruntergefahren.
Error - 19.06.2012 12:21:58 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 19.06.2012 12:22:00 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 20.06.2012 18:10:22 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?06.?2012 um 00:09:26 unerwartet heruntergefahren.
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 23.06.2012 09:59:03 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
|
|
03.12.2012, 20:44
| #12 |
| | Googleproblem --> Tracking999 adwcleaner: Code:
ATTFilter # AdwCleaner v2.011 - Datei am 03/12/2012 um 20:26:32 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Peter Hagedorn - PETERHAGEDORN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Peter Hagedorn\Desktop\Trojaner Logs\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [2274 octets] - [03/12/2012 17:49:09]
AdwCleaner[R3].txt - [2334 octets] - [03/12/2012 20:26:24]
AdwCleaner[S2].txt - [2269 octets] - [03/12/2012 20:26:32]
########## EOF - C:\AdwCleaner[S2].txt - [2329 octets] ##########
OTL Code:
ATTFilter OTL logfile created on: 03.12.2012 20:33:16 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = D:\Trojaner 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 67,20% Memory free 7,93 Gb Paging File | 6,49 Gb Available in Paging File | 81,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86) Drive C: | 97,66 Gb Total Space | 40,15 Gb Free Space | 41,12% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 66,50 Gb Free Space | 68,10% Space Free | Partition Type: NTFS Drive E: | 172,69 Gb Total Space | 81,17 Gb Free Space | 47,00% Space Free | Partition Type: NTFS Drive G: | 97,66 Gb Total Space | 35,68 Gb Free Space | 36,54% Space Free | Partition Type: NTFS Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Trojaner\OTL.exe (OldTimer Tools) PRC - C:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - E:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - e:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (No Company Name) ========== MOD - E:\Mozilla Firefox\mozjs.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (SQLBrowser) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- e:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 B3 4C 59 76 D0 CD 01 [binary data] IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: E:\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: E:\Mozilla Firefox\plugins [2011.11.16 15:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Extensions [2012.11.27 22:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions [2012.11.21 15:54:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.11.27 22:04:58 | 000,003,233 | ---- | M] () (No name found) -- C:\USERS\PETER HAGEDORN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N3QSQSB5.DEFAULT\EXTENSIONS\AX1FMU@W19HH.COM.XPI [2011.11.19 12:58:32 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\PETER HAGEDORN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N3QSQSB5.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI O1 HOSTS File: ([2012.11.30 23:10:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [avgnt] C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [SpybotSD TeaTimer] e:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBD288FE-D362-44E5-BDE3-B673B8EB2E7E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.01 09:09:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.30 23:12:05 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.30 23:05:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.30 23:05:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.30 23:05:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.30 23:05:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.30 23:04:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.30 19:13:50 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\Desktop\Neuer Ordner [2012.11.30 14:50:56 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\Desktop\Trojaner Logs [2012.11.29 18:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.24 19:12:54 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Windows Sidebar [2012.11.24 19:12:40 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\TuneUp Software [2012.11.24 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.11.24 19:12:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.11.24 19:12:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.11.24 19:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2012.11.13 18:31:02 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\PDAppFlex [2012.11.13 18:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.11.12 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.11.12 21:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86) [2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Google [2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2012.05.09 20:55:05 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.12.03 20:36:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.03 20:35:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 20:35:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.03 20:27:43 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.03 20:27:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.03 20:27:21 | 3193,618,432 | -HS- | M] () -- C:\hiberfil.sys [2012.12.03 19:59:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.03 18:06:15 | 000,069,193 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\IMG-20121203-WA0000.jpg [2012.12.02 22:06:41 | 001,800,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.02 22:06:41 | 000,763,270 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.02 22:06:41 | 000,718,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.02 22:06:41 | 000,173,624 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.02 22:06:41 | 000,146,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.30 23:10:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.29 20:51:56 | 000,000,020 | ---- | M] () -- C:\Users\Peter Hagedorn\defogger_reenable [2012.11.29 18:14:20 | 000,000,770 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk [2012.11.24 19:11:13 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2012.11.24 19:00:29 | 000,000,020 | ---- | M] () -- C:\ProgramData\droidcam-settings [2012.11.15 19:29:30 | 000,262,122 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg [2012.11.15 14:28:44 | 004,916,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.04 18:00:21 | 000,000,541 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk ========== Files Created - No Company Name ========== [2012.12.03 18:07:03 | 000,069,193 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\IMG-20121203-WA0000.jpg [2012.11.30 23:05:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.30 23:05:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.30 23:05:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.30 23:05:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.30 23:05:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.29 20:51:56 | 000,000,020 | ---- | C] () -- C:\Users\Peter Hagedorn\defogger_reenable [2012.11.29 18:14:20 | 000,000,770 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk [2012.11.24 18:58:17 | 000,000,020 | ---- | C] () -- C:\ProgramData\droidcam-settings [2012.11.24 18:57:45 | 000,000,562 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam.lnk [2012.11.15 19:29:30 | 000,262,122 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg [2012.11.04 18:00:21 | 000,000,541 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk [2012.08.15 20:22:23 | 000,003,584 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.04 16:06:07 | 000,135,935 | ---- | C] () -- C:\Users\Peter Hagedorn\475740_389447054439980_1180347956_o.jpg [2012.08.04 16:06:07 | 000,060,954 | ---- | C] () -- C:\Users\Peter Hagedorn\228083_174335632621194_5063792_n.jpg [2012.08.04 16:06:07 | 000,037,292 | ---- | C] () -- C:\Users\Peter Hagedorn\311782_212727452115345_5678760_n.jpg [2012.08.04 16:06:07 | 000,032,854 | ---- | C] () -- C:\Users\Peter Hagedorn\555235_397545003630185_814928582_n.jpg [2012.08.03 22:02:41 | 000,048,236 | ---- | C] () -- C:\Users\Peter Hagedorn\556715_397633903621295_831462772_n.jpg [2012.08.03 22:02:41 | 000,041,440 | ---- | C] () -- C:\Users\Peter Hagedorn\524484_420877571291805_1147114674_n.jpg [2012.08.03 22:02:41 | 000,030,823 | ---- | C] () -- C:\Users\Peter Hagedorn\308400_246757268708960_2084032314_n.jpg [2012.08.03 22:02:41 | 000,024,195 | ---- | C] () -- C:\Users\Peter Hagedorn\373785_424387980945887_289037230_n.jpg [2012.07.01 21:58:51 | 001,778,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.09 20:55:05 | 000,007,859 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.cat [2012.05.09 20:55:05 | 000,001,167 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.inf [2012.01.29 18:23:08 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll < End of report > OTL Extra Code:
ATTFilter OTL Extras logfile created on: 03.12.2012 20:33:16 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = D:\Trojaner
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 67,20% Memory free
7,93 Gb Paging File | 6,49 Gb Available in Paging File | 81,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86)
Drive C: | 97,66 Gb Total Space | 40,15 Gb Free Space | 41,12% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,50 Gb Free Space | 68,10% Space Free | Partition Type: NTFS
Drive E: | 172,69 Gb Total Space | 81,17 Gb Free Space | 47,00% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 35,68 Gb Free Space | 36,54% Space Free | Partition Type: NTFS
Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AD4037-6633-4E61-8AB5-D0280BBAFA67}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2C0D109E-0709-4C57-9AE2-7C7093F19ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3096A1C2-D0E4-46B8-8A1B-1E8ED1B55C1A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3410E138-6BCB-4F40-B546-A9EFF3E6120C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{40360C25-0035-44F7-BA02-BB904571EB70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46E45664-B26C-4DA1-BCA3-0B1C77EC802A}" = lport=137 | protocol=17 | dir=in | app=system |
"{551CAB9D-2EA4-4CC9-823B-9D52FFB67215}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5A35CEA5-9C12-4755-996B-E642E22384B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C186FB8-DB19-43A4-A2E9-1B4DC4159E19}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E2A20E8-2D9A-4DEA-BD68-91DE2043FC10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF620EC-14B9-44BD-8205-C85E2EF5CF5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9AD45986-2CE5-4D75-AAEC-4E7177C758FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{B74622B0-2E9F-4043-8EDB-61B22E46DC82}" = rport=445 | protocol=6 | dir=out | app=system |
"{B83C169E-9B66-4ECD-AC53-DAAE36F18619}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2542559-9FA8-4E67-B1EF-6D72D37BD97C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC7C2826-C261-4C6A-8330-7CA87EA4AC1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D012EE79-9DDA-4000-AF1A-10C4D971CCEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E22891A7-0416-47C4-98A5-C49618E93A2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E313490C-1098-4B94-BA58-68253E11824C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2EFE722-282E-45E3-BF89-4345BC819229}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F46C0CD0-26B6-4C97-BC53-E0FD85D80D45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F69278B0-1298-49E0-9715-B4FE66BF06A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{F98281DB-66F1-4378-9F6F-4D8C0EDC225B}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAB003B5-3813-40D1-ACE3-D37860FB3CE1}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B5601-35C4-4C55-A0A6-03343FE362FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04E465CD-337E-4ECC-AFAD-0B6970056013}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18EB8771-BC06-40E4-9E96-2F140C002B1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21166C00-FB3D-4B21-BD13-3E7C6099F59C}" = protocol=6 | dir=in | app=e:\droidcam\droidcamapp.exe |
"{2CA5A946-FBDD-4C49-A797-20D9E45F7003}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{31968711-CEC4-4F64-A511-46BB114E7B38}" = protocol=6 | dir=out | app=system |
"{370E6152-1ED8-424F-AFB0-C13E2A30418E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B816396-68C1-413F-A8EE-3BA0BEAA45BC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{401321D0-10BA-4DA0-988C-CDCAA20DDDD9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4E99166B-8474-43C7-BC87-BFC6E85D72EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{509EBDB6-92B3-473D-B137-B8FB76E9F272}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53F5A6C5-02DF-4F20-939E-D383E1CEF7EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6848284E-A832-45EC-B37B-6C8E2ADD9F6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A9CFA0D-9A44-4B3E-A799-7A4570F8DE48}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A960264-90A8-419F-9CBC-03461D9D83AC}" = protocol=17 | dir=in | app=e:\qqintl\bin\qq.exe |
"{7C9F30A9-0A20-411D-924C-8B9AC6BE4752}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DF5519F-44B4-489F-AE8E-548106BEA2E8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{89544430-00D8-465D-9AB5-6200C2CBE1F9}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9318EE68-5279-460D-98EE-3BB86FA42C6C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{969DD71E-D2D1-481C-A3E8-08D43E5A82DD}" = protocol=6 | dir=in | app=e:\qqintl\bin\qq.exe |
"{980067A2-8F45-4E44-9734-F521FD6B054B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{997071DE-A982-4D69-B748-E0E9CE05645F}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{9EC7D912-007D-4C59-9DCB-CC4210C1B126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0D20957-E9E4-4D86-BE47-40D1DE8BD7C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8117704-7B9E-4C80-B660-CF4F845B0BBA}" = dir=in | app=e:\mpk\mpkview.exe |
"{AD88D1C6-B339-46DD-95BB-E8300A832652}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AFFD8E8B-53BA-492C-B24D-45EC07DFAB49}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B23353BC-272B-4BA3-A4AB-B0CD54C9B629}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C2810B02-168B-45A7-AD63-8DC9261347A4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C3342031-BCFB-4F22-9074-CD318DE5B986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D315465C-3FC1-48D0-BC64-8E4DE79223FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAD8E0DC-2C32-4B9F-B306-0A40B05D5C20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8392474-4166-4396-81CD-0526ED8EAAF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5AF0C33-8BBE-4D5D-935D-8487A779E55C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F6349756-FF65-4BA5-AF16-65BD12AF4B4D}" = dir=in | app=e:\mpk\mpk.exe |
"{FB4CD95B-CDAE-4A02-A453-EA5323D43FA0}" = protocol=17 | dir=in | app=e:\droidcam\droidcamapp.exe |
"TCP Query User{0952F30B-0032-4DE4-8DB4-B4B3087A3E85}E:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"TCP Query User{15014167-183E-4AF3-8D20-EC51DE34BF95}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"TCP Query User{354C1C9D-F71C-4A76-A56C-B3414E08BB0D}E:\tibiacast\tibiacast client.exe" = protocol=6 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"TCP Query User{40E00FB3-3158-406D-87A0-1826F4735FD5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5EB9B314-0D55-4689-A3D1-DA5A9ADC6D14}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{97F7E791-8B15-4477-A84A-2ACBBFCA4ADD}E:\london 2012\london2012.exe" = protocol=6 | dir=in | app=e:\london 2012\london2012.exe |
"TCP Query User{DBCC130A-41D4-4656-876C-47EBB333FA8D}E:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=e:\sopcast\sopcast.exe |
"TCP Query User{E468BA5C-951C-4899-9D9A-A9FCFEA1F9A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{EA892FEA-B02C-4FC5-9DEA-2A6714ADE6C4}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{FF90AE82-3CFD-4DD8-B572-D3A53D4F3D0C}E:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=e:\miranda im\miranda32.exe |
"UDP Query User{0A08BB74-59B2-48E9-9D93-F9D73213D0F6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{40BF9E0F-1A8F-4F7B-901D-1CEF755A7536}E:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=e:\sopcast\sopcast.exe |
"UDP Query User{53E9C828-031C-40A7-AAA3-2A1165D64C66}E:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"UDP Query User{59269D52-7EC9-45DB-A4C0-C57101119A55}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{5DD068B0-C1EA-4DEB-AA8B-D0FBFF4FD6E6}E:\london 2012\london2012.exe" = protocol=17 | dir=in | app=e:\london 2012\london2012.exe |
"UDP Query User{92CF29D5-2E29-420E-A327-12409DDBE51D}E:\tibiacast\tibiacast client.exe" = protocol=17 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"UDP Query User{9E8705C5-80B8-4932-AE5A-FF5ECC744FA0}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{ACFD954A-F829-4605-9313-B7B6DC1A81D6}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{EEFB6FC5-EBF2-4E12-ADE5-863C773493D6}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"UDP Query User{F15019E7-E37F-4D3C-B16B-31E914A78C46}E:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=e:\miranda im\miranda32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5FB5C4-7F23-4EB3-A7FA-DFD0B2F30341}" = Tibiacast
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.5.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Picasa 3" = Picasa 3
"PS3 Media Server" = PS3 Media Server
"SopCast" = SopCast 3.5.0
"Tibia_is1" = Tibia
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.11.2012 12:54:39 | Computer Name = PeterHagedorn | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.2.100
for ServerName .
Error - 06.11.2012 17:52:20 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_4_402_287.exe,
Version: 11.4.402.287, Zeitstempel: 0x5066dda3 Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll,
Version: 11.4.402.287, Zeitstempel: 0x5066df1c Ausnahmecode: 0xc0000005 Fehleroffset:
0x004254cf ID des fehlerhaften Prozesses: 0x588 Startzeit der fehlerhaften Anwendung:
0x01cdbc5e9e46131a Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
Berichtskennung:
3cb32c37-285c-11e2-98e4-00030da4e330
Error - 30.11.2012 02:32:24 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 30.11.2012 20:20:12 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.11.0, Zeitstempel:
0x4e1edf37 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften Prozesses:
0xe04 Startzeit der fehlerhaften Anwendung: 0x01cdcf57fc4c28c3 Pfad der fehlerhaften
Anwendung: E:\VLC\vlc.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
ded8f918-3b4c-11e2-93ec-00030da4e330
Error - 01.12.2012 09:00:46 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 02.12.2012 08:46:03 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 03.12.2012 14:23:35 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 17.06.2012 10:05:43 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?06.?2012 um 16:04:51 unerwartet heruntergefahren.
Error - 19.06.2012 12:21:58 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 19.06.2012 12:22:00 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 20.06.2012 18:10:22 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?06.?2012 um 00:09:26 unerwartet heruntergefahren.
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 23.06.2012 09:59:03 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
|
|
03.12.2012, 20:45
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Googleproblem --> Tracking999 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.12.2012, 15:23
| #14 |
| | Googleproblem --> Tracking999 Malware Code Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.04.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Peter Hagedorn :: PETERHAGEDORN [Administrator] 04.12.2012 15:08:49 mbam-log-2012-12-04 (15-08-49).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206828 Laufzeit: 2 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Peter Hagedorn\AppData\Roaming\22552795 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 21 C:\Users\Peter Hagedorn\AppData\Roaming\22552795\10-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\11-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\12-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\13-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\14-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\15-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\16-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\17-07-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\17-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\19-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\20-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\21-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\22-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\23-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\24-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\25-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\26-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\27-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\28-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\29-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter Hagedorn\AppData\Roaming\22552795\ak.tmp (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielen dank für die Bemühungen schonmal |
|
05.12.2012, 20:44
| #15 |
| | Googleproblem --> Tracking999 und nach 3 Stunden scannen hab ich den CODE von ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=bc517b9719100d47abd3d794eadb22fc
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-04 02:24:33
# local_time=2012-12-04 03:24:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 90727 220050763 83508 0
# compatibility_mode=5893 16776573 100 52 349941 107036744 0 0
# scanned=8001
# found=0
# cleaned=0
# scan_time=591
|
|
| Themen zu Googleproblem --> Tracking999 |
| .com, adressleiste, anti, ausprobiert, fehler, files, folge, folgendes, forum, gefunde, gestern, google, goolge, hochladen, klicke, link, programme, seite, spy, spy ware, suche, tools, tracking, verschiedene, weitergeleitet, weiße, weiße seite |
Linear-Darstellung
