|
Plagegeister aller Art und deren Bekämpfung: Ilitili Virus entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.12.2012, 00:51 | #1 |
| Ilitili Virus entfernen Seit einiger Zeit öffnet sich in Chrome bei mir häufig zunächst die Seite Ilitili.com und danach eine Verkaufsseite, ohne dass ich das möchte. Ich habe bereits im Internet gelesen, dass daran wohl ein Virus schuld ist - allerdings habe ich keinen Weg gefunden, diesen loszuwerden. Außerdem öffnen sich häufig an der rechten und unteren Seite meines Browsers Pop-Up-ähnliche Werbebanner, egal auf welcher Seite ich mich gerade befinde. Ob das mit Ilitili zu tun hat, weiß ich nicht. Ich wäre wirklich sehr dankbar, wenn mir jemand helfen könnte, meinen PC wieder Ilitili-frei zu machen! PS: In einem anderen Thread wurde bereits darüber gesprochen, allerdings wurde dieser abgebrochen, so dass ich hieraus keine Lösung sehen konnte... |
11.12.2012, 13:20 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ilitili Virus entfernen Hallo und
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig netsvcs safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*. %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles %SYSTEMROOT%\System32\config\*.sav %SYSTEMROOT%\*. /mp /s %SYSTEMROOT%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ |
11.12.2012, 23:39 | #3 |
| Ilitili Virus entfernen Danke, dass du dich so schnell gemeldet hast - ich hoffe, ich hab deine Anweisungen richtig ausgeführt! Beste Grüße!
__________________Code:
ATTFilter OTL logfile created on: 11.12.2012 23:24:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elisabeth\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 70,37% Memory free 7,71 Gb Paging File | 6,08 Gb Available in Paging File | 78,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 304,92 Gb Free Space | 67,74% Space Free | Partition Type: NTFS Computer Name: ELISABETH-PC | User Name: Elisabeth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.11 23:23:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elisabeth\Desktop\OTL.exe PRC - [2012.12.04 00:43:44 | 029,428,232 | ---- | M] (Dropbox, Inc.) -- C:\Users\Elisabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.22 00:21:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.14 12:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2011.03.14 12:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011.03.14 12:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2011.03.14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.12 14:58:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.11.12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2010.11.12 02:21:46 | 000,295,232 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2010.10.28 18:55:02 | 000,969,824 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe PRC - [2010.09.14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.09.14 03:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe PRC - [2009.01.08 16:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 03:43:28 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c5ad9f29f560bb09eafc09645159da38\IAStorUtil.ni.dll MOD - [2012.11.16 03:43:28 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3bd31aaa7f3af438f4a46f2548fef115\IAStorCommon.ni.dll MOD - [2012.11.16 03:34:56 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\398df77267992efc77df5ef5176a89c6\System.Web.ni.dll MOD - [2012.11.16 03:34:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll MOD - [2012.11.16 03:34:31 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll MOD - [2012.11.16 03:34:26 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll MOD - [2012.11.16 03:34:15 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll MOD - [2012.11.16 03:34:11 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll MOD - [2012.11.16 03:34:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll MOD - [2012.11.16 03:34:08 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll MOD - [2012.11.16 03:34:02 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.23 22:37:35 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2011.04.23 22:37:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.12.12 14:58:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll MOD - [2010.11.12 02:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll ========== Services (SafeList) ========== SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.07.22 00:21:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.23 13:09:18 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.12.22 21:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.22 21:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.12 14:58:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.12.10 12:55:28 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.11.12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.10.08 01:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.07.22 00:21:05 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.22 00:21:05 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.26 02:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2011.01.21 03:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:64bit: - [2011.01.21 03:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:64bit: - [2011.01.20 05:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:64bit: - [2011.01.18 00:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2011.01.14 03:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2010.12.12 14:58:00 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.11.09 11:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.10.08 01:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.07.29 14:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.07.17 20:25:24 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.06.16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=085a2cfd000000000000d2f8da34f91d IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=085a2cfd000000000000d2f8da34f91d IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig CHR - Extension: Yontoo = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\ CHR - Extension: Google Mail = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2072344728-4250614371-3649223325-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001..\Run: [HP Deskjet 3520 series (NET)] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2072344728-4250614371-3649223325-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2072344728-4250614371-3649223325-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe () O4 - Startup: C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Elisabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85CE4374-9874-46A3-9703-EDD8332A533B}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.12.09 20:03:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1e9368e9-a980-11e0-8809-c0f8da34f91d}\Shell - "" = AutoRun O33 - MountPoints2\{1e9368e9-a980-11e0-8809-c0f8da34f91d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.11 23:23:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elisabeth\Desktop\OTL.exe [2012.12.11 00:43:08 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\Malwarebytes [2012.12.11 00:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.11 00:42:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.11 00:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.11 00:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.10 20:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.12.10 20:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.12.10 20:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.12.10 20:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.12.10 20:49:42 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Local\HP [2012.12.09 22:46:02 | 000,000,000 | R--D | C] -- C:\Users\Elisabeth\Dropbox [2012.12.09 22:44:56 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.12.09 22:43:52 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\Dropbox [2012.12.09 20:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.12.09 20:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.12.09 20:00:35 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\SpeedyPC Software [2012.12.09 20:00:35 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\DriverCure [2012.12.09 20:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software [2012.12.09 20:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2012.12.05 17:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012.12.05 17:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2012.12.05 17:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2012.12.05 17:30:57 | 000,000,000 | R--D | C] -- C:\Users\Elisabeth\Documents\Scanned Documents [2012.12.05 17:30:56 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\Documents\Fax [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.11 23:23:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elisabeth\Desktop\OTL.exe [2012.12.11 22:30:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072344728-4250614371-3649223325-1001UA.job [2012.12.11 22:30:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.11 22:30:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.11 22:29:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072344728-4250614371-3649223325-1001Core.job [2012.12.11 18:32:26 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2012.12.11 18:32:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.11 17:39:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.11 17:39:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.11 00:43:00 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.10 20:54:53 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2012.12.10 11:12:43 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job [2012.12.09 23:46:21 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job [2012.12.09 23:46:21 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job [2012.12.09 23:46:04 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys [2012.12.09 22:46:02 | 000,001,059 | ---- | M] () -- C:\Users\Elisabeth\Desktop\Dropbox.lnk [2012.12.09 22:45:04 | 000,001,069 | ---- | M] () -- C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.09 22:44:01 | 000,002,418 | ---- | M] () -- C:\Windows\wininit.ini [2012.12.09 20:03:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2012.12.09 17:33:10 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.09 17:33:10 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.09 17:33:10 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.09 17:33:10 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.09 17:33:10 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.05 22:54:53 | 000,002,798 | ---- | M] () -- C:\Users\Elisabeth\AppData\Local\recently-used.xbel [2012.12.05 17:35:54 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012.11.30 10:13:06 | 000,002,523 | ---- | M] () -- C:\Users\Elisabeth\Desktop\Google Chrome.lnk [2012.11.28 15:09:49 | 000,228,860 | ---- | M] () -- C:\Users\Elisabeth\Desktop\Das gemeindliche Selbstverwaltungsrecht gemäß Art. 28 Abs. 2 Satz 1 GG als Priva....pdf [2012.11.28 15:06:22 | 000,241,517 | ---- | M] () -- C:\Users\Elisabeth\Desktop\Die verfassungsrechtliche Garantie der kommunalen Selbstverwaltung.pdf [2012.11.16 17:43:41 | 000,410,745 | ---- | M] () -- C:\Users\Elisabeth\Desktop\studbesch_730A093CD45BB7D44430E479EAB53237.pdf [2012.11.16 17:43:27 | 000,416,817 | ---- | M] () -- C:\Users\Elisabeth\Desktop\stammdaten_730A093CD45BB7D44430E479EAB53237.pdf [2012.11.16 03:29:15 | 000,318,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.15 17:53:48 | 007,663,932 | ---- | M] () -- C:\Users\Elisabeth\Desktop\DSC_0670.JPG [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.11 00:43:00 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.10 20:54:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.12.09 22:46:02 | 000,001,059 | ---- | C] () -- C:\Users\Elisabeth\Desktop\Dropbox.lnk [2012.12.09 22:45:04 | 000,001,069 | ---- | C] () -- C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.09 20:03:34 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2012.12.09 20:00:39 | 000,000,500 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2012.12.09 20:00:26 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job [2012.12.09 20:00:26 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job [2012.12.09 20:00:25 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job [2012.12.05 22:54:53 | 000,002,798 | ---- | C] () -- C:\Users\Elisabeth\AppData\Local\recently-used.xbel [2012.12.05 17:35:54 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012.11.28 15:09:47 | 000,228,860 | ---- | C] () -- C:\Users\Elisabeth\Desktop\Das gemeindliche Selbstverwaltungsrecht gemäß Art. 28 Abs. 2 Satz 1 GG als Priva....pdf [2012.11.28 15:06:19 | 000,241,517 | ---- | C] () -- C:\Users\Elisabeth\Desktop\Die verfassungsrechtliche Garantie der kommunalen Selbstverwaltung.pdf [2012.11.16 17:43:38 | 000,410,745 | ---- | C] () -- C:\Users\Elisabeth\Desktop\studbesch_730A093CD45BB7D44430E479EAB53237.pdf [2012.11.16 17:43:25 | 000,416,817 | ---- | C] () -- C:\Users\Elisabeth\Desktop\stammdaten_730A093CD45BB7D44430E479EAB53237.pdf [2012.11.16 03:07:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 03:01:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.15 17:53:46 | 007,663,932 | ---- | C] () -- C:\Users\Elisabeth\Desktop\DSC_0670.JPG [2012.10.14 21:06:41 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012.10.14 20:37:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Keyboard Layouts [2012.10.14 20:37:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Kernel Extension [2012.10.14 20:37:10 | 000,000,268 | RH-- | C] () -- C:\Users\Elisabeth\AppData\Roaming\Jazz [2012.10.14 20:37:10 | 000,000,268 | RH-- | C] () -- C:\Users\Elisabeth\AppData\Roaming\Iterate Items [2012.10.14 20:37:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.10.14 20:37:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Jingles [2012.10.14 20:37:09 | 000,000,268 | RH-- | C] () -- C:\Users\Elisabeth\AppData\Roaming\Internet Services [2012.10.14 20:37:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.10.14 20:37:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.06.26 16:42:44 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.09.03 14:56:22 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat [2011.07.06 22:46:14 | 000,002,418 | ---- | C] () -- C:\Windows\wininit.ini [2011.06.30 17:26:04 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.31 14:26:59 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.03.31 14:26:59 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.03.31 14:26:59 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.23 12:55:12 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Babylon [2011.08.20 09:45:40 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Canneverbe Limited [2012.06.26 17:06:45 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\CasaPortale.de [2012.12.09 20:00:35 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\DriverCure [2012.12.10 11:12:41 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Dropbox [2011.11.30 16:42:09 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoft [2011.11.30 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.07 23:25:03 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Flood Light Games [2011.07.01 10:25:32 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\FloodLightGames [2011.09.16 23:38:46 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Friday's games [2011.08.23 11:41:34 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\GetRightToGo [2011.09.24 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Langenscheidt [2011.07.06 23:51:45 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\MagicIndie [2012.10.14 21:03:31 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Nikon [2011.11.03 15:31:03 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\OpenOffice.org [2011.07.08 19:46:01 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\PlayFirst [2012.11.05 23:58:33 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\SleepTimer [2011.06.30 13:29:55 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\SNS [2012.12.09 23:43:47 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\SoftGrid Client [2012.12.09 20:00:35 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\SpeedyPC Software [2011.06.30 17:27:00 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\TP [2012.01.14 11:22:26 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Ubisoft [2011.07.26 23:23:31 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\ViquaSoft [2011.09.28 13:37:44 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Vocup ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.19 21:48:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.10 11:20:06 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2011.04.23 12:51:34 | 000,000,000 | ---D | M] -- C:\book [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.30 11:35:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.04.23 12:47:13 | 000,000,000 | ---D | M] -- C:\Intel [2011.06.30 11:37:16 | 000,000,000 | -H-D | M] -- C:\OEM [2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\PerfLogs [2012.12.10 20:54:57 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.11 00:42:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012.12.11 00:42:59 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.06.30 11:35:30 | 000,000,000 | -HSD | M] -- C:\Programme [2011.06.30 11:35:30 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.12.11 23:26:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.30 11:35:46 | 000,000,000 | R--D | M] -- C:\Users [2012.12.09 20:02:28 | 000,000,000 | ---D | M] -- C:\Windows < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.25 16:29:41 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Adobe [2011.12.14 13:05:22 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Apple Computer [2012.02.01 01:04:14 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Avira [2011.08.23 12:55:12 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Babylon [2011.08.20 09:45:40 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Canneverbe Limited [2012.06.26 17:06:45 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\CasaPortale.de [2011.11.23 21:23:11 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\CyberLink [2012.12.09 20:00:35 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\DriverCure [2012.12.10 11:12:41 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Dropbox [2011.11.30 16:42:09 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoft [2011.11.30 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.25 17:34:16 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\FastStone [2011.07.07 23:25:03 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Flood Light Games [2011.07.01 10:25:32 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\FloodLightGames [2011.09.16 23:38:46 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Friday's games [2011.08.23 11:41:34 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\GetRightToGo [2011.06.30 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Identities [2011.06.30 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Intel Corporation [2011.09.24 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Langenscheidt [2011.06.30 11:37:49 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Macromedia [2011.07.06 23:51:45 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\MagicIndie [2012.12.11 00:43:08 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Media Center Programs [2012.10.14 20:38:07 | 000,000,000 | --SD | M] -- C:\Users\Elisabeth\AppData\Roaming\Microsoft [2011.06.30 13:35:12 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Nero [2012.10.14 21:03:31 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Nikon [2011.11.23 21:22:38 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\NVIDIA [2011.11.03 15:31:03 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\OpenOffice.org [2011.07.08 19:46:01 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\PlayFirst [2012.06.23 17:57:42 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Skype [2012.11.05 23:58:33 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\SleepTimer [2011.06.30 13:29:55 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\SNS [2012.12.09 23:43:47 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\SoftGrid Client [2012.12.09 20:00:35 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\SpeedyPC Software [2011.06.30 17:27:00 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\TP [2012.01.14 11:22:26 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Ubisoft [2011.07.26 23:23:31 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\ViquaSoft [2011.09.28 13:37:44 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Vocup [2011.08.12 10:49:20 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.12.04 00:43:44 | 029,428,232 | ---- | M] (Dropbox, Inc.) -- C:\Users\Elisabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.12.04 00:43:56 | 000,202,824 | ---- | M] (Dropbox, Inc.) -- C:\Users\Elisabeth\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe [2012.12.04 00:43:48 | 000,880,672 | ---- | M] (Dropbox, Inc.) -- C:\Users\Elisabeth\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.10.14 20:38:07 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Elisabeth\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:71FA8B7F @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:F53B274A @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:89CF6F9C @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BD34FFC5 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:30E0D641 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:AC0528D9 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:56C66609 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:CB0FEE2B @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:322D2CD3 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:8140CB50 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B9F8237A @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:275AA066 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:43301D1D @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:70B3C619 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:E32966C0 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:D1713795 < End of report > |
12.12.2012, 13:37 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ilitili Virus entfernen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.12.2012, 16:02 | #5 |
| Ilitili Virus entfernen Hier kommt das Ergebnis vom AdwCleaner: Code:
ATTFilter # AdwCleaner v2.100 - Datei am 12/12/2012 um 15:59:34 erstellt # Aktualisiert am 09/12/2012 von Xplode # Betriebssystem : Windows 7 Home Premium (64 bits) # Benutzer : Elisabeth - ELISABETH-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Elisabeth\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files (x86)\facemoods.com Ordner Gefunden : C:\Program Files (x86)\Yontoo Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\ProgramData\BabylonUpdater Ordner Gefunden : C:\ProgramData\Tarma Installer Ordner Gefunden : C:\Users\Elisabeth\AppData\Local\Babylon Ordner Gefunden : C:\Users\Elisabeth\AppData\LocalLow\BabylonToolbar Ordner Gefunden : C:\Users\Elisabeth\AppData\LocalLow\facemoods.com Ordner Gefunden : C:\Users\Elisabeth\AppData\Roaming\Babylon ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\facemoods.com Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\Software\BabylonToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Schlüssel Gefunden : HKLM\Software\facemoods.com Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer Schlüssel Gefunden : HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [facemoods] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16455 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=085a2cfd000000000000d2f8da34f91d -\\ Google Chrome v23.0.1271.95 Datei : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [11530 octets] - [12/12/2012 15:59:34] ########## EOF - C:\AdwCleaner[R1].txt - [11591 octets] ########## |
12.12.2012, 16:44 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ilitili Virus entfernen Versuch bitte alle im adwCleaner-Log erwähnten Einträge (wie zB Babylon) über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen. Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.
__________________ --> Ilitili Virus entfernen |
12.12.2012, 18:06 | #7 |
| Ilitili Virus entfernen In der Systemsteuerung habe ich nur Yontoo, Babylon und Facemoods finden können, die habe ich dann versucht zu deinstallieren - leider taucht außer Yontoo hier aber immernoch alles auf...scheinbar war ich nicht sehr erfolgreich :-( Code:
ATTFilter # AdwCleaner v2.100 - Datei am 12/12/2012 um 18:03:48 erstellt # Aktualisiert am 09/12/2012 von Xplode # Betriebssystem : Windows 7 Home Premium (64 bits) # Benutzer : Elisabeth - ELISABETH-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Elisabeth\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\ProgramData\BabylonUpdater Ordner Gefunden : C:\ProgramData\Tarma Installer Ordner Gefunden : C:\Users\Elisabeth\AppData\Local\Babylon Ordner Gefunden : C:\Users\Elisabeth\AppData\LocalLow\BabylonToolbar Ordner Gefunden : C:\Users\Elisabeth\AppData\LocalLow\facemoods.com Ordner Gefunden : C:\Users\Elisabeth\AppData\Roaming\Babylon ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\Software\BabylonToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer Schlüssel Gefunden : HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16455 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=085a2cfd000000000000d2f8da34f91d -\\ Google Chrome v23.0.1271.95 Datei : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [11617 octets] - [12/12/2012 15:59:34] AdwCleaner[R2].txt - [3872 octets] - [12/12/2012 18:03:48] ########## EOF - C:\AdwCleaner[R2].txt - [3932 octets] ########## |
13.12.2012, 13:17 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ilitili Virus entfernen adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
13.12.2012, 23:58 | #9 |
| Ilitili Virus entfernen Okay, das ist also das adwcleaner-Ergebnis: Code:
ATTFilter # AdwCleaner v2.100 - Datei am 13/12/2012 um 18:51:17 erstellt # Aktualisiert am 09/12/2012 von Xplode # Betriebssystem : Windows 7 Home Premium (64 bits) # Benutzer : Elisabeth - ELISABETH-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Elisabeth\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\BabylonUpdater Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Users\Elisabeth\AppData\Local\Babylon Ordner Gelöscht : C:\Users\Elisabeth\AppData\LocalLow\BabylonToolbar Ordner Gelöscht : C:\Users\Elisabeth\AppData\LocalLow\facemoods.com Ordner Gelöscht : C:\Users\Elisabeth\AppData\Roaming\Babylon ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16455 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=085a2cfd000000000000d2f8da34f91d --> hxxp://www.google.com -\\ Google Chrome v23.0.1271.97 Datei : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [11617 octets] - [12/12/2012 15:59:34] AdwCleaner[R2].txt - [3995 octets] - [12/12/2012 18:03:48] AdwCleaner[S2].txt - [3808 octets] - [13/12/2012 18:51:17] ########## EOF - C:\AdwCleaner[S2].txt - [3868 octets] ########## OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.12.2012 18:57:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elisabeth\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 45,83% Memory free 7,71 Gb Paging File | 5,51 Gb Available in Paging File | 71,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 301,07 Gb Free Space | 66,88% Space Free | Partition Type: NTFS Computer Name: ELISABETH-PC | User Name: Elisabeth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06E01A8A-9F02-478C-A8D6-32FF346F46F5}" = rport=139 | protocol=6 | dir=out | app=system | "{0FB6CE5E-156D-44FC-9227-9DE1CEB3CBDD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{1B6C8241-7F43-46F3-B038-36A2413A7F49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{30151C2C-AC60-4A71-9B70-5FDC9026E6DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{40CE6729-9F47-4A1D-B192-2123C10174FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{71BB1E07-A31C-43A8-AF41-386307418261}" = lport=138 | protocol=17 | dir=in | app=system | "{779DAC40-4865-4FCD-B0F2-8ADE827755FD}" = rport=445 | protocol=6 | dir=out | app=system | "{8DD3B2BF-75F6-4C56-9286-B99C45862754}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{98687B4D-B8CF-4ABA-8840-F9FDB4C50C8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{98E13F8E-3E10-4CD6-A900-C03956859C04}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{98FEAC01-32E5-45A9-91E7-39D2BC6A5FDA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AA0F1B71-2C7F-4617-B13E-8C792FAF1DFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B00A1423-4CC2-4928-B758-BE8DECF3C884}" = rport=137 | protocol=17 | dir=out | app=system | "{B6498C8B-9FC8-42D3-B8F9-CD1CB335E0DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B9DA819D-ADB8-490A-A457-6CE353D83E6B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D00BD247-5316-43AE-800E-C99FD97CD8D7}" = lport=137 | protocol=17 | dir=in | app=system | "{D143EDCC-5A82-4F0A-ACBF-CEA3FD2DC332}" = lport=10243 | protocol=6 | dir=in | app=system | "{D8367CF4-6DFD-41E6-A33E-03D1076D3406}" = lport=445 | protocol=6 | dir=in | app=system | "{DADED67F-B210-477B-B73F-58C8D6255B17}" = lport=2869 | protocol=6 | dir=in | app=system | "{EB786EA4-83AC-4177-9F73-1869716B9982}" = rport=10243 | protocol=6 | dir=out | app=system | "{EDD10735-11A4-494B-81B5-19CE3B534ED0}" = rport=138 | protocol=17 | dir=out | app=system | "{EEDC290C-2FBE-4B65-8423-FCA71F8987E1}" = lport=139 | protocol=6 | dir=in | app=system | "{F9D3DA7D-DDBD-4B4E-9CAB-7A265AC98D35}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{025BC103-BA1E-490C-A199-12991EDE8AE5}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{036946A6-FB6E-46AB-9595-8AE19AD4A2C9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{18B141FE-8779-4C68-A719-FA78DC641974}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{18B36178-CEAB-48C1-BD25-2617834E406F}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe | "{2244067C-09CF-4C3C-BF17-ACA26248C612}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2CBE84FD-5596-4C6D-87D5-BA5EA68276DB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{34165124-1E22-424A-BFBA-3690A7F622E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3AA52FAF-8494-46A2-AE55-C26BB2AE8A85}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{3E904FC9-1556-4BFF-B245-BFBD8EE1E635}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe | "{49F60B2F-5CF2-4B21-A49E-700E248EEED1}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | "{4F84D77B-C26B-4BE2-8174-B3D8659EF03C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{59A05CF8-AD9B-4496-8B69-3840CCDD8E54}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{61B6080A-F367-4806-8C18-14AD0E4D69EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6C03BC4B-76C3-4E87-AA35-256DCA8AC9D9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6C38777E-07E0-4EDD-AEF1-57AC9D82AF85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6F76AE54-0710-4664-93CD-3D28CE5FBCF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{77A0C017-9E28-4F9C-A400-CC1FCE781440}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7C9D6C4B-BA95-454E-9119-4C29D28027FA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{833AE88C-60D4-46C4-93D4-6F1F589D5180}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{83BEAF67-C479-4F17-B000-8D2C9348C877}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{84ABF355-3B05-4BA2-98D5-FBF1C32C13D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8D652AC8-AE1C-4344-B310-69C859AC1504}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{92FDB4D5-CB50-4F24-AFC6-9AEF1BC4A348}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe | "{9C599FD4-A0AD-437D-AD9E-95A58A4D318C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{A30418E6-A820-43E9-88C8-1E5FA79BD7FB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A77E57F7-8838-4CD9-A5CA-0382DF89ED3E}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe | "{B398B190-60C8-482E-9CD2-E4DC2260F923}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B4C36B66-7142-43E1-A3E6-A7C3CCB64CAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B8C091E8-9427-40AD-8F93-709328F7FA84}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{C6DC79EE-5747-45EE-9184-4229552BCE3E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C79F816F-3AA7-4040-B303-AEE75018C59C}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe | "{C82F1142-8374-4F4E-BC38-580F2295E651}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{C8652F9A-0ED6-4945-9A66-0ECA9B7C79BC}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe | "{D0296F32-F29A-4A03-99E1-D63CD57BDB5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D50B6E27-C8EF-4FB4-BAE9-0A40C6722C18}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D7FAD86E-7108-46EF-B1E9-D15D51E0DF2C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D9CAF423-278F-48F7-9C24-30FD49B4908A}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | "{DC6345FA-937D-4051-8836-AA20229D373F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DCA6B698-EB14-4A8F-8A60-25FACBA92968}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe | "{EBDE298E-83D1-43A1-AEF6-EFCF10D8597A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F570E882-DB9C-45EB-B03C-1890F77ACAF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F5A025DB-A829-45E7-95E1-7FDF002E32F3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{F75B9A4D-9B64-40A0-A13E-0A50C23E242D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{FFE13B6C-29FB-42CC-8F98-33636AA019EA}" = protocol=6 | dir=out | app=system | "TCP Query User{0B26D625-411F-437A-B5FB-3207F5985B23}C:\users\elisabeth\desktop\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\elisabeth\desktop\blobby\volley.exe | "TCP Query User{1E474FB2-DE91-4FC2-ADDD-5CDD0E9FBBA5}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{3E7470AE-F512-43A2-B3AB-AC13BD050904}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{4DD43523-BFA9-49B1-999D-E5D178139AC5}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "TCP Query User{550230FF-9F18-409A-8F67-F80998E419C0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{7976343F-CB1A-42FC-85BA-60F5E9ABB5F1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{B0802A93-7E2F-41D1-ADAB-FA05DBEDE064}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{CAA45C83-2938-46AB-9E51-982CE42187D2}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{239D2862-DD1F-4057-923B-896F5D44A6A1}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{27A4993E-1A7A-42E5-83A9-DEF9D5850756}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{3F230D1E-69AE-4FFB-B1AB-F4AB700783F5}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "UDP Query User{7D43CEA5-8DE2-4430-AC87-EDE261E40B88}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{90C94235-A5CF-4930-A316-58EEAB7A622F}C:\users\elisabeth\desktop\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\elisabeth\desktop\blobby\volley.exe | "UDP Query User{95F6C852-089E-4D38-BBFF-B51F05D7012C}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{9B519CC3-FA3D-492D-996D-65549E8C0134}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "UDP Query User{C0D81635-2239-4CC3-95A5-8BB42C68AD74}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8 "{A9C5381E-F415-4EDC-95A2-9164218FEA8A}" = HP Deskjet 3520 series - Grundlegende Software für das Gerät "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.19 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.19 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "GIMP-2_is1" = GIMP 2.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{565b3069-c661-4bb2-a17b-902092bd6940}" = Nero 9 Essentials "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games) "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "AudibleManager" = AudibleManager "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Diablo III" = Diablo III "EPSON Scanner" = EPSON Scan "FastStone Image Viewer" = FastStone Image Viewer 4.6 "Free YouTube Download_is1" = Free YouTube Download version 3.0.18.1123 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123 "Identity Card" = Identity Card "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Packard Bell Registration" = Packard Bell Registration "Packard Bell Screensaver" = Packard Bell ScreenSaver "Packard Bell Welcome Center" = Welcome Center "PosteRazor_is1" = PosteRazor "Poster-Designer 1" = Poster-Designer 1 "WildTangent packardbell Master Uninstall" = Packard Bell Games "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) "WT088216" = Agatha Christie - Death on the Nile "WT088226" = Bejeweled 2 Deluxe "WT088228" = Build-a-lot 2 "WT088235" = Chuzzle Deluxe "WT088238" = Diner Dash 2 Restaurant Rescue "WT088260" = Farm Frenzy "WT088268" = Insaniquarium Deluxe "WT088269" = Jewel Quest Solitaire 2 "WT088283" = Plants vs. Zombies "WT088416" = FATE "WT088420" = Final Drive Nitro "WT088448" = John Deere Drive Green "WT088452" = Penguins! "WT088456" = Polar Bowler "WT088460" = Polar Golfer "WT088508" = Virtual Villagers 4 - The Tree of Life "WT088531" = Zuma's Revenge ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2072344728-4250614371-3649223325-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.10.2012 16:48:58 | Computer Name = Elisabeth-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 10.10.2012 16:48:58 | Computer Name = Elisabeth-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1201 Error - 10.10.2012 16:48:58 | Computer Name = Elisabeth-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1201 Error - 10.10.2012 16:48:59 | Computer Name = Elisabeth-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 10.10.2012 16:48:59 | Computer Name = Elisabeth-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2355 Error - 10.10.2012 16:48:59 | Computer Name = Elisabeth-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2355 Error - 14.10.2012 18:01:46 | Computer Name = Elisabeth-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 15.10.2012 18:32:28 | Computer Name = Elisabeth-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 17.10.2012 17:17:06 | Computer Name = Elisabeth-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: gimp-2.8.exe, Version: 2.8.2.0, Zeitstempel: 0x50369de7 Name des fehlerhaften Moduls: libgobject-2.0-0.dll, Version: 2.32.3.0, Zeitstempel: 0x4ff58551 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000024ef3 ID des fehlerhaften Prozesses: 0xe84 Startzeit der fehlerhaften Anwendung: 0x01cdaca54fc58597 Pfad der fehlerhaften Anwendung: C:\Program Files\GIMP 2\bin\gimp-2.8.exe Pfad des fehlerhaften Moduls: C:\Program Files\GIMP 2\bin\libgobject-2.0-0.dll Berichtskennung: 00349d52-18a0-11e2-94ac-1c7508e0b8fe Error - 18.10.2012 13:22:42 | Computer Name = Elisabeth-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 23.02.2012 15:32:40 | Computer Name = Elisabeth-PC | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 23.02.2012 15:32:41 | Computer Name = Elisabeth-PC | Source = volsnap | ID = 393230 Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen. Error - 23.02.2012 15:32:42 | Computer Name = Elisabeth-PC | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 23.02.2012 15:32:54 | Computer Name = Elisabeth-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Defender" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 26.02.2012 15:53:08 | Computer Name = Elisabeth-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?02.?2012 um 23:46:58 unerwartet heruntergefahren. Error - 26.02.2012 16:02:11 | Computer Name = Elisabeth-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073712 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2570947) Error - 28.02.2012 14:21:09 | Computer Name = Elisabeth-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073712 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2570947) Error - 02.03.2012 15:26:05 | Computer Name = Elisabeth-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error - 25.03.2012 13:01:46 | Computer Name = Elisabeth-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?03.?2012 um 08:41:59 unerwartet heruntergefahren. Error - 04.04.2012 02:33:43 | Computer Name = Elisabeth-PC | Source = Application Popup | ID = 262200 Description = Treiber USB hat eine ungültige ID für das untergeordnete Gerät (0F0D6BCC) zurückgegeben. < End of report > [/code] OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.12.2012 18:57:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elisabeth\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 45,83% Memory free 7,71 Gb Paging File | 5,51 Gb Available in Paging File | 71,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 301,07 Gb Free Space | 66,88% Space Free | Partition Type: NTFS Computer Name: ELISABETH-PC | User Name: Elisabeth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Elisabeth\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Elisabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll () MOD - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll () MOD - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll () MOD - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll () MOD - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll () MOD - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c5ad9f29f560bb09eafc09645159da38\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3bd31aaa7f3af438f4a46f2548fef115\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll () ========== Services (SafeList) ========== SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (NTI Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation) DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation) DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig CHR - Extension: Google Mail = C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2072344728-4250614371-3649223325-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2072344728-4250614371-3649223325-1001..\Run: [HP Deskjet 3520 series (NET)] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2072344728-4250614371-3649223325-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2072344728-4250614371-3649223325-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe () O4 - Startup: C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Elisabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Elisabeth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85CE4374-9874-46A3-9703-EDD8332A533B}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.12.09 20:03:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1e9368e9-a980-11e0-8809-c0f8da34f91d}\Shell - "" = AutoRun O33 - MountPoints2\{1e9368e9-a980-11e0-8809-c0f8da34f91d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.13 18:35:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.13 18:35:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.13 18:35:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.13 18:35:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.13 18:35:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.13 18:35:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.13 18:35:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.13 18:35:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.13 18:35:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.13 18:35:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.13 18:35:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.13 18:35:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.13 18:35:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.13 18:35:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.13 18:35:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 21:09:40 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.12 21:09:40 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.12 21:09:40 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.12 21:09:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.12 21:09:31 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 21:09:29 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 21:09:29 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 21:09:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 21:09:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 21:09:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 21:09:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 21:09:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 21:09:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 21:09:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 21:09:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 21:09:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 21:09:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 21:09:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 21:09:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 21:09:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 21:09:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 21:09:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 21:09:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 21:09:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 21:09:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 21:09:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 21:09:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 21:09:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 21:09:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 21:09:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 21:09:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 21:09:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 21:09:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 21:09:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 21:09:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 21:09:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 21:09:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 21:09:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 21:09:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 21:09:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 21:09:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 21:09:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 21:09:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 21:09:13 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 21:09:13 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.11 23:23:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elisabeth\Desktop\OTL.exe [2012.12.11 00:43:08 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\Malwarebytes [2012.12.11 00:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.11 00:42:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.11 00:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.11 00:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.10 20:56:24 | 000,712,552 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMB011.dll [2012.12.10 20:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.12.10 20:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.12.10 20:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.12.10 20:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.12.10 20:49:42 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Local\HP [2012.12.09 22:46:02 | 000,000,000 | R--D | C] -- C:\Users\Elisabeth\Dropbox [2012.12.09 22:44:56 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.12.09 22:43:52 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\Dropbox [2012.12.09 20:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.12.09 20:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.12.09 20:00:35 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\SpeedyPC Software [2012.12.09 20:00:35 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\DriverCure [2012.12.09 20:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software [2012.12.09 20:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2012.12.05 17:47:00 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMEDE.DLL [2012.12.05 17:46:59 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBEDE.DLL [2012.12.05 17:46:59 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL [2012.12.05 17:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012.12.05 17:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2012.12.05 17:35:53 | 000,083,968 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcwiad.dll [2012.12.05 17:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2012.12.05 17:30:57 | 000,000,000 | R--D | C] -- C:\Users\Elisabeth\Documents\Scanned Documents [2012.12.05 17:30:56 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\Documents\Fax [2012.11.16 03:07:26 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.16 03:07:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.16 03:01:26 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.16 03:01:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.16 03:01:23 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.16 03:01:23 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.15 17:01:35 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.15 17:01:35 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.13 19:01:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 19:01:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 18:54:43 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.13 18:54:39 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job [2012.12.13 18:54:16 | 000,318,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.13 18:53:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.13 18:53:00 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 18:33:36 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072344728-4250614371-3649223325-1001UA.job [2012.12.13 18:33:36 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.13 18:33:36 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2012.12.12 23:31:53 | 000,002,523 | ---- | M] () -- C:\Users\Elisabeth\Desktop\Google Chrome.lnk [2012.12.12 22:29:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072344728-4250614371-3649223325-1001Core.job [2012.12.12 21:58:33 | 000,003,448 | ---- | M] () -- C:\Users\Elisabeth\AppData\Local\recently-used.xbel [2012.12.12 15:59:28 | 000,545,819 | ---- | M] () -- C:\Users\Elisabeth\Desktop\adwcleaner.exe [2012.12.12 13:26:39 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job [2012.12.11 23:23:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elisabeth\Desktop\OTL.exe [2012.12.10 20:54:53 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2012.12.09 23:46:21 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job [2012.12.09 22:46:02 | 000,001,059 | ---- | M] () -- C:\Users\Elisabeth\Desktop\Dropbox.lnk [2012.12.09 22:45:04 | 000,001,069 | ---- | M] () -- C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.09 22:44:01 | 000,002,418 | ---- | M] () -- C:\Windows\wininit.ini [2012.12.09 20:03:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2012.12.09 17:33:10 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.09 17:33:10 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.09 17:33:10 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.09 17:33:10 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.09 17:33:10 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.05 17:35:54 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012.11.28 15:09:49 | 000,228,860 | ---- | M] () -- C:\Users\Elisabeth\Desktop\Das gemeindliche Selbstverwaltungsrecht gemäß Art. 28 Abs. 2 Satz 1 GG als Priva....pdf [2012.11.28 15:06:22 | 000,241,517 | ---- | M] () -- C:\Users\Elisabeth\Desktop\Die verfassungsrechtliche Garantie der kommunalen Selbstverwaltung.pdf [2012.11.16 17:43:41 | 000,410,745 | ---- | M] () -- C:\Users\Elisabeth\Desktop\studbesch_730A093CD45BB7D44430E479EAB53237.pdf [2012.11.16 17:43:27 | 000,416,817 | ---- | M] () -- C:\Users\Elisabeth\Desktop\stammdaten_730A093CD45BB7D44430E479EAB53237.pdf [2012.11.15 17:53:48 | 007,663,932 | ---- | M] () -- C:\Users\Elisabeth\Desktop\DSC_0670.JPG [2012.11.14 07:11:44 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.14 07:02:49 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.14 07:02:04 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.14 06:58:36 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.14 06:57:46 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.14 06:57:35 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.14 06:55:26 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.14 06:53:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.14 06:46:25 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.14 02:58:15 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.14 02:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.14 02:49:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.14 02:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.14 02:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.14 02:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.12 21:58:33 | 000,003,448 | ---- | C] () -- C:\Users\Elisabeth\AppData\Local\recently-used.xbel [2012.12.12 15:59:22 | 000,545,819 | ---- | C] () -- C:\Users\Elisabeth\Desktop\adwcleaner.exe [2012.12.10 20:54:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.12.09 22:46:02 | 000,001,059 | ---- | C] () -- C:\Users\Elisabeth\Desktop\Dropbox.lnk [2012.12.09 22:45:04 | 000,001,069 | ---- | C] () -- C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.09 20:03:34 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2012.12.09 20:00:39 | 000,000,500 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2012.12.09 20:00:26 | 000,000,524 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job [2012.12.09 20:00:26 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job [2012.12.09 20:00:25 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job [2012.12.05 17:35:54 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012.11.28 15:09:47 | 000,228,860 | ---- | C] () -- C:\Users\Elisabeth\Desktop\Das gemeindliche Selbstverwaltungsrecht gemäß Art. 28 Abs. 2 Satz 1 GG als Priva....pdf [2012.11.28 15:06:19 | 000,241,517 | ---- | C] () -- C:\Users\Elisabeth\Desktop\Die verfassungsrechtliche Garantie der kommunalen Selbstverwaltung.pdf [2012.11.16 17:43:38 | 000,410,745 | ---- | C] () -- C:\Users\Elisabeth\Desktop\studbesch_730A093CD45BB7D44430E479EAB53237.pdf [2012.11.16 17:43:25 | 000,416,817 | ---- | C] () -- C:\Users\Elisabeth\Desktop\stammdaten_730A093CD45BB7D44430E479EAB53237.pdf [2012.11.16 03:07:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 03:01:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.15 17:53:46 | 007,663,932 | ---- | C] () -- C:\Users\Elisabeth\Desktop\DSC_0670.JPG [2012.10.14 21:06:41 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012.10.14 20:37:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Keyboard Layouts [2012.10.14 20:37:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Kernel Extension [2012.10.14 20:37:10 | 000,000,268 | RH-- | C] () -- C:\Users\Elisabeth\AppData\Roaming\Jazz [2012.10.14 20:37:10 | 000,000,268 | RH-- | C] () -- C:\Users\Elisabeth\AppData\Roaming\Iterate Items [2012.10.14 20:37:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.10.14 20:37:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Jingles [2012.10.14 20:37:09 | 000,000,268 | RH-- | C] () -- C:\Users\Elisabeth\AppData\Roaming\Internet Services [2012.10.14 20:37:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.10.14 20:37:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.06.26 16:42:44 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.09.03 14:56:22 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat [2011.07.06 22:46:14 | 000,002,418 | ---- | C] () -- C:\Windows\wininit.ini [2011.06.30 17:26:04 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.31 14:26:59 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.03.31 14:26:59 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.03.31 14:26:59 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:71FA8B7F @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:F53B274A @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:89CF6F9C @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BD34FFC5 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:30E0D641 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:AC0528D9 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:56C66609 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:CB0FEE2B @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:322D2CD3 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:8140CB50 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B9F8237A @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:275AA066 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:43301D1D @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:70B3C619 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:E32966C0 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:D1713795 < End of report > [/code] |
14.12.2012, 10:27 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ilitili Virus entfernenFixen mit OTL
Code:
ATTFilter :OTL O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2072344728-4250614371-3649223325-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found @Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:71FA8B7F @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:F53B274A @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:89CF6F9C @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BD34FFC5 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:30E0D641 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:AC0528D9 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:56C66609 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:CB0FEE2B @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:322D2CD3 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:8140CB50 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B9F8237A @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:275AA066 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:43301D1D @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:70B3C619 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:E32966C0 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:D1713795 :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Ilitili Virus entfernen |
abgebrochen, andere, anderen, bereits, dankbar, einiger, entferne, entfernen, gefunde, häufig, ilitili, inter, interne, internet, lösung, pop-up, rechte, rechten, schuld, seite, thread, unteren, virus, virus entfernen, werbebanner, wirklich, öffnen, öffnet |