| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner / Trojan.Ransom.SUGenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.12.2012, 15:16
| #1 |
 |  GVU Trojaner / Trojan.Ransom.SUGen Habe mir diesen Trojaner eingefangen und weiß langsam nicht mehr was ich noch machen kann um den zu entfernen. Sobald die Internet-Verbindung aufgebaut ist, "bittet" mich die "GVU" doch mal schnell vor Weihnachten noch 100,-€ zu überweisen. Ich habe Windows 7 (64-bit) und bin immer mit einem eingeschränkten Konto angemeldet. Ich habe zwar eine Möglichkeit gefunden, den Screen kurzfristig wegzubekommen, aber die vollständige Reinigung schaffe ich nicht und würde mich über Hilfe sehr freuen. So habe ich den Screen wegbekommen: - Windows starten (vorher Fritz-Stick abstecken) - irgend ein Dokument, z. B. Word öffnen und bearbeiten (NICHT speichern) - Fritz-Stick rein => Verbindung baut sich auf => Sperrscreen aktiv - CTRL + ALT + Entfernen => PC Neustart - wenn Meldung kommt, dass noch Dokumente offen sind: Neustart abbrechen - voila: Sperrscreen ist weg und man kommt wieder ins Net Doch zurück zum Thema: Was habe ich bis jetzt unternommen? - Einen Wiederherstellungspunkt habe ich nicht (wundert mich eigentlich; kann der Trojaner die Punkte zerstören?); nur ein 3 Monate altes Systemabbild (aber da kann ich ja gleich neu installieren) - Rechner über Kaspersky Windows unlocker entsperrt Im Logfile steht, dass alle User geöffnet wurden und zusätzlich eine verdächtige Veränderung in der userinit.exe. (auch die wird geöffnet). Allerdings hat das keine Auswirkungen; der Trojaner ist nach wie vor aktiv. - zusätzlich gründlicher Scan aller Platten mit Kaspersky Rescue Disk (lief über 8 Stunden), doch das Programm findet auch nichts, dass ein Fall für die Quarantäne wäre. - Dann dieses Forum gefunden und schnellen Scan von MBAM laufen lassen: Der Trojaner "Trojan.Ransom.SUGen" wird gefunden => Quarantäne. Nach einem Neustart und erneuten Scan ist der Trojaner wieder da. Auch wenn ich ohne Inet den Trojaner gescannt und beseitig habe ist er trotzdem sofort wieder da, wenn ich on gehe. Laut MBAM ist dann wieder die gleiche Datei infiziert. Logfile: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.18.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Florian_2 :: HOSCHIMEDES [limited] 19.12.2012 13:12:28 mbam-log-2012-12-19 (13-12-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 197358 Time elapsed: 2 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Florian_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully. (end) - Adwcleaner habe ich über den Link im Forum heruntergeladen, jedoch springt da mein Virenscanner an (AVG Free). Habs nicht ausgeführt. - defogger habe ich ausgeführt - OTL habe ich ausgeführt und gescannt OTL.txt: OTL logfile created on: 19.12.2012 14:46:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Florian_2\Downloads 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 43,05% Memory free 7,99 Gb Paging File | 5,45 Gb Available in Paging File | 68,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,87 Gb Total Space | 2,40 Gb Free Space | 4,92% Space Free | Partition Type: NTFS Drive F: | 48,78 Gb Total Space | 34,02 Gb Free Space | 69,74% Space Free | Partition Type: NTFS Drive G: | 24,41 Gb Total Space | 20,32 Gb Free Space | 83,22% Space Free | Partition Type: NTFS Drive H: | 24,41 Gb Total Space | 24,32 Gb Free Space | 99,60% Space Free | Partition Type: NTFS Drive I: | 48,83 Gb Total Space | 1,13 Gb Free Space | 2,31% Space Free | Partition Type: NTFS Drive J: | 97,65 Gb Total Space | 59,14 Gb Free Space | 60,56% Space Free | Partition Type: NTFS Drive K: | 97,65 Gb Total Space | 1,69 Gb Free Space | 1,73% Space Free | Partition Type: NTFS Drive L: | 97,65 Gb Total Space | 44,69 Gb Free Space | 45,76% Space Free | Partition Type: NTFS Drive M: | 97,65 Gb Total Space | 12,64 Gb Free Space | 12,94% Space Free | Partition Type: NTFS Drive N: | 195,32 Gb Total Space | 26,11 Gb Free Space | 13,37% Space Free | Partition Type: NTFS Drive O: | 48,82 Gb Total Space | 28,22 Gb Free Space | 57,81% Space Free | Partition Type: NTFS Drive P: | 101,35 Gb Total Space | 10,89 Gb Free Space | 10,75% Space Free | Partition Type: NTFS Computer Name: HOSCHIMEDES | User Name: Florian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.19 13:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Florian_2\Downloads\OTL.exe PRC - [2012.12.12 21:24:26 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.09.02 08:11:23 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2012.07.14 01:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- F:\Mozilla Firefox\firefox.exe PRC - [2012.05.24 16:23:45 | 000,663,360 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe PRC - [2012.05.24 16:23:43 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe PRC - [2010.06.13 23:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.05.20 22:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 22:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.03.16 17:22:40 | 005,309,056 | ---- | M] ( ASUSTeK Computer Inc.) -- F:\Motherboard\ASUS EPU\EPU.exe PRC - [2010.01.22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- F:\Motherboard\USB 3.0\Application\nusb3mon.exe PRC - [2009.09.28 17:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.07.07 12:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- F:\Motherboard\SB X-Fi MB\Volume Panel\VolPanlu.exe PRC - [2009.03.30 15:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe PRC - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2006.11.23 14:10:42 | 000,056,928 | ---- | M] (Cyberlink Corp.) -- F:\Power DVD 7\PDVDServ.exe ========== Modules (No Company Name) ========== MOD - [2012.12.12 21:24:26 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.07.14 01:14:07 | 002,003,424 | ---- | M] () -- F:\Mozilla Firefox\mozjs.dll MOD - [2012.05.24 16:23:45 | 000,663,360 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe MOD - [2010.08.05 00:25:25 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.01.08 16:17:24 | 000,565,248 | ---- | M] () -- F:\Motherboard\ASUS EPU\pngio.dll MOD - [2010.01.08 16:17:24 | 000,053,248 | ---- | M] () -- F:\Motherboard\ASUS EPU\AsSpindownTimeout.dll MOD - [2009.09.30 04:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009.07.30 13:54:04 | 000,170,496 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.04.22 19:20:00 | 000,179,712 | ---- | M] () -- F:\Motherboard\ASUS EPU\AsusService.dll MOD - [2009.03.30 15:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe MOD - [2009.02.06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.12 21:24:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.07.14 01:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.24 16:23:43 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.08.29 23:34:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.08.29 23:33:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.06.13 23:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.09.05 01:09:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- F:\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- P:\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 14:56:08 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012.01.18 14:56:06 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2011.12.12 10:07:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010.10.25 01:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.25 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.03.17 04:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010.03.10 02:48:28 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.01.22 11:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 11:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.29 09:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.09.01 13:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2009.07.31 04:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.17 17:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.20 01:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2008.07.09 13:21:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64) DRV:64bit: - [2007.09.11 14:20:00 | 000,132,096 | ---- | M] (e3C, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EC168x64.sys -- (EC168x64) DRV - [2011.12.26 15:42:51 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- F:\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110917200133237&tb_oid=17-09-2011&tb_mrud=17-09-2011 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 23 D6 6D 1C 34 CB 01 [binary data] IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{19F3FB9C-FE16-4847-8361-0E5645D6E6F8}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{24F5310B-2853-4C63-9FD9-865FB8CA8A82}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&q={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\SearchScopes\{F29BAA3C-3E71-4429-82AC-F551A4EE31D8}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C EF 96 67 20 5C CB 01 [binary data] IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes,DefaultScope = {1D06B7FE-D65C-480E-9A40-6E850A29CDF5} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{19F3FB9C-FE16-4847-8361-0E5645D6E6F8}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{1D06B7FE-D65C-480E-9A40-6E850A29CDF5}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{24F5310B-2853-4C63-9FD9-865FB8CA8A82}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{7C621DE1-34F6-48D4-8ECF-F1E06D420016}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\SearchScopes\{F29BAA3C-3E71-4429-82AC-F551A4EE31D8}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 44 F4 52 C4 51 CB 01 [binary data] IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes,DefaultScope = {24F5310B-2853-4C63-9FD9-865FB8CA8A82} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{19F3FB9C-FE16-4847-8361-0E5645D6E6F8}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{24F5310B-2853-4C63-9FD9-865FB8CA8A82}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\SearchScopes\{F29BAA3C-3E71-4429-82AC-F551A4EE31D8}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=de&nt=1 IE - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AOL Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20110917200133237&tb_oid=28-10-2011&tb_mrud=28-10-2011&query=" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20110917200133237&tb_oid=28-10-2011&tb_mrud=28-10-2011&query=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: F:\Mozilla Firefox\components [2012.07.22 11:24:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: F:\Mozilla Firefox\plugins [2012.08.17 07:21:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: F:\Mozilla Thunderbird\components [2012.10.13 01:36:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: F:\Mozilla Thunderbird\plugins [2011.10.04 14:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions [2010.08.04 23:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.02.09 22:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\yi1dja40.default\extensions [2010.08.25 00:54:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\yi1dja40.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.28 23:15:09 | 000,002,354 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\yi1dja40.default\searchplugins\aol-web-search.xml [2011.07.09 22:17:49 | 000,002,501 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\yi1dja40.default\searchplugins\SearchResults.xml File not found (No name found) -- F:\AVG VIRENSCANNER\FIREFOX\DONOTTRACK [2010.12.13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml O1 HOSTS File: ([2011.10.04 13:15:59 | 000,437,695 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15052 more lines... O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\AVG Virenscanner\avgssiea.dll File not found O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll File not found O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\AVG Virenscanner\avgssie.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-1234284039-539375577-3249342001-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LanguageShortcut] F:\Power DVD 7\Language\Language.exe () O4 - HKLM..\Run: [NUSB3MON] F:\Motherboard\USB 3.0\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [RemoteControl] F:\Power DVD 7\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [Six Engine] F:\Motherboard\ASUS EPU\EPU.exe ( ASUSTeK Computer Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] F:\Motherboard\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [EA Core] I:\Fussball Manager 10\EADM\Core.exe (Electronic Arts) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [flatster Recorder] F:\flatster Recorder\flatster Recorder.exe File not found O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1000..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe () O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1001..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe () O4 - HKU\S-1-5-21-1234284039-539375577-3249342001-1004..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOM.lnk = C:\Program Files (x86)\Common Files\Adobe\Web\AOM.exe (Adobe Systems, Incorporated) O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Florian_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ACF8334-BC7C-4872-AEEB-37010EFE9435}: DhcpNameServer = 83.169.184.161 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55221738-EDAE-42FD-8A5C-E1D33C9EFE5C}: DhcpNameServer = 83.169.184.161 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE815495-85DC-4519-9584-C47BCE7795BD}: DhcpNameServer = 83.169.184.161 192.168.0.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\AVG Virenscanner\avgppa.dll File not found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\AVG Virenscanner\avgpp.dll File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9e8b7c32-a03b-11df-a765-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9e8b7c32-a03b-11df-a765-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe O33 - MountPoints2\{e1048f9a-a156-11df-9aaa-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e1048f9a-a156-11df-9aaa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.19 13:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2012.12.19 13:51:54 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2012.12.19 13:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2012.12.19 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Programs [2012.12.19 03:27:20 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Malwarebytes [2012.12.19 03:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.19 03:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.19 03:27:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.19 03:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.19 03:15:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.12.13 03:46:17 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2012.12.13 00:10:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\AVG2013 [2012.12.13 00:07:37 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\TuneUp Software [2012.12.13 00:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.12.13 00:04:40 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\MFAData [2012.12.13 00:04:40 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Avg2013 [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Florian\AppData\Local\*.tmp files -> C:\Users\Florian\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.19 14:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.19 13:51:58 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012.12.19 13:27:56 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable [2012.12.19 13:12:41 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 13:12:41 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 13:10:56 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.19 13:03:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.19 13:03:07 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys [2012.12.19 03:27:11 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.19 02:11:46 | 000,001,153 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOM.lnk [2012.12.17 17:03:00 | 001,528,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.17 17:03:00 | 000,666,658 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.17 17:03:00 | 000,625,504 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.17 17:03:00 | 000,135,586 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.17 17:03:00 | 000,111,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.17 17:00:41 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.12.17 17:00:41 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.12.13 03:21:14 | 000,343,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.13 00:07:38 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Florian\AppData\Local\*.tmp files -> C:\Users\Florian\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.19 13:51:58 | 000,002,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2012.12.19 13:51:58 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012.12.19 13:27:56 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable [2012.12.19 03:27:11 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.19 02:11:46 | 000,001,153 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOM.lnk [2012.12.19 01:01:16 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.13 00:07:38 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.11.01 13:17:07 | 011,624,448 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Sandra.mdb [2011.10.09 23:00:47 | 000,000,095 | ---- | C] () -- C:\Users\Florian\AppData\Local\fusioncache.dat [2011.10.09 22:59:16 | 001,557,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.18 15:25:40 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.05.23 21:30:46 | 000,544,256 | ---- | C] () -- C:\Windows\SysWow64\janGraphics.dll [2011.05.09 20:35:32 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.05.09 20:35:32 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.02.19 00:45:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2011.02.03 15:52:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.02.03 15:47:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.02.03 15:45:55 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.11.10 20:20:10 | 000,011,205 | ---- | C] () -- C:\Users\Florian\firefox-2010-11-10 ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.13 15:54:47 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\AVG2013 [2011.11.12 21:35:21 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Canon [2011.10.10 20:58:00 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\DVDVideoSoft [2011.02.02 21:23:58 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\FileZilla [2011.02.15 22:34:36 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\MAGIX [2010.08.12 11:19:31 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\OpenOffice.org [2010.08.13 15:21:38 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Thunderbird [2012.12.13 00:10:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\AVG2013 [2012.02.23 15:37:16 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Canon [2010.08.06 12:21:21 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\CDZilla [2012.09.17 00:22:25 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\DVDVideoSoft [2011.04.02 00:36:24 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers [2010.09.01 12:01:14 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FileZilla [2011.02.03 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\MAGIX [2010.08.14 21:18:27 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org [2011.01.26 15:34:15 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\REAPER [2010.08.14 13:27:26 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird [2012.12.13 00:07:37 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TuneUp Software [2011.05.28 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\UDC Profiles [2012.12.13 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\AVG2013 [2011.07.31 11:57:01 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\BayWotch4 [2011.01.21 13:58:08 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Canon [2010.08.06 12:16:16 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\CDZilla [2010.09.22 23:28:11 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2012.09.17 00:22:46 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\DVDVideoSoft [2012.12.17 11:56:39 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\FileZilla [2011.04.14 00:17:53 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Kalypso Media [2011.08.08 12:06:06 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Kummert Inspektionssysteme [2012.11.10 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Lionhead Studios [2011.02.03 16:01:48 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\MAGIX [2011.10.19 17:54:24 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\MudTV [2011.05.09 23:28:39 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\My Games [2010.08.05 23:08:51 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\OpenOffice.org [2010.08.16 10:42:54 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Opera [2010.08.14 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Thunderbird [2010.11.08 22:34:29 | 000,000,000 | ---D | M] -- C:\Users\Florian_2\AppData\Roaming\Tropico 3 Demo ========== Purity Check ========== < End of report > extras.txt: OTL Extras logfile created on: 19.12.2012 14:46:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Florian_2\Downloads 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 43,05% Memory free 7,99 Gb Paging File | 5,45 Gb Available in Paging File | 68,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,87 Gb Total Space | 2,40 Gb Free Space | 4,92% Space Free | Partition Type: NTFS Drive F: | 48,78 Gb Total Space | 34,02 Gb Free Space | 69,74% Space Free | Partition Type: NTFS Drive G: | 24,41 Gb Total Space | 20,32 Gb Free Space | 83,22% Space Free | Partition Type: NTFS Drive H: | 24,41 Gb Total Space | 24,32 Gb Free Space | 99,60% Space Free | Partition Type: NTFS Drive I: | 48,83 Gb Total Space | 1,13 Gb Free Space | 2,31% Space Free | Partition Type: NTFS Drive J: | 97,65 Gb Total Space | 59,14 Gb Free Space | 60,56% Space Free | Partition Type: NTFS Drive K: | 97,65 Gb Total Space | 1,69 Gb Free Space | 1,73% Space Free | Partition Type: NTFS Drive L: | 97,65 Gb Total Space | 44,69 Gb Free Space | 45,76% Space Free | Partition Type: NTFS Drive M: | 97,65 Gb Total Space | 12,64 Gb Free Space | 12,94% Space Free | Partition Type: NTFS Drive N: | 195,32 Gb Total Space | 26,11 Gb Free Space | 13,37% Space Free | Partition Type: NTFS Drive O: | 48,82 Gb Total Space | 28,22 Gb Free Space | 57,81% Space Free | Partition Type: NTFS Drive P: | 101,35 Gb Total Space | 10,89 Gb Free Space | 10,75% Space Free | Partition Type: NTFS Computer Name: HOSCHIMEDES | User Name: Florian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- F:\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- F:\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- F:\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "F:\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "F:\VLC Media-Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0339D1FA-C0F8-452D-BE87-5658CAEC2817}" = lport=59070 | protocol=6 | dir=in | name=pando media booster | "{08640131-AB6F-49EA-90F9-32F1CAAA402D}" = lport=10243 | protocol=6 | dir=in | app=system | "{09E13297-EC9E-4BAF-A11E-AF53581694D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0B12C8C5-2E4A-4188-8E19-44D1DEF3741A}" = lport=rpc | protocol=6 | dir=in | app=f:\sisoftware sandra lite 2012.sp5c\wnt500x64\rpcsandrasrv.exe | "{0F46B913-14E3-4684-AA84-EFB23F37F003}" = lport=137 | protocol=17 | dir=in | app=system | "{12610BA7-8889-469A-B2BA-E68909EC0C26}" = lport=rpc | protocol=6 | dir=in | app=f:\sisoftware sandra lite 2012.sp5c\rpcagentsrv.exe | "{1A1625E2-FEF6-4683-8794-DB11DCBDBEA6}" = lport=138 | protocol=17 | dir=in | app=system | "{2369A42B-90D4-493D-AEFE-911C85C191C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{28D52104-E55C-4D83-91E3-FDDF626C3B68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{39C59B98-1DC5-4878-B49E-8855944F99EB}" = rport=10243 | protocol=6 | dir=out | app=system | "{4826B081-F841-4D4E-93F8-31418B0B805A}" = rport=138 | protocol=17 | dir=out | app=system | "{4C25AE7F-0E02-4966-B328-C3B8F54A0002}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52670C30-DB10-4434-9990-50A73AF01F5A}" = lport=139 | protocol=6 | dir=in | app=system | "{5F35CD3A-BCD9-4541-8861-2FEF729FCA39}" = rport=445 | protocol=6 | dir=out | app=system | "{6BB2B87B-8148-4DEF-A616-2F51D7CEE44F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6DFC9F3E-2C1F-483D-9391-6E719D1DE379}" = lport=59070 | protocol=6 | dir=in | name=pando media booster | "{9776E23A-3F99-4FE3-BC22-3086D5956590}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{99035FCC-4CB8-48FC-A84D-76EF1BB92F14}" = lport=59070 | protocol=17 | dir=in | name=pando media booster | "{99D48BAF-BB84-4F1C-974B-435808014A6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9EAB74F7-E4AC-474E-AE76-278D70CBEC30}" = lport=445 | protocol=6 | dir=in | app=system | "{AF53DB61-166F-4B63-B47B-48EC9C8A8EF7}" = lport=rpc | protocol=6 | dir=in | app=f:\sisoftware sandra lite 2011.sp5\wnt500x64\rpcsandrasrv.exe | "{B6FBABC1-94D8-4674-A369-389D15758F24}" = lport=59070 | protocol=17 | dir=in | name=pando media booster | "{B875FEF0-EEB9-4DF1-951B-74DBED9E27E4}" = rport=139 | protocol=6 | dir=out | app=system | "{B8ADC835-4ABC-45FB-AFFE-9C1A364DB18A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C03FAC8A-E7A9-46E7-8E4E-B28666628BBF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C800E41E-D9F7-4BC3-A249-E12E76A3F81C}" = lport=2869 | protocol=6 | dir=in | app=system | "{CCF2B91A-982F-4874-9052-0E1563BD0458}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EFC96469-72E4-4AEC-95A4-377DEFDCE009}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F1C209D7-8980-4B27-A29A-DD3E05C1BF82}" = rport=137 | protocol=17 | dir=out | app=system | "{F3F0FB03-D1A7-4DBB-B317-B3F21544773B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0339729D-EFB0-4264-A87C-3B3B222253BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0CA3C3D3-AE90-4169-BB7A-26BC86475B8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1693CBA3-B2B4-4459-B87B-28630021A892}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{1A989884-779A-4209-B402-B8B14AFB46AA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{20F469C4-2293-4F67-87D7-B1D4652A4D7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3521137A-F330-4042-895D-270F53D59995}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{382C9661-0022-456B-9F30-D9DD2A614445}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{56454C06-739B-4DF3-9E10-7C65A513CB66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{56A8C587-9F5A-4CBF-9620-8A530A2357B2}" = protocol=6 | dir=in | app=f:\avg virenscanner\avgmfapx.exe | "{585F64B5-2702-4C98-A459-2F88841FFA53}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{591BFC36-9BCF-49AB-8AC6-64E67A8BCBB9}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{5964F3DD-6DE9-4A80-9BEA-4E1DA90D9A86}" = protocol=6 | dir=out | app=system | "{5D58B510-09CB-47EA-9DD4-5A732732BCB8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{601403DB-70C8-4641-BFBE-1E29C199FDA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6261302D-68AF-49C9-9A6D-BD1C5B74E6C2}" = protocol=6 | dir=in | app=f:\opera\opera.exe | "{651A5ECB-162C-4ECE-8DC5-91301ACF8C3C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{667622A2-05E2-4039-ABFC-B80CFF20123A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{753946BC-AFFC-4A65-A26C-D5BF835C6B45}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{77973D99-818C-42EE-BE58-CFA608F51705}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{816FC1B7-83B8-48E5-9B5A-D85DA3F0B8C7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{82C21768-E7C6-4D87-90E4-E4B3552B1A2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{84A5E6EE-BEA4-4D0B-8E58-5D91BA77754C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{8F7B9474-133A-4D3E-B499-DD379F95AA48}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{9152FA62-4289-4D09-9669-D972A35EB939}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{94C04C0F-A840-4C69-B78B-105540D5DB9B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{980FC9C9-3E15-4BD3-A69C-AAA111712A5B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{991DDB31-3F11-4F1C-B49A-25748AF4B40F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{9AC87C90-7FEC-41A8-8D83-5C1041C6C209}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{A6C33221-1EB6-47B7-A2BF-50EC25F138A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A77D6C80-AEF3-4B2C-BCEE-44BF79BBC0D7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{B02980D9-A5BE-4014-9487-4B0204BB453E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BBDED519-491D-4944-9421-D3CD1C59E7B5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BEE06E38-D088-4716-AD7D-306E403A8BE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{BF81113B-2D16-485F-BB37-87E5C36513FE}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{C39D5BD7-D60A-4635-9198-72AAB1D3A3FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C6E7DB6C-B964-4AEB-AE80-6E09D252D44F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CC6CA898-7364-4B8D-9D89-9E33EDB47FD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CCAA45A9-8C0B-4406-96B3-ADF78471133B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D8A8691B-ABD7-4530-96E9-5A70D6DFD819}" = protocol=17 | dir=in | app=f:\opera\opera.exe | "{D8DEAD40-F39F-4A24-AE96-DB3338D5A075}" = protocol=6 | dir=in | app=c:\users\florian\appdata\local\temp\dsoclient\dlcache\app.n3app | "{DB0C7711-D37E-4AFF-A88A-E85EEBCFF334}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | "{DC1DAE65-9E8D-4CFE-A869-83453A90768B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{E4296371-D727-4324-BC6B-9CD0179B7FC4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{E458BE0A-9A48-409D-BF3F-322C10C957AF}" = protocol=17 | dir=in | app=f:\avg virenscanner\avgmfapx.exe | "{E722690C-C102-4DEB-9B93-5DB6E0970417}" = protocol=17 | dir=in | app=c:\users\florian\appdata\local\temp\dsoclient\dlcache\app.n3app | "{E88A429F-FA5D-43B7-B535-07966D705C11}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{F0C39CF5-9FE7-453A-B611-9BEF41B49828}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F1E8908A-96BC-4872-B8B7-05859A140AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{F4027133-A2FF-41CC-BD08-D4CC1233ABFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F5260E63-0DC5-45E0-98D7-CF6206D762F4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{FB667A48-B74B-42D3-9998-0D942D3EA56F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FB977B33-D7E7-4A03-9963-4617136C8C99}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{FCE0AFF0-10B3-489A-8111-0990CA784D05}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{FE524118-4096-48BD-982B-A61A830ECD50}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "TCP Query User{005E40B7-3C01-4012-8C66-B3050F7813EF}I:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=i:\anno 1701\anno1701.exe | "TCP Query User{018C7A0C-781F-4624-AF41-EE07A85B9035}F:\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\winamp\winamp.exe | "TCP Query User{035E5FE8-ECA4-4782-89D1-5694B711BD16}I:\herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=i:\herr der ringe online\lotroclient.exe | "TCP Query User{08697313-CDD8-42BC-802F-62CAB33A210A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{4A60202E-9165-4746-8BC4-6390BE9FF241}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{6C866550-1B5C-46EC-B9BD-8CD4F18AE773}F:\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\winamp\winamp.exe | "TCP Query User{912645AF-6AC7-4632-91A7-DC95004E02C7}I:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=i:\fussball manager 10\eadm\core.exe | "TCP Query User{9676E4A9-C17D-4B97-8481-91A5C1642E20}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{A0CFF612-CCD4-4B69-A76A-58E7C019F92B}I:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=i:\anno 1701\anno1701.exe | "TCP Query User{B00FBD0D-B294-4E93-B94B-A024E098BB2A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{B5EEFDC8-C5CB-437C-BAFE-11E727D67651}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=6 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe | "TCP Query User{C598187A-F930-474F-AAB4-826F7362DF75}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{D4C3128A-3372-4399-BB8E-8771B7D8FA3D}I:\spellforce 2\spellforce2.exe" = protocol=6 | dir=in | app=i:\spellforce 2\spellforce2.exe | "TCP Query User{D637096A-2BD1-4CB1-9897-64D2FE5FFCD4}I:\fussball manager 10\eadm\core.exe" = protocol=6 | dir=in | app=i:\fussball manager 10\eadm\core.exe | "TCP Query User{D8985EC2-C41B-4801-B9FF-E9C38CE34517}F:\opera\opera.exe" = protocol=6 | dir=in | app=f:\opera\opera.exe | "TCP Query User{EB96A6A3-0E61-4BB8-9AD3-7AD71EF32FAD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{FA626FB7-5B8F-4B12-9CD6-8FD4F6582E51}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=6 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe | "UDP Query User{0DE173D3-F7B5-4A5F-9B2D-509F34263ADF}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=17 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe | "UDP Query User{2D90BEAC-B907-4299-8701-37E1D64EFAF9}F:\opera\opera.exe" = protocol=17 | dir=in | app=f:\opera\opera.exe | "UDP Query User{339C96D9-48AE-442A-808D-F2F081FEF0A1}I:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=i:\fussball manager 10\eadm\core.exe | "UDP Query User{3DD54E97-B6EF-4AE9-94FE-3EB60DBD5075}I:\spellforce 2\spellforce2.exe" = protocol=17 | dir=in | app=i:\spellforce 2\spellforce2.exe | "UDP Query User{46AC432C-D419-4B2D-8C5D-05DC1B2443B9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4C7AC3B3-E2F8-4C50-AA5E-4A21334F8197}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{50454226-AD18-48C6-B4B2-A84422833412}F:\web editor 8\webeditor 8\bin\webeditor.exe" = protocol=17 | dir=in | app=f:\web editor 8\webeditor 8\bin\webeditor.exe | "UDP Query User{6EED41AF-8719-4FFD-9935-31B19597E869}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{722C15FB-4E66-4BDA-9EF7-5763F9976318}I:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=i:\anno 1701\anno1701.exe | "UDP Query User{7EE3B264-CD0E-44F1-BCAD-001FCA959D9B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{81AACCB3-1448-477E-9FFF-ABF3527BD837}I:\herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=i:\herr der ringe online\lotroclient.exe | "UDP Query User{84EC56C2-9234-4309-AD42-992CF6584FB7}F:\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\winamp\winamp.exe | "UDP Query User{9D7A590F-ADCB-40C2-87A6-2DD50A7713EF}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{B360B32B-36B1-4495-864F-A7593A54F1C4}F:\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\winamp\winamp.exe | "UDP Query User{C454CA49-629D-46AB-A5AB-8AE765FA58FF}I:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=i:\anno 1701\anno1701.exe | "UDP Query User{DF260977-3463-494A-AB2C-1D90B0D00EB4}I:\fussball manager 10\eadm\core.exe" = protocol=17 | dir=in | app=i:\fussball manager 10\eadm\core.exe | "UDP Query User{EF491720-1052-4429-9F9C-99379F009FF5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013 "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP5c "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2013 "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Redirection Port Monitor" = RedMon - Redirection Port Monitor "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4 "{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver "{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{284CF4B8-4055-4D2E-BC04-5ADD7AA10E3D}" = The Movies(TM) 1.1 Patch "{2D428867-5883-449B-86F3-7B7187061031}" = Nero 7 Essentials "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{339E300B-AD83-4013-BABF-E5C0DDAAFE7C}" = Spellforce 2 - Dragon Storm "{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1 "{378BA9B5-DB6C-41DB-BE93-86CD198A8A9E}" = Guild 2 King's Edition "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DF4CAB9-B628-4924-AD9A-1C457DD2960A}" = VirtualDJ Home FREE "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7E8242F8-BD2A-44D7-BCED-9B231A02B367}" = SpellForce 2 Patch "{818690C7-8DA5-4623-BBA8-A73CFBD44077}" = Sound Blaster X-Fi MB "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{97BD5533-8B5B-42FA-ADAE-A6F8DB997D7C}" = Ad-Aware "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU "{A311F7E9-436E-4924-8DB5-6004325F5A43}" = MainConceptDemoCodecs "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A7BF5297-3E74-11D5-B00F-00104B398D77}" = QuarkXPress Passport 5.01 "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDC4FC15-480C-49C1-85DA-1CFBBFC6CD08}" = DVBT "{D3507473-2CE3-4073-A6BA-A0846B5CC687}" = Namo WebEditor 8 "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.03.05.8039 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop 6.0" = Adobe Photoshop 6.0 "Adobe SVG Viewer" = Adobe SVG Viewer "Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe "Ant Renamer 2_is1" = Ant Renamer "Audacity_is1" = Audacity 1.2.6 "AVMWLANCLI" = AVM FRITZ!WLAN "baywotch4_is1" = BayWotch v4.2.4 "Canon MX870 series Benutzerregistrierung" = Canon MX870 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Drakensang Online" = Drakensang Online "Drakensang_is1" = Drakensang "EADM" = EA Download Manager "Easy-WebPrint EX" = Canon Easy-WebPrint EX "etope Lister_is1" = 1.36 "FileZilla Client" = FileZilla Client 3.3.3 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.31.916 "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) "InstallShield_{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D) "MAGIX Music Maker 15 Premium D" = MAGIX Music Maker 15 Premium 15.0.1.8 (D) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 3.1" = Canon MP Navigator EX 3.1 "Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D) "Musik & Audio Restaurator Pro 5_is1" = Musik & Audio Restaurator Pro 5.0 "MySSID_is1" = Vtune 7.10 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "SoftwareUpdUtility" = Download Updater (AOL LLC) "Speed Dial Utility" = Canon Kurzwahlprogramm "SpellForce 2 Update v1.02" = SpellForce 2 Update v1.02 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.4 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "Xfire" = Xfire (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1234284039-539375577-3249342001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "Winamp Detect" = Winamp Erkennungs-Plug-in ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1234284039-539375577-3249342001-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de) "Opera 11.10.2092" = Opera 11.10 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.12.2012 22:36:54 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "f:\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "f:\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 13.12.2012 22:42:19 | Computer Name = Hoschimedes | Source = System Restore | ID = 8193 Description = Error - 13.12.2012 22:47:47 | Computer Name = Hoschimedes | Source = System Restore | ID = 8193 Description = Error - 17.12.2012 04:30:04 | Computer Name = Hoschimedes | Source = Application Hang | ID = 1002 Description = Programm AcroRd32.exe, Version 9.5.2.295 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1ec8 Startzeit: 01cddc2f2fc549fd Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe Berichts-ID: Error - 18.12.2012 03:51:27 | Computer Name = Hoschimedes | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: avgidsagent.exe, Version: 13.0.0.2792, Zeitstempel: 0x50993b63 Name des fehlerhaften Moduls: avgidsagent.exe, Version: 13.0.0.2792, Zeitstempel: 0x50993b63 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027610b ID des fehlerhaften Prozesses: 0x724 Startzeit der fehlerhaften Anwendung: 0x01cdd9a1349e109b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe Berichtskennung: b9a00eb7-48e7-11e2-9d66-bc0543072299 Error - 18.12.2012 07:47:03 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 18.12.2012 07:47:15 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\Creative\audio device selection unicode\CTAudSeu.exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\Creative\audio device selection unicode\CTAudSeu.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 18.12.2012 07:47:23 | Computer Name = Hoschimedes | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "f:\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "f:\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 18.12.2012 07:51:54 | Computer Name = Hoschimedes | Source = System Restore | ID = 8193 Description = Error - 19.12.2012 08:08:29 | Computer Name = Hoschimedes | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457, Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xc70 Startzeit der fehlerhaften Anwendung: 0x01cddde0e1fbe547 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: cc93aa90-49d4-11e2-85dd-485b395d16ab [ Spybot - Search and Destroy Events ] Error - 19.12.2012 09:22:22 | Computer Name = Hoschimedes | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions [ System Events ] Error - 18.12.2012 23:26:34 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.12.2012 23:26:35 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.12.2012 23:26:37 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.12.2012 23:27:35 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.12.2012 23:28:56 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.12.2012 23:28:56 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.12.2012 23:28:58 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.12.2012 23:35:30 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 19.12.2012 08:03:10 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 19.12.2012 08:03:10 | Computer Name = Hoschimedes | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 < End of report > |
| Themen zu GVU Trojaner / Trojan.Ransom.SUGen |
| ad-aware, audacity, bho, canon, converter, error, fehler, firefox, flash player, iexplore.exe, install.exe, kaspersky, langsam, logfile, mozilla, mp3, pando media booster, plug-in, programm, registry, richtlinie, runctf.lnk, safer networking, scan, security, software, starten, svchost.exe, trojaner, usb, usb 3.0, visual studio, windows, windows xp |
Baum-Darstellung