| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: mystart by incredimail ist zu entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.01.2013, 17:29
| #1 |
| |  mystart by incredimail ist zu entfernen Hallo, heute habe ich etwas herunterladen und dabei auch mystart by incredimail. Ich benutze Google Chrome und dieser ist nun verseucht, weil babylonsearch nun das Startfenster ist und sich bei jedem neuen Tab gleich mystart öffnet. Mit CCleaner und unter Systemsteuerung/Programme habe ich incredimail teils entfernen können. Main AVG zeigt keine Bedrohungen an, jedoch tat dies SpyHunter (91Bedrohungen), welches ich gleich danach deinstallierte, weil es nur kostenpflichtig behebt. Ich habe mir Defogger (http://www.trojaner-board.de/69886-a...-beachten.html) heruntergeladen, musste neu starten, doch er gibt keine Fehlermeldung bekannt. Im Gegensatz dazu habe ich nun zwei Berichte von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 2013.01.23. 17:12:22 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Erika\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd. 4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,21% Memory free 8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,75 Gb Total Space | 258,04 Gb Free Space | 55,40% Space Free | Partition Type: NTFS Computer Name: ERIKA-PC | User Name: Erika | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Erika\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (BITCOMET_HELPER_SERVICE) -- C:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation) DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=117025&tt=230113_srchb_0413_3&babsrc=SP_ss&mntrId=18656a9b00000000000000241d747079 IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\..\SearchScopes\{823790B7-E6FD-41F1-AC0B-04CFB021A66E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQWFfyEun&i=26 IE - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=117025&tt=230113_srchb_0413_3&babsrc=HP_ss&mntrId=18656a9b00000000000000241d747079" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.24 12:40:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.18 09:37:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.15 10:02:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.24 19:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erika\AppData\Roaming\mozilla\Extensions [2013.01.23 12:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erika\AppData\Roaming\mozilla\Firefox\Profiles\ounb98zv.default\extensions [2013.01.23 11:05:24 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Erika\AppData\Roaming\mozilla\Firefox\Profiles\ounb98zv.default\extensions\ffxtlbr@incredibar.com [2013.01.23 12:19:27 | 000,002,445 | ---- | M] () -- C:\Users\Erika\AppData\Roaming\mozilla\firefox\profiles\ounb98zv.default\searchplugins\babylon1.xml [2013.01.23 11:04:52 | 000,002,203 | ---- | M] () -- C:\Users\Erika\AppData\Roaming\mozilla\firefox\profiles\ounb98zv.default\searchplugins\MyStart Search.xml [2012.09.15 10:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.23 12:19:18 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.06 04:51:45 | 000,000,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-hu.xml [2012.09.06 04:51:45 | 000,001,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sztaki-en-hu.xml [2012.09.06 04:51:45 | 000,000,974 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\vatera.xml [2012.09.06 04:51:45 | 000,001,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-hu.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=117025&tt=230113_srchb_0413_3&babsrc=SP_ss&mntrId=18656a9b00000000000000241d747079 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\npbrowserext.dll CHR - plugin: Perion plugin (Enabled) = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\ CHR - Extension: Google Drive = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Bustatech theme = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnohflgafpephcmdnnghnhappjbdfbko\1.0_0\ CHR - Extension: New tab for Chrome\u2122 = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.08.24 17:37:34 | 000,000,894 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1769829092-3719786494-2690435196-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Java Plug-in 10.6.2) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.6.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4272AE7-5B61-4A65-8047-6817F60C2973}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.01.23 15:45:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.23 16:38:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Erika\Desktop\OTL.exe [2013.01.23 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.01.23 15:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.01.23 15:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.01.23 12:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.01.23 12:18:59 | 000,000,000 | ---D | C] -- C:\Users\Erika\AppData\Roaming\Babylon [2013.01.23 12:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.01.23 11:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.01.23 11:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.01.23 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\Erika\AppData\Local\7-Zip Uninstaller [2013.01.23 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion [2013.01.13 16:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.01.13 16:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.01.09 11:48:51 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 11:48:51 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 11:48:40 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 11:48:39 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 11:48:37 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 11:48:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 11:48:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 11:48:37 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 11:48:37 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 11:48:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 11:48:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 11:48:37 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 11:48:37 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 11:48:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 11:48:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 11:48:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 11:48:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 11:48:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 11:48:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 11:48:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 11:48:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 11:48:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 11:48:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 11:48:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 11:48:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 11:48:36 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 11:48:36 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 11:48:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 11:48:36 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 11:48:36 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 11:48:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 11:48:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 11:48:36 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 11:48:36 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 11:48:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 11:48:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 11:48:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 11:48:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 11:48:21 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 11:48:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 11:48:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 11:48:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 11:48:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 11:48:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 11:48:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 11:48:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 11:48:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 11:48:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 11:48:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 11:48:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 11:48:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 11:48:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 11:48:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 11:48:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 11:48:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 11:48:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 11:48:13 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.23 16:55:37 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.23 16:55:37 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.23 16:48:09 | 000,002,283 | ---- | M] () -- C:\Users\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013.01.23 16:48:09 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.23 16:47:56 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2013.01.23 16:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.23 16:47:49 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2013.01.23 16:46:07 | 000,000,020 | ---- | M] () -- C:\Users\Erika\defogger_reenable [2013.01.23 16:45:43 | 000,050,477 | ---- | M] () -- C:\Users\Erika\Desktop\Defogger.exe [2013.01.23 16:38:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Erika\Desktop\OTL.exe [2013.01.23 16:36:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.23 15:45:28 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.01.23 15:19:03 | 107,257,550 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2013.01.23 11:32:12 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.01.23 11:05:25 | 000,000,455 | ---- | M] () -- C:\user.js [2013.01.22 22:22:25 | 000,491,919 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2013.01.21 18:31:53 | 000,098,779 | ---- | M] () -- C:\Users\Erika\Desktop\pg219.epub [2013.01.20 23:35:23 | 001,621,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.20 23:35:23 | 000,681,244 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat [2013.01.20 23:35:23 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.20 23:35:23 | 000,169,810 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat [2013.01.20 23:35:23 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.17 23:43:39 | 000,134,841 | ---- | M] () -- C:\Users\Erika\Desktop\Shakespeare-Celan.pdf [2013.01.13 16:27:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.01.11 15:30:02 | 000,354,144 | ---- | M] () -- C:\Users\Erika\Desktop\EinfuehrungindieLogik.pdf [2013.01.10 18:39:42 | 000,388,976 | ---- | M] () -- C:\Users\Erika\Desktop\18.pdf [2013.01.10 18:39:32 | 000,386,173 | ---- | M] () -- C:\Users\Erika\Desktop\17.pdf [2013.01.10 18:39:21 | 000,351,514 | ---- | M] () -- C:\Users\Erika\Desktop\16.pdf [2013.01.10 18:39:11 | 000,525,595 | ---- | M] () -- C:\Users\Erika\Desktop\15.pdf [2013.01.10 18:38:18 | 000,458,921 | ---- | M] () -- C:\Users\Erika\Desktop\14.pdf [2013.01.10 18:38:07 | 000,348,635 | ---- | M] () -- C:\Users\Erika\Desktop\13.pdf [2013.01.10 18:37:52 | 000,372,576 | ---- | M] () -- C:\Users\Erika\Desktop\12.pdf [2013.01.10 18:37:44 | 000,448,052 | ---- | M] () -- C:\Users\Erika\Desktop\11.pdf [2013.01.10 18:37:32 | 000,481,503 | ---- | M] () -- C:\Users\Erika\Desktop\10.pdf [2013.01.10 18:34:12 | 000,408,553 | ---- | M] () -- C:\Users\Erika\Desktop\9.pdf [2013.01.10 18:33:49 | 000,448,677 | ---- | M] () -- C:\Users\Erika\Desktop\8.pdf [2013.01.10 18:33:40 | 000,492,420 | ---- | M] () -- C:\Users\Erika\Desktop\7.pdf [2013.01.10 18:33:29 | 000,394,263 | ---- | M] () -- C:\Users\Erika\Desktop\6.pdf [2013.01.10 18:33:11 | 000,499,920 | ---- | M] () -- C:\Users\Erika\Desktop\5.pdf [2013.01.10 18:32:58 | 001,636,238 | ---- | M] () -- C:\Users\Erika\Desktop\4.pdf [2013.01.10 18:32:20 | 000,295,106 | ---- | M] () -- C:\Users\Erika\Desktop\3.pdf [2013.01.10 18:32:01 | 000,218,416 | ---- | M] () -- C:\Users\Erika\Desktop\2.pdf [2013.01.10 18:29:43 | 000,405,947 | ---- | M] () -- C:\Users\Erika\Desktop\1.pdf [2013.01.10 03:30:10 | 005,032,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 03:12:00 | 001,595,524 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.23 16:46:07 | 000,000,020 | ---- | C] () -- C:\Users\Erika\defogger_reenable [2013.01.23 16:45:34 | 000,050,477 | ---- | C] () -- C:\Users\Erika\Desktop\Defogger.exe [2013.01.23 15:45:28 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.01.23 11:32:12 | 000,002,283 | ---- | C] () -- C:\Users\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013.01.23 11:32:12 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.01.23 11:31:39 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.23 11:31:38 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.23 11:05:24 | 000,000,455 | ---- | C] () -- C:\user.js [2013.01.21 18:31:53 | 000,098,779 | ---- | C] () -- C:\Users\Erika\Desktop\pg219.epub [2013.01.17 23:43:39 | 000,134,841 | ---- | C] () -- C:\Users\Erika\Desktop\Shakespeare-Celan.pdf [2013.01.13 16:27:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.01.11 15:30:02 | 000,354,144 | ---- | C] () -- C:\Users\Erika\Desktop\EinfuehrungindieLogik.pdf [2013.01.10 18:39:41 | 000,388,976 | ---- | C] () -- C:\Users\Erika\Desktop\18.pdf [2013.01.10 18:39:32 | 000,386,173 | ---- | C] () -- C:\Users\Erika\Desktop\17.pdf [2013.01.10 18:39:21 | 000,351,514 | ---- | C] () -- C:\Users\Erika\Desktop\16.pdf [2013.01.10 18:39:11 | 000,525,595 | ---- | C] () -- C:\Users\Erika\Desktop\15.pdf [2013.01.10 18:38:18 | 000,458,921 | ---- | C] () -- C:\Users\Erika\Desktop\14.pdf [2013.01.10 18:38:06 | 000,348,635 | ---- | C] () -- C:\Users\Erika\Desktop\13.pdf [2013.01.10 18:37:52 | 000,372,576 | ---- | C] () -- C:\Users\Erika\Desktop\12.pdf [2013.01.10 18:37:44 | 000,448,052 | ---- | C] () -- C:\Users\Erika\Desktop\11.pdf [2013.01.10 18:37:32 | 000,481,503 | ---- | C] () -- C:\Users\Erika\Desktop\10.pdf [2013.01.10 18:34:12 | 000,408,553 | ---- | C] () -- C:\Users\Erika\Desktop\9.pdf [2013.01.10 18:33:49 | 000,448,677 | ---- | C] () -- C:\Users\Erika\Desktop\8.pdf [2013.01.10 18:33:40 | 000,492,420 | ---- | C] () -- C:\Users\Erika\Desktop\7.pdf [2013.01.10 18:33:29 | 000,394,263 | ---- | C] () -- C:\Users\Erika\Desktop\6.pdf [2013.01.10 18:33:11 | 000,499,920 | ---- | C] () -- C:\Users\Erika\Desktop\5.pdf [2013.01.10 18:32:58 | 001,636,238 | ---- | C] () -- C:\Users\Erika\Desktop\4.pdf [2013.01.10 18:32:20 | 000,295,106 | ---- | C] () -- C:\Users\Erika\Desktop\3.pdf [2013.01.10 18:32:00 | 000,218,416 | ---- | C] () -- C:\Users\Erika\Desktop\2.pdf [2013.01.10 18:29:42 | 000,405,947 | ---- | C] () -- C:\Users\Erika\Desktop\1.pdf [2012.08.24 12:58:07 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.08.24 12:58:07 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.08.24 12:58:07 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.08.24 12:58:07 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.08.24 12:58:07 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.08.24 12:58:07 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.08.24 12:58:07 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.08.24 12:58:07 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.08.24 12:58:07 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.08.24 12:58:07 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.08.24 12:58:07 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.08.24 12:58:07 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.08.24 12:58:07 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.08.24 12:58:07 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.08.24 12:58:07 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.08.24 12:58:07 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.08.24 12:58:07 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.08.24 12:58:07 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.08.24 12:58:07 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012.08.24 12:54:47 | 001,595,524 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.23 22:18:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.24 01:07:44 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\AVG2012 [2013.01.23 12:18:59 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Babylon [2012.12.06 01:21:42 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\BitComet [2013.01.13 16:31:20 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\DAEMON Tools Lite [2012.12.30 02:16:23 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Might & Magic Heroes VI [2012.09.15 12:52:16 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Origin [2012.10.08 17:15:45 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 2095 bytes -> C:\Users\Erika\Documents\Afrika.eml:OECustomProperty @Alternate Data Stream - 1491 bytes -> C:\Users\Erika\Documents\evfolyamtalalkozo.eml:OECustomProperty @Alternate Data Stream - 1363 bytes -> C:\Users\Erika\Documents\Cicus.eml:OECustomProperty @Alternate Data Stream - 1171 bytes -> C:\Users\Erika\Documents\Willkommen bei Amango.eml:OECustomProperty < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 2013.01.23. 17:12:22 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Erika\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.
4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,21% Memory free
8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 258,04 Gb Free Space | 55,40% Space Free | Partition Type: NTFS
Computer Name: ERIKA-PC | User Name: Erika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1769829092-3719786494-2690435196-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04604B9D-FC96-497E-BD20-6A439C6CFFCE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0A114972-EF80-4FC5-8637-8B8BFEF4BD07}" = rport=445 | protocol=6 | dir=out | app=system |
"{0AC70634-9348-415C-A0A5-E326754299BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{154D6732-56E6-4206-AAEB-29E0B955C1FC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1913832C-3EA3-4089-BCB5-CA104F257491}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1ED97DD9-4667-4271-B385-F157D4C38046}" = lport=17539 | protocol=6 | dir=in | name=bitcomet 17539 tcp |
"{265A5FF9-3E2F-40D4-A5FF-FED2275F29F0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D70AF6A-ADFC-4F7F-B3B6-28834F05BD9A}" = lport=445 | protocol=6 | dir=in | app=system |
"{31B8974A-385E-46AF-BF12-93A57DFCB55E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34862CA3-B129-4352-A94A-66495C2A7169}" = lport=17539 | protocol=6 | dir=in | name=bitcomet 17539 tcp |
"{34D7DAED-BC4D-4E71-AA7F-9836F4200A92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B2A041E-4759-45DB-917E-F7E0B8DB4017}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3FD7AC68-B3B8-4092-B872-31CE4D75B39D}" = lport=17539 | protocol=17 | dir=in | name=bitcomet 17539 udp |
"{412428A7-91D9-4E99-B2FC-0FA93BE3B54B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{544D477A-9D86-4C7D-9599-58CB870F75B6}" = rport=138 | protocol=17 | dir=out | app=system |
"{5800E23A-E54F-4476-A2A1-A26F2681CAB0}" = rport=139 | protocol=6 | dir=out | app=system |
"{7310F6CC-6D26-4E08-9952-6A1CC64E7102}" = lport=17539 | protocol=17 | dir=in | name=bitcomet 17539 udp |
"{804E1268-AC91-4607-BD6D-A9A23070AB18}" = lport=138 | protocol=17 | dir=in | app=system |
"{854009B8-673A-4307-B192-FD9258FA9969}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9498204E-9A65-452A-A077-A70ED1F87761}" = rport=10243 | protocol=6 | dir=out | app=system |
"{96848148-6837-4813-9F18-3F6004582CE3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A21E6E9B-9145-4BC9-8D20-565AFE625CED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A7D8673A-FF59-4E41-9BA6-DC67A2D304D3}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3BE2141-F65E-4863-87C1-2EC4F0B8C24A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B776F48F-BD8F-4ADC-8197-57D998D39119}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C297260A-1028-454F-918F-47664968627B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4FE6824-37A2-4E2C-977D-11F5A0B5496B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FB636729-DCE9-4001-B86A-76DB003DC9A8}" = rport=137 | protocol=17 | dir=out | app=system |
"{FCF53D6A-DD48-430D-BA4C-36F807DEA34D}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ED707D9-E738-4F43-8A8F-9666BAD2198B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{18EAB1AE-C5A0-41CD-B3CC-B81747DF4FA9}" = protocol=6 | dir=out | app=system |
"{1CE0D2F0-DE3D-404B-AAC5-D1BBBF347DD5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1EA9CC53-5A5A-4C5E-AE48-D87F9686A124}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EF6E179-96C9-4C17-AACF-291CE1EDFEC9}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{249F293B-3FBA-41CA-A005-A808FF6E7707}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{266994DC-8C9A-4CF4-A439-85D212DC3842}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{298B8682-E692-4A07-878A-3EEF6B197484}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{2ED14AF8-5EEC-4DED-A463-53E77F719EDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30E1A68F-3095-4C00-BB6A-021E428BB3BA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{318EB10F-1535-4056-8A8C-5CFF94D31FEE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{3E764726-0279-475E-9FC2-A5A69AE15A61}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{410266EA-D8F0-4354-935D-3BBBE0358BBE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{443250E0-0258-480F-AE76-225089E3BB57}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{458E17D5-9055-4DE2-8F69-095E669068D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{471A6990-4DD6-4278-A61C-4C8F977372D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{481C4844-86EE-44E6-A076-C493A897561C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{487269C0-0746-476D-A676-6D0FD8504100}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{588D3C86-E3C0-469A-AC3D-2E422B4382C7}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{5E6BECD2-F00A-477C-925F-65235C7D31DB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6430876D-97E8-44DA-89DB-8975EAE09272}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{658A882B-4F9A-49F4-B020-B3A1F60C5881}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F69B48D-65BF-41F3-B912-59ABE3CCE5D7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{790CAF31-B15B-4C7F-B5DF-978FBD08FE8B}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{7ACFD3AB-4F7C-4A8B-8B80-F873E41EEE99}" = dir=in | app=c:\users\erika\appdata\local\microsoft\skydrive\skydrive.exe |
"{83A8FBC4-9743-49F4-99A3-D5986519F17C}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{8A8647E2-C92F-4AA4-8E47-9A71081EB066}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9481426D-F99F-4FF5-B5EB-C9F93CC1ED31}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{97B357ED-8551-47AB-B4FB-0B5775BB4EF2}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{9A4AF6D6-B5A6-43B8-96AE-5304D8997699}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A6B7015-3908-4284-87E8-C9AA526925D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9EAA96D5-8B84-4024-9CB3-AAD029027630}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B76A688E-5E20-46C1-B70F-E02789A0A267}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B7E64618-B9F2-4C57-8057-E88DCA4C5CA0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C6213C84-F0C9-4A39-A7B3-0AA3F9D2365C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C89AAD0F-C670-47DA-AA27-EE04BB356EE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{CC4893B3-FA33-4961-ACFD-9ACB5F73C6C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CE7A95B7-8FE3-45B8-87FD-B28EF91D2187}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D2091D38-9BFF-4FC0-BA51-B2634A7B5870}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{D403C4B2-770B-44CF-B7CD-B6E5DA6C0FD2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D522162F-500C-417F-A878-FFE89EDB76F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D82770CD-CCE7-4CF0-ABC3-37A56F4B01D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D957B95A-5F14-41F6-9F4A-D4FD4159F12F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC0C4349-0B71-493C-9AF8-3CA1A2AA9E9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3E14C50-354E-4896-A9B0-E201BE16C305}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{E9FCDD27-7B19-4485-B42D-2AB2FC29FAD7}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{EDE27AF9-C0EF-42DB-B55C-3CB98B11CC35}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F6EEACDD-3CD0-4E25-B9B3-FD720F7EF322}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{FFBD9905-2A34-46FB-AF14-B7D73B50B101}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15667DA1-6D17-DD0F-66D7-4221FD246DA8}" = AMD Catalyst Install Manager
"{1B7C624C-4EEE-4A1A-7CE9-CBE76DD23FF2}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416034FF}" = Java(TM) 6 Update 34 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
"{2D445001-F852-CFF5-8056-F629A0AA2C55}" = AMD Drag and Drop Transcoding
"{2E22DBC9-030D-87B3-5E9C-51792D09A3BE}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63140E2E-FC1B-3F88-8A7C-AC04DB549823}" = Microsoft .NET Framework 4 Client Profile HUN Language Pack
"{64A3A4F4-B792-11D6-A78A-00B0D0160340}" = Java(TM) SE Development Kit 6 Update 34 (64-bit)
"{6A1D3B4D-A746-26DD-DB3C-FA9B6CED6FDB}" = AMD Media Foundation Decoders
"{70AD2848-D236-459A-BF18-BF8E063D7BB2}" = AVG 2012
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-040E-1000-0000000FF1CE}" = Microsoft Office Access MUI (Hungarian) 2010
"{90140000-0015-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-040E-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Hungarian) 2010
"{90140000-0016-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-040E-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hungarian) 2010
"{90140000-0018-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-040E-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hungarian) 2010
"{90140000-0019-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-040E-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hungarian) 2010
"{90140000-001A-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-040E-1000-0000000FF1CE}" = Microsoft Office Word MUI (Hungarian) 2010
"{90140000-001B-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040E-1000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-040E-1000-0000000FF1CE}_Office14.PROPLUS_{70A6C738-452C-4999-9780-B2C23339711D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-040E-1000-0000000FF1CE}" = Microsoft Office Proofing (Hungarian) 2010
"{90140000-002C-040E-1000-0000000FF1CE}_Office14.PROPLUS_{4DCDAFA4-2F6C-4B5C-A2B6-4425AF5F4E48}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-040E-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Hungarian) 2010
"{90140000-0043-040E-1000-0000000FF1CE}_Office14.PROPLUS_{BB070C2A-C13E-4517-8E0C-AD50FF144BC7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-040E-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hungarian) 2010
"{90140000-0044-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-040E-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Hungarian) 2010
"{90140000-006E-040E-1000-0000000FF1CE}_Office14.PROPLUS_{A65ED467-800E-403A-AC2F-981B66A4B869}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-040E-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hungarian) 2010
"{90140000-00A1-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-040E-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Hungarian) 2010
"{90140000-00BA-040E-1000-0000000FF1CE}_Office14.PROPLUS_{6DBDB3B3-99C9-468D-A3EF-051075A73739}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A89B52D3-DA3F-1CA3-BD33-D53871D60081}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FBADEF1E-AFE3-309D-9B42-C030684502C7}" = Microsoft .NET Framework 4 Extended HUN Language Pack
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile HUN Language Pack" = A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended HUN Language Pack" = A kiterjesztett Microsoft .NET-keretrendszer 4 HUN nyelvi csomagja
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054C5EBD-1803-9B06-A201-63A1A8A5C365}" = CCC Help Danish
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Királyi lakosztály Cuccok
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0FB8CBBF-CFBA-B7C5-6433-4F5132783C31}" = CCC Help Portuguese
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Szabadtéri kalandok Cuccok
"{143412FA-840C-6158-599F-2B32D0861F80}" = Catalyst Control Center Graphics Previews Common
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Cuccok
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EA5B84-7055-65D9-7378-59750A15C6B5}" = CCC Help Russian
"{2680C5AE-EDC8-7A73-3D41-FCE9A2F22390}" = CCC Help German
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{32E879B3-F89C-5385-78C8-4DE7730C5FA0}" = AMD VISION Engine Control Center
"{33D64034-5BC0-FF4F-6176-62ED61555CA8}" = CCC Help Thai
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Vár a színpad
"{3CFAAB58-35C8-84C9-1391-8D4373714AFE}" = CCC Help Spanish
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Leszáll az éj
"{453FDDF1-BA65-8D13-2E6F-1740190BB5C4}" = CCC Help Greek
"{4728A95D-FD9B-CEE9-9609-BB01B5F82A0B}" = CCC Help Turkish
"{4AFC194C-FEAD-B844-92C2-D0273872ECCF}" = CCC Help Dutch
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5308F6BF-4660-926A-B611-0CBB32F44DD0}" = CCC Help Swedish
"{5D382E05-9CFA-45A5-962B-8F578E7D3A23}" = Photo Common
"{63535877-2396-4437-9BF5-C9BE41EE7677}" = Windows Live Essentials
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{69425AB7-75BF-25FC-EB4F-D2EAE9D82AA5}" = CCC Help Hungarian
"{6B00CD97-EADD-3AFC-A844-89EB4DA73461}" = Catalyst Control Center InstallProxy
"{6F0C74FE-78BB-417E-969E-BB756F21ADEA}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 Luxuslakás Cuccok
"{723E4732-695B-4628-B5EC-A98EA34AA0F0}" = Movie Maker
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{749D0B62-5610-4ADE-82E6-399E6B4DAD80}" = Windows Live Writer Resources
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{79839E2D-82B1-6DF1-97A6-6737E4404407}" = CCC Help Japanese
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Városszépítő Cuccok
"{7C2D9B2C-D78C-EC0A-2337-612FD4799750}" = CCC Help Czech
"{7D9C2CBE-5941-0250-2922-804D0A506ED0}" = CCC Help Polish
"{7E664C9F-0341-11F9-39F7-E2493FACF037}" = Adobe® Content Viewer
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9057D097-0563-6FFB-CDC6-DB2B2C5D1014}" = CCC Help Italian
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Álomállások
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98994720-A230-4F45-875C-AD56E28448F1}" = Windows Live Mail
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2506E3-9A3F-45B5-96BF-509CAD584650}" = The Sims™ 3 Katy Perry Édes apróságok
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA387C7F-7413-9C5A-DB71-70E406A8A92E}" = CCC Help French
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B00F5097-1F34-D3EA-4FB9-8DD2FAFF66F4}" = CCC Help Finnish
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Természetfeletti erők
"{B42129AB-E528-9CB4-7C8B-3BFE648F5CD8}" = CCC Help Norwegian
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 A világ körül
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Házi kedvenc
"{C1A27149-1897-8509-CBFC-2C96866C8AD6}" = CCC Help Korean
"{C2CDACDF-EC5C-4F9F-B2D7-D6486CFAAD58}" = Fotótár
"{C37B38A0-527E-4579-A24B-0F5B42215193}" = Windows Live Family Safety
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D775D71D-C54B-41AE-97C2-EDEEBCA4FFCF}" = Windows Live Messenger
"{DE54DD68-6E24-9B72-467A-DFEE00E6E9A8}" = CCC Help Chinese Traditional
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Nemzedékek
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{E9FDD18A-206A-9A43-AAE3-AB72EFFCD333}" = CCC Help Chinese Standard
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Padlógáz Cuccok
"{ED524538-828E-1AD8-D0E1-E2E72C926EE0}" = CCC Help English
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCFE800F-8F42-1AC9-895C-10389CB90D86}" = Catalyst Control Center Localization All
"{FDF614F8-710F-4C28-A90F-07A9BC82774D}" = Windows Live UX Platform Language Pack
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Astroburn Lite" = Astroburn Lite
"BitComet_x64" = BitComet 1.33 64-bit
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"iLivid" = iLivid
"Kobo" = Kobo
"Mozilla Firefox 15.0.1 (x86 hu)" = Mozilla Firefox 15.0.1 (x86 hu)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"RADVideo" = RAD Video Tools
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1769829092-3719786494-2690435196-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2013.01.23. 11:48:25 | Computer Name = Erika-PC | Source = ESENT | ID = 455
Description = Windows (3400) Windows: Hiba (-1811) történt a következő naplófájl
megnyitásakor: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0009A.log.
Error - 2013.01.23. 11:48:39 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 9000
Description =
Error - 2013.01.23. 11:48:42 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 2013.01.23. 11:48:44 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 2013.01.23. 11:48:46 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 2013.01.23. 11:48:48 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 2013.01.23. 11:48:50 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 2013.01.23. 11:48:50 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 2013.01.23. 11:48:50 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 2013.01.23. 11:48:50 | Computer Name = Erika-PC | Source = Windows Search Service | ID = 7010
Description =
[ System Events ]
Error - 2012.12.29. 15:38:19 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (vToolbarUpdater13.2.0) a következő hiba következtében
leállt: %%1053
Error - 2013.01.06. 15:10:15 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7009
Description = Letelt egy időkorlát (30000 ms) a(z) vToolbarUpdater13.2.0 szolgáltatás
kapcsolódására való várakozás közben.
Error - 2013.01.06. 15:10:15 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (vToolbarUpdater13.2.0) a következő hiba következtében
leállt: %%1053
Error - 2013.01.09. 14:36:43 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7011
Description = Letelt egy időkorlát (30000 ms) a(z) lmhosts szolgáltatásnak a tranzakcióra
adott válaszára való várakozás közben.
Error - 2013.01.15. 2:53:31 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7024
Description = A szolgáltatás (Windows Search) leállt a következő szolgáltatásspecifikus
hibával: %%-1073473535
Error - 2013.01.15. 2:53:31 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7031
Description = A(z) Windows Search szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal
fordult elő. 30000 milliszekundumon belül a következő ellenintézkedés történik:
A szolgáltatás újraindítása.
Error - 2013.01.15. 2:54:20 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7032
Description = A szolgáltatásvezérlő kezelője megpróbált ellenintézkedést tenni (A
szolgáltatás újraindítása) a(z) Windows Search szolgáltatás váratlan leállása után,
de a művelet a következő hiba miatt sikertelen volt: %%1056
Error - 2013.01.22. 16:14:02 | Computer Name = Erika-PC | Source = DCOM | ID = 10010
Description =
Error - 2013.01.23. 11:48:51 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7024
Description = A szolgáltatás (Windows Search) leállt a következő szolgáltatásspecifikus
hibával: %%-1073473535
Error - 2013.01.23. 11:48:51 | Computer Name = Erika-PC | Source = Service Control Manager | ID = 7031
Description = A(z) Windows Search szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal
fordult elő. 30000 milliszekundumon belül a következő ellenintézkedés történik:
A szolgáltatás újraindítása.
< End of report >
Soll ich GMER herunterladen? Vielen Dank im Voraus! Zsófia |
| Themen zu mystart by incredimail ist zu entfernen |
| .com, 7-zip, adobe, avg, avg secure search, bho, chrome, defender, enigma, entfernen, excel, explorer, fehlermeldung, firefox, flash player, format, google, helper, incredimail, install.exe, installation, logfile, msvcrt, mystart, plug-in, realtek, registry, rundll, scan, search the web, secure search, software, starten, svchost.exe, udp, virus, visual studio, vtoolbarupdater, windows |
Baum-Darstellung