| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AdWare.Win32.Bromngr.hWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.02.2013, 16:01
| #1 |
| |  AdWare.Win32.Bromngr.h Hallo zusammen, ich habe seit gestern Abend folgendes Problem: Ich erhalte- unabhängig davon was ich am PC mache(Firefox öffen, Mozilla Thunderbird öffnen) eine Warnung meines Virenprogramm Kaspersky mit folgendem Text: Gefunden: not-a-virus:AdWare.Win32.Bromngr.h. Ich kann und konnte mit dieser Meldung nichts anfangen und habe nach dieser Datei gesucht. Diese Datei befindet sich in:C\dukumente und einstellungen\all users\broserprotect.dll. Nachdem ich diesen Ordner(broserprotect) öffnete fand ich folgende Dateien:{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}Hauptordner. Darin enthalten: FirefoxExtension traking_settings bl BroserProtect.dll BroserProtect.settings Meine erste Handlung war, das ich ein Maleware Programm im abgesichertern Modus durchlaufen ließ, doch ohne Ergebniss. Desweiteren fand sich folgende Datei in diesem Ornder: Backdoor.Win32.Rbot.kur. Diese Datei wurde allerdings von Kaspersky nach dem Neustart verarbeitet. Ich bin mir aber sehr unsicher das diese Datei tatsächlich weg ist. Die Meldung not-a-virus:adWare.Win32.Bromngr.h hatte ich bißher 115 mal. Ich denke das sich dieer Virus oder was immer das ist überall eingenistet hat. Ich bin echt ratlos was ich machen soll. Ich will dieses Datei auch nicht versuchen zu löschen(Was mir Kaspersky anbietet) Da ich mal gehört habe das sich solche Dateien nach dem löschen einfach nur verschoben sind. Ich hoffe sehr das ihr mir helfen könnt. Es folgen nun die OTL.txt und die Extra.txt Dateien. Doch zuvor meine PC Daten: Windos 7 64 Bit Premium Edition i7-2600 CPU@ 3,40 GHZ Grafik Nvidia GT 530 Arbeitsspeicher 6,00 GB OTL: OTL logfile created on: 2/9/2013 2:47:54 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NordAlex\Documents\Flight Simulator X-Dateien 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.98 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 71.51% Memory free 11.96 Gb Paging File | 9.66 Gb Available in Paging File | 80.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 372.60 Gb Total Space | 235.70 Gb Free Space | 63.26% Space Free | Partition Type: NTFS Drive D: | 544.72 Gb Total Space | 165.50 Gb Free Space | 30.38% Space Free | Partition Type: NTFS Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/09 14:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NordAlex\Documents\Flight Simulator X-Dateien\OTL.exe PRC - [2013/02/09 14:31:43 | 000,050,477 | ---- | M] () -- C:\Users\NordAlex\Desktop\Defogger.exe PRC - [2013/02/08 16:00:19 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe PRC - [2013/02/06 10:26:41 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Users\Alexander\AppData\Local\Mozilla Firefox\firefox.exe PRC - [2013/01/20 02:30:50 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\NordAlex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/12/29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/08/23 14:40:04 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe PRC - [2012/05/29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012/03/24 12:55:31 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012/01/08 02:52:19 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2011/12/23 05:45:43 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/02/01 22:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 22:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/12/02 03:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe PRC - [2010/11/27 06:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010/11/03 10:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010/10/21 10:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2009/12/23 22:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe PRC - [2009/12/23 22:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe ========== Modules (No Company Name) ========== MOD - [2013/02/09 14:31:43 | 000,050,477 | ---- | M] () -- C:\Users\NordAlex\Desktop\Defogger.exe MOD - [2013/02/08 16:00:19 | 014,586,736 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll MOD - [2013/02/06 10:26:41 | 003,023,256 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Mozilla Firefox\mozjs.dll MOD - [2012/03/24 12:55:31 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/03/24 12:55:31 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012/03/24 12:55:31 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2012/03/24 12:55:31 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012/03/24 12:55:31 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2011/12/23 05:45:43 | 002,123,928 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2011/12/23 05:45:43 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2011/12/23 05:45:43 | 000,021,144 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/09/13 14:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer) SRV:64bit: - [2012/08/23 14:40:04 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/02/08 16:00:19 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/11/25 05:13:12 | 000,821,720 | ---- | M] (Mister Group) [On_Demand | Stopped] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService) SRV - [2012/11/12 19:48:35 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012/10/31 18:33:19 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2012/10/26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService) SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/09/06 02:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/25 17:50:42 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/03/24 12:55:31 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/02/01 22:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 22:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/12/02 03:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc) SRV - [2010/11/03 10:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/10/21 10:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/23 22:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/31 18:33:38 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012/07/03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/24 17:39:54 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011/02/24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011/01/30 22:58:40 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2010/12/28 20:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/09/23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010/02/04 06:17:54 | 000,122,624 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smtmoser.sys -- (smtmoser) DRV:64bit: - [2010/01/14 13:27:46 | 000,032,544 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2010/01/14 13:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) DRV:64bit: - [2010/01/14 13:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) DRV:64bit: - [2010/01/14 13:27:18 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) DRV:64bit: - [2010/01/13 08:04:54 | 000,114,432 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smtmodev.sys -- (smtmodev) DRV:64bit: - [2009/12/23 17:00:39 | 000,031,744 | R--- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smtmoadb.sys -- (androidusb) DRV:64bit: - [2009/11/24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009/11/24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/10/22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\32748552.sys -- (32748552) DRV:64bit: - [2009/10/22 11:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\98894662.sys -- (98894662) DRV:64bit: - [2009/10/22 11:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\93299982.sys -- (93299982) DRV:64bit: - [2009/10/09 23:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\3274855.sys -- (setup_9.0.0.722_02.01.2012_06-22drv) DRV:64bit: - [2009/10/09 21:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\9329998.sys -- (de_cleaner_kasperskydrv) DRV:64bit: - [2009/09/25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\32748551.sys -- (32748551) DRV:64bit: - [2009/09/25 15:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\98894661.sys -- (98894661) DRV:64bit: - [2009/09/25 15:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\93299981.sys -- (93299981) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006/11/29 23:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/01/04 22:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c503a1e3-9d5c-4e44-b2ff-a52edf19716e&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=110227&tt=0413_1&babsrc=HP_ss&mntrId=fc9ca2d4000000000000f46d04e0dcd3 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c503a1e3-9d5c-4e44-b2ff-a52edf19716e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c503a1e3-9d5c-4e44-b2ff-a52edf19716e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110227&tt=0413_1&babsrc=HP_ss&mntrId=fc9ca2d4000000000000f46d04e0dcd3 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://search.babylon.com/?affID=113931&tt=3512_3&babsrc=HP_ss&mntrId=fc9ca2d4000000000000f46d04e0dcd3 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c503a1e3-9d5c-4e44-b2ff-a52edf19716e&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c503a1e3-9d5c-4e44-b2ff-a52edf19716e&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {70BA3E6B-1059-2266-0B2C-40E4A85231B8} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c503a1e3-9d5c-4e44-b2ff-a52edf19716e&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110227&tt=0413_1&babsrc=SP_ss&mntrId=fc9ca2d4000000000000f46d04e0dcd3 IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searc IE - HKCU\..\SearchScopes\{70BA3E6B-1059-2266-0B2C-40E4A85231B8}: "URL" = hxxp://www.ddlstart.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=750&product_id=872&affiliate_id=&channel=&toolbar_id=200&toolba r_version=2.5.0&install_country=SE&install_date=20120829&user_guid=0F1E5236B4E94102872AC32A019021BD&machine_id=871a4301b0c7ef8673a170cee1435e05&browse r=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=1234507008324437&p2=^A9T^YYYYYY^YY^DE&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyMtvnQR1&i=26 IE - HKCU\..\SearchScopes\{E6F8FE7C-C18F-410C-A5D2-EE08DB003675}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7B58bd07eb-0ee0-4df0-8121-dc9b693373df%7D:2.6.1095.52 FF - prefs.js..extensions.enabledAddons: %7B1d8566bd-f06f-4029-a3be-ba80af5a09f3%7D:3.16.0.3 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2529008&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/31 18:33:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/31 18:33:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/31 18:33:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/07 19:14:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/22 21:57:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Users\Alexander\AppData\Local\Mozilla Firefox\components [2013/02/06 10:26:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/07 21:23:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/07 19:14:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/01/21 17:39:56 | 000,000,000 | ---D | M] [2012/08/28 15:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions [2013/02/01 22:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions [2013/02/01 22:47:39 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} [2012/06/14 22:24:21 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2013/02/01 21:32:19 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e} [2013/01/21 17:39:47 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions\ffxtlbr@babylon.com [2012/08/29 07:33:59 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions\ffxtlbr@incredibar.com [2012/08/29 08:38:24 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions\helperbar@helperbar.com [2012/03/31 23:25:57 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions\software@loadtubes.com [2013/02/01 22:47:38 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013/02/01 21:32:14 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/06/05 12:02:17 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012/12/09 19:03:18 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013/01/21 17:39:48 | 000,002,432 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\searchplugins\babylon1.xml [2012/08/29 07:33:46 | 000,002,203 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\searchplugins\MyStart Search.xml [2012/07/10 12:03:40 | 000,002,519 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\searchplugins\Search_Results.xml [2012/08/26 16:28:41 | 000,003,915 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\searchplugins\sweetim.xml [2012/08/29 08:38:23 | 000,002,401 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\searchplugins\Web Search.xml [2012/08/29 19:16:43 | 000,001,389 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c8vzjmdz.default\searchplugins\yahoo-zugo.xml [2012/09/26 13:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/11/02 11:27:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/09/22 21:57:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>  -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5[2013/01/21 17:39:56 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1095.52\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION [2012/04/14 23:24:30 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml [2012/07/10 12:03:40 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.babylon.com/?affID=110227&tt=0413_1&babsrc=HP_ss&mntrId=fc9ca2d4000000000000f46d04e0dcd3 CHR - Extension: No name found = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: No name found = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: No name found = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\ CHR - Extension: No name found = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\ CHR - Extension: No name found = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\ CHR - Extension: No name found = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: No name found = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {336D0C35-8A85-403a-B9D2-65C292C39087} - No CLSID value found. O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {336D0C35-8A85-403a-B9D2-65C292C39087} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe () O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - HKCU..\Run: [SystemExplorerAutoStart] C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ACR Launcher.lnk = C:\Program Files (x86)\ACR\AutoClubRev\web\acrlauncher.exe () O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_02.01.2012_06-22.lnk = C:\Users\Alexander\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_02.01.2012_06-22\startup.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 61 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = Reg Error: Unknown registry data type File not found O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html File not found O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62D71BE2-9D6B-4ED6-B6F2-EEADD29E9560}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/09 03:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer [2013/02/09 03:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer [2013/02/09 03:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Explorer [2013/02/07 20:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013/02/07 14:51:01 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Programs [2013/02/06 10:26:39 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Mozilla Firefox [2013/02/03 18:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013/02/03 07:01:56 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\fscabincrew [2013/02/02 20:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSrealWX [2013/02/02 00:07:28 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Autogenfsx [2013/02/01 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVAO [2013/02/01 19:37:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Flight Simulator X Files [2013/02/01 19:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations [2013/01/31 20:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games [2013/01/29 02:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FSacars [2013/01/29 01:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hoppie [2013/01/29 01:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hoppie [2013/01/23 15:37:02 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sim Giants [2013/01/22 15:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/01/21 17:40:07 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013/01/21 17:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013/01/21 17:39:52 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\BabSolution [2013/01/21 17:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2013/01/21 17:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2013/01/11 18:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013/01/11 18:19:51 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012/04/14 21:00:04 | 010,255,080 | ---- | C] (Lavalys, Inc. ) -- C:\Users\Alexander\everestultimate550.exe [2006/11/13 16:24:29 | 000,471,040 | ---- | C] (Dacris Software Inc.) -- C:\Program Files (x86)\NETXP.Win32.dll [2006/11/13 16:24:29 | 000,270,336 | ---- | C] (Dacris Software Inc.) -- C:\Program Files (x86)\NETXP.Controls.Bars.dll [2006/11/13 15:42:55 | 000,102,400 | ---- | C] (Dacris Software Inc.) -- C:\Program Files (x86)\NETXP.Library.dll [27 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/09 14:46:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-6122749-2738092227-322479413-1003UA.job [2013/02/09 14:32:59 | 000,000,000 | ---- | M] () -- C:\Users\Alexander\defogger_reenable [2013/02/09 14:28:21 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013/02/09 14:18:03 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/09 14:18:03 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/09 14:16:54 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/09 14:16:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/09 14:16:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/09 12:32:31 | 001,645,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/09 12:32:31 | 000,708,712 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/09 12:32:31 | 000,664,030 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/09 12:32:31 | 000,152,090 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/09 12:32:31 | 000,125,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/09 12:29:29 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/09 12:27:24 | 522,944,511 | -HS- | M] () -- C:\hiberfil.sys [2013/02/09 03:04:30 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\System Explorer.lnk [2013/02/08 22:46:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-6122749-2738092227-322479413-1003Core.job [2013/02/07 20:30:27 | 000,000,566 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2013/02/07 14:51:30 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/01 14:42:58 | 000,304,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/31 13:23:28 | 000,002,050 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013/01/14 15:24:51 | 000,001,114 | ---- | M] () -- C:\Users\Alexander\Desktop\Teamspeak 2 RC2.lnk [2013/01/13 16:06:35 | 000,005,543 | ---- | M] () -- C:\Program Files (x86)\settings.xml [27 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/09 14:32:59 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\defogger_reenable [2013/02/09 03:04:30 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\System Explorer.lnk [2013/02/07 20:30:27 | 000,000,566 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2013/02/07 14:51:30 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/03 18:04:18 | 000,000,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013/01/14 15:24:51 | 000,001,114 | ---- | C] () -- C:\Users\Alexander\Desktop\Teamspeak 2 RC2.lnk [2012/12/31 00:16:51 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012/12/05 17:24:44 | 000,005,543 | ---- | C] () -- C:\Program Files (x86)\settings.xml [2012/10/28 03:22:58 | 000,000,022 | ---- | C] () -- C:\Windows\WET.INI [2012/10/15 15:49:43 | 000,007,606 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg [2012/10/15 15:38:14 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini [2012/09/26 12:54:41 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2012/08/20 12:40:09 | 001,622,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/08/17 12:37:05 | 000,000,179 | ---- | C] () -- C:\Users\Alexander\FSDreamTeam_GSX.reg [2012/08/07 12:18:09 | 000,002,098 | ---- | C] () -- C:\Users\Alexander\AppData\Local\recently-used.xbel [2012/07/05 17:44:24 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2012/06/15 21:55:46 | 000,001,965 | ---- | C] () -- C:\Users\Alexander\Audible Manager.lnk [2012/06/14 22:23:04 | 001,038,864 | ---- | C] () -- C:\Users\Alexander\Google-Updater-2-4.exe [2012/06/13 17:54:16 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2012/06/05 23:19:09 | 000,002,030 | ---- | C] () -- C:\Users\Alexander\Sony PC Companion 2.1.lnk [2012/06/05 11:40:54 | 000,002,209 | ---- | C] () -- C:\Users\Alexander\TuneUp 1-Klick-Wartung.lnk [2012/06/05 11:40:54 | 000,002,189 | ---- | C] () -- C:\Users\Alexander\TuneUp Utilities 2012.lnk [2012/06/03 23:03:28 | 000,001,207 | ---- | C] () -- C:\Users\Alexander\Driver Genius Professional Edition.lnk [2012/04/28 00:33:49 | 000,002,517 | ---- | C] () -- C:\Users\Alexander\Skype.lnk [2012/04/27 22:17:43 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.bin [2012/04/15 13:22:42 | 000,001,231 | ---- | C] () -- C:\Users\Alexander\AIDA64 Extreme Edition.lnk [2012/04/14 21:00:34 | 000,001,122 | ---- | C] () -- C:\Users\Alexander\EVEREST Ultimate Edition.lnk [2012/04/09 23:02:11 | 000,000,080 | ---- | C] () -- C:\Users\Alexander\AppData\Local\X-Plane Installer.prf [2012/02/22 01:46:54 | 000,001,192 | ---- | C] () -- C:\Users\Alexander\OpenOffice.org 3.3.lnk [2012/02/06 13:56:35 | 000,001,007 | ---- | C] () -- C:\Users\Alexander\SpeedFan.lnk [2012/01/22 19:43:13 | 000,002,211 | ---- | C] () -- C:\Users\Alexander\Veoh Web Player.lnk [2012/01/22 19:41:56 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012/01/19 22:07:42 | 000,001,109 | ---- | C] () -- C:\Users\Alexander\ Malwarebytes Anti-Malware .lnk [2012/01/19 20:52:56 | 000,001,020 | ---- | C] () -- C:\Users\Alexander\City Life.lnk [2012/01/08 02:52:05 | 000,000,921 | ---- | C] () -- C:\Users\Alexander\Steam.lnk [2012/01/08 00:42:33 | 000,001,031 | ---- | C] () -- C:\Users\Alexander\PhotoScape.lnk [2012/01/07 21:49:25 | 000,002,255 | ---- | C] () -- C:\Users\Alexander\Google Chrome.lnk [2012/01/07 21:38:21 | 000,001,890 | ---- | C] () -- C:\Users\Alexander\IrfanView Thumbnails.lnk [2012/01/07 21:38:21 | 000,000,998 | ---- | C] () -- C:\Users\Alexander\IrfanView.lnk [2012/01/07 19:13:37 | 000,001,355 | ---- | C] () -- C:\Users\Alexander\HP Solution Center.lnk [2012/01/07 19:08:38 | 000,241,145 | ---- | C] () -- C:\Windows\hpwins28.dat [2012/01/07 18:14:07 | 000,017,408 | ---- | C] () -- C:\Users\Alexander\AppData\Local\WebpageIcons.db [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/05/06 23:26:35 | 000,001,726 | ---- | C] () -- C:\Users\Alexander\ASUS Backup Wizard.lnk [2011/05/06 23:26:24 | 000,002,032 | ---- | C] () -- C:\Users\Alexander\ASUS Vibe Fun Center.lnk [2011/05/06 23:25:41 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2011/05/06 23:25:06 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011/05/06 23:25:00 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll [2011/05/06 23:25:00 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011/05/06 23:25:00 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011/05/06 23:25:00 | 000,001,664 | ---- | C] () -- C:\Users\Alexander\AI Manager.lnk [2011/05/06 23:20:31 | 000,002,023 | ---- | C] () -- C:\Users\Alexander\Adobe Reader X.lnk [2011/05/06 23:14:07 | 000,008,964 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011/05/06 23:14:01 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2011/05/06 23:14:01 | 000,005,572 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011/05/06 23:14:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/05/06 22:56:35 | 034,698,455 | ---- | C] () -- C:\Users\Alexander\CM6730_User Manual.pdf [2007/02/25 16:28:00 | 000,819,712 | ---- | C] () -- C:\Program Files (x86)\VATroute.exe ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/09/26 13:05:32 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\.minecraft [2012/02/07 00:24:08 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\AbiSuite [2012/02/28 20:13:32 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Anvsoft [2013/01/21 17:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\BabSolution [2012/08/26 16:22:32 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Babylon [2012/08/29 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\BabylonToolbar [2012/06/23 01:26:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Disposition [2013/02/03 07:01:56 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\fscabincrew [2012/01/11 17:13:28 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Greenshot [2012/01/07 21:38:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\IrfanView [2012/09/25 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\IVAO [2012/07/08 08:38:49 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Lockheed Martin [2012/08/29 07:33:29 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mobile Action [2012/08/31 08:55:42 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\MyPhoneExplorer [2012/03/25 22:38:50 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Need for Speed World [2012/08/29 08:55:37 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Notepad++ [2012/01/22 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\OCS [2012/01/22 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Opera [2012/08/29 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Optimizer Pro [2012/01/08 00:52:44 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\PhotoScape [2012/10/26 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ScummVM [2012/05/01 19:15:19 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Sony [2012/01/07 21:23:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Thunderbird [2012/08/29 13:02:01 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TP [2012/10/15 17:01:10 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TuneUp Software [2012/11/05 21:29:11 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Utherverse [2012/07/22 19:51:51 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\VAT-Spy [2012/09/26 00:40:15 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Virtuali [2012/11/12 00:46:00 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\wargaming.net [2012/01/08 19:45:39 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Wireshark ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:74603393 < End of report > Extra: OTL Extras logfile created on: 2/9/2013 2:47:54 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NordAlex\Documents\Flight Simulator X-Dateien 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.98 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 71.51% Memory free 11.96 Gb Paging File | 9.66 Gb Available in Paging File | 80.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 372.60 Gb Total Space | 235.70 Gb Free Space | 63.26% Space Free | Partition Type: NTFS Drive D: | 544.72 Gb Total Space | 165.50 Gb Free Space | 30.38% Space Free | Partition Type: NTFS Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Users\Alexander\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01DA4DF3-B63D-4C95-8974-82C0B39FFAEE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{079B6CA0-A708-4619-BA0F-D6D7C6F81839}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{08752DDE-A5FC-4266-959D-E614B5575EC1}" = lport=2869 | protocol=6 | dir=in | app=system | "{1C1DC3F3-B1A5-41A6-9F65-760CF47648C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{261A54B4-EC44-438F-8BFF-09214A57AAF5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{2907D9F4-EB75-4051-8945-9A6BBB5C90DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2D0EA0F6-F5C2-46D3-A203-614B42411055}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4518A066-B4C7-40E6-B799-8F7C3D08DB08}" = lport=139 | protocol=6 | dir=in | app=system | "{4D62EEFD-AB57-4885-8FED-D53C08D9B30F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4DFA3268-3AE3-4F31-86DF-C96E61129657}" = rport=138 | protocol=17 | dir=out | app=system | "{57FA64C8-D742-4250-A153-D75F5AD40A55}" = lport=137 | protocol=17 | dir=in | app=system | "{63D7FCBA-8942-4A50-BFF6-4009170F6C2A}" = rport=10243 | protocol=6 | dir=out | app=system | "{705E17BA-8918-4F0B-B683-A9F3F19A9D12}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{7FE1EB18-0664-41EE-820E-4956AA2E2726}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{88A99F31-F23F-4CEE-A350-58B7B3D98EEC}" = lport=138 | protocol=17 | dir=in | app=system | "{8DCDFB6B-1220-4C53-A824-0375570A6482}" = rport=139 | protocol=6 | dir=out | app=system | "{A0F20A39-772E-4D71-88F8-A828975AB4AB}" = lport=10243 | protocol=6 | dir=in | app=system | "{A7C1B8F8-A000-42A1-B292-9084CF8D7EE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AF465B9A-1A5A-45EE-844C-36A536FE5A1B}" = rport=137 | protocol=17 | dir=out | app=system | "{B36FE96F-E682-4F58-B76D-1706A31F8BD2}" = rport=445 | protocol=6 | dir=out | app=system | "{BF2144D5-63A2-4C9A-A4FF-6861C3510888}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C43D0BF7-0BFB-488F-B5A8-B86CF5BCD1D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CFED87E4-40F9-4B09-A290-6FAB1B8AFD23}" = lport=445 | protocol=6 | dir=in | app=system | "{DE4B7BC4-1DC9-4084-8B10-9A1A976A8BAF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E64DAA65-6B12-4B06-8624-96D34B773D14}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{080DC815-6F67-4C12-A126-B3459AF26B08}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{09DDA94B-A855-4661-8091-BEE0C358190B}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "{0AEBFB4A-586E-4AF6-AFB7-B2AA24E99573}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0F9C5871-BA94-43B9-89D9-3094FDB0BED8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{117D39E1-C4A4-45C6-84B3-42CCC5822361}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{12574AE7-A4EA-4402-857D-BF776611F51E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{16ED94E5-7CD4-4052-AA02-D08EAE5B313B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{186150F1-B47A-4C38-A9DD-2199620128A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1DC32024-3F92-49A8-B05B-866EAA546F04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{1E6D4401-C0F7-4D85-88AE-87281C1F8756}" = dir=in | app=c:\program files (x86)\acr\autoclubrev\web\acrlauncher.exe | "{254A1AD9-DCCF-4D71-9373-A03002B76AAE}" = dir=in | app=c:\program files (x86)\acr\autoclubrev\bin\acr.exe | "{26C0A041-28D3-4D72-9525-7FD15C3A0314}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2E795BEB-3207-4020-BFE8-498FBC88AD4E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{35BDAD69-9F78-4906-B6A2-7E9201B873A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3B91C738-BBDD-4864-804A-96C83E2CF2FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{4569BB98-9DDD-48B3-9D81-7141A352C89E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{47B24A46-E22F-4031-8457-FAFDCF92FA60}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{4995C4B0-2BC8-4470-90EA-CDCA130AE3E8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4DFA4F0E-3DFE-45C5-8552-C4342A436741}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{4E10B0C3-DD7B-4B04-B6D3-2E3EFE617013}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{51388396-451F-476E-8AE4-D0864DC0DB8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{63A72291-0C3E-4CB2-8653-EF653BF862C3}" = dir=in | app=c:\program files (x86)\acr\autoclubrev\bin\acr.exe | "{655DCE01-1E15-4DA3-9510-53DEC1F99DD0}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{68A6DDFB-B342-42C3-97C1-6166D30D7B06}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{68CB7933-2231-4B24-8FDD-29F87367A1CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{6CFF4065-BE9E-4089-949B-BCA0ACDCD20D}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "{6D801370-AFFD-40F0-8636-E1570C9BA430}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6EC929F7-50E7-43A1-8535-564A17FFFDDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{710CB609-7311-4490-80F3-AA3B1B58A2DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{7C07CEF1-E196-49ED-B36A-CF1DEA5EB9CF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{7E25D641-D44E-4E16-81FC-81CE37140704}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7FB9F313-2526-4CC9-9521-01D5C4E7AD64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{8CA9A7EC-25F7-4EB6-B46E-D98A7C0261AB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8CB2752C-E9B8-4442-B8D5-37A76F446882}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8EB1043E-C7EA-493D-A21E-A0ECC03A28AD}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{98241342-3255-4772-9C59-8CF91695C1C1}" = protocol=6 | dir=out | app=system | "{9AB28E4E-96C6-4973-9599-186007F25E26}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{9EBE6A8F-5FE1-4F3F-B98E-465EBB701C60}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{A08A7319-44B5-40F6-81FB-02AC94B32327}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A13FC868-8C6C-44F3-A47D-9731C5E5EDAD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{A18FF8BE-A1E8-43E4-813D-8F1FB5CD9A12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{A365A5E7-F466-41F8-8F59-739EDAF2E682}" = protocol=6 | dir=in | app=c:\users\alexander\appdata\local\directdownloader\directdownloader.exe | "{AA401100-EBBB-4CA7-AD29-DB6FCCE512A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{ABCB573C-F162-4DC3-B62D-630027ED7C66}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{AE70A23C-93F2-4964-A43D-E80CDBAC7934}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AECE8C1F-294F-46CE-A24C-B2AAFF2ED1B8}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{AF46B317-E92B-47B7-83F9-13431F817E3D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{B647678F-5737-41BB-88CA-D0722584A771}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B89376C8-BD87-49C5-B144-23C4A92AC723}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC4894C7-1819-4422-B288-B47E1EA8C3CB}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{BCB5A9A0-AAA2-4F91-A219-A4DB5CC4500E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{BF0284BA-6855-4AB8-BAF5-92CF6A746F23}" = protocol=17 | dir=in | app=c:\users\alexander\appdata\local\directdownloader\directdownloader.exe | "{C2005E35-92EB-4B11-A7E2-F09B5545238B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{CAC5891D-AFC0-461F-ACE9-FC54CBB963F5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{CC5C36D7-CFDB-4FFA-A692-6B4DDFD48AAF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CF658CD9-E4A9-4913-BEC5-258513742F4D}" = protocol=6 | dir=in | app=c:\users\alexander\appdata\local\directdownloader\directdownloader.exe | "{D44C5C53-5445-4C62-815A-AFEDBE0F3F9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D4DDDFF3-F5B5-4353-8D77-07156DA6FEAE}" = dir=in | app=c:\program files (x86)\acr\autoclubrev\web\acrlauncher.exe | "{E2111A0B-E531-458F-9EE7-800AA922056F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{EA358F31-56B8-4472-8738-32E5C26DF313}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{EFB96C77-5FDA-4FEE-B002-4BFF080470F7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{F0D4DE49-4B94-4D86-ADC1-DC94EFD91944}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FE369E27-F2A9-44EE-AAA0-DE4C84F2BB51}" = protocol=17 | dir=in | app=c:\users\alexander\appdata\local\directdownloader\directdownloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64 "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "CCleaner" = CCleaner "GIMP-2_is1" = GIMP 2.8.2 "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Logitech Gaming Software" = Logitech Gaming Software 8.20 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Shop for HP Supplies" = Shop for HP Supplies "WinRAR archiver" = WinRAR 4.20 (64-Bit) "WNLT" = Web Optimizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{038B91F1-D33B-4A9C-9F84-2DF19DD04524}" = FollowMe "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{07CC448E-4FFC-444F-999D-10F11AE559FB}" = aerosoft's - Mallorca X for FSX "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{14DE6A13-C4C8-4772-A37C-E4B3B0A86A1F}" = DSL Connection Manager "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20708FD5-E94D-4097-A21E-E28564CDBC06}" = PMDG 737 8900 NGX "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1" = System Explorer 4.0.0 "{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4AC856F9-4ED3-4C78-B5DF-2E12FF441453}" = FS Cabin Crew German Edition "{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{71BF30F2-22A8-454B-B3E9-AB750194EB5C}" = *tmx spanisch "{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.116.12060 "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CECDEFF3-354E-4D1D-B69D-E3B1590AA807}" = *tmx spanisch "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1" = ACR version 0.001 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar "{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{EA6E7823-9E5B-4EDD-9750-C3C87FDF0460}" = aerosoft's - German Airports 3 - 2012 (Hamburg FSX) "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB74294F-B8FC-4387-BEBF-275E36C6076C}" = FS Recorder 2.1 for FSX "{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "AbiWord2" = AbiWord 2.9.2 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.30 "Akamai" = Akamai NetSession Interface Service "Asus Vibe2.0" = AsusVibe2.0 "AudibleManager" = AudibleManager "BabylonToolbar" = Babylon toolbar "City Life" = City Life "CPDLC_is1" = CPDLC 1.5.1 "DivX Setup" = DivX-Setup "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration "Fraps" = Fraps "FSDreamTeam GSX_is1" = FSDreamTeam GSX 1.6 "FSrealWX lite_is1" = FSrealWX lite version 1.06.1475 "Google Updater" = Google Updater "Greenshot_is1" = Greenshot "InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "IrfanView" = IrfanView (remove only) "IvAp-v2_is1" = IvAp v1.9.8 (build 2138) "KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "MyKeyFinder_is1" = MyKeyFinder "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Optimizer Pro_is1" = Optimizer Pro v3.0 "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "QuteScoop 2.0rc21" = QuteScoop "RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X "SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1 "SpeedFan" = SpeedFan (remove only) "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "TOPCAT" = TOPCAT 2.70 - Take-Off and Landing Performance Calculation Tool "VATroute" = VATroute 0.0.1.021 "VATSpy" = VAT-Spy "Veoh Web Player Beta" = Veoh Web Player "ViewpointMediaPlayer" = Viewpoint Media Player "VIRTUALI Addon ManagerX 2.9.0.4_is1" = VIRTUALI Addon ManagerX "VIRTUALI Addon ManagerX 2.9.0.5_is1" = VIRTUALI Addon ManagerX "VIRTUALI Addon ManagerX 2.9.0.6_is1" = VIRTUALI Addon ManagerX "VLC media player" = VLC media player 2.0.0 "WET - The Sexy Empire" = WET - The Sexy Empire "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DirectDownloader" = DirectDownloader ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/6/2013 9:27:10 PM | Computer Name = Alexander-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: fsx.exe, Version: 10.0.61637.0, Zeitstempel: 0x46fadb14 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04246c81 ID des fehlerhaften Prozesses: 0x1504 Startzeit der fehlerhaften Anwendung: 0x01cdec5ef137dee6 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 5ac4624e-5869-11e2-9e7c-f46d04e0dcd3 Error - 1/7/2013 2:41:04 PM | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10 Description = Error - 1/8/2013 5:42:45 AM | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10 Description = Error - 1/9/2013 4:47:49 AM | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10 Description = Error - 1/9/2013 2:10:54 PM | Computer Name = Alexander-PC | Source = .NET Runtime Optimization Service | ID = 1107 Description = Error - 1/9/2013 2:10:54 PM | Computer Name = Alexander-PC | Source = .NET Runtime Optimization Service | ID = 1107 Description = Error - 1/9/2013 2:16:58 PM | Computer Name = Alexander-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 1/9/2013 2:18:05 PM | Computer Name = Alexander-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 1/10/2013 4:47:12 AM | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10 Description = Error - 1/11/2013 2:34:55 PM | Computer Name = Alexander-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: fsx.exe, Version: 10.0.61637.0, Zeitstempel: 0x46fadb14 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04246c81 ID des fehlerhaften Prozesses: 0x1fb0 Startzeit der fehlerhaften Anwendung: 0x01cdf028f65e56f0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 97a7f318-5c1d-11e2-9b2f-f46d04e0dcd3 [ FxaaToolError Events ] Error - 1/29/2013 5:31:52 PM | Computer Name = Alexander-PC | Source = FxaaToolError | ID = 0 Description = System.Data.SQLite.SQLiteException (0x80004005): SQLite error no such table: GameList bei System.Data.SQLite.SQLite3.Prepare(SQLiteConnection cnn, String strSql, SQLiteStatement previous, UInt32 timeoutMS, String& strRemain) bei System.Data.SQLite.SQLiteCommand.BuildNextCommand() bei System.Data.SQLite.SQLiteCommand.GetStatement(Int32 index) bei System.Data.SQLite.SQLiteDataReader.NextResult() bei System.Data.SQLite.SQLiteDataReader..ctor(SQLiteCommand cmd, CommandBehavior behave) bei System.Data.SQLite.SQLiteCommand.ExecuteReader(CommandBehavior behavior) bei System.Data.SQLite.SQLiteCommand.ExecuteReader() bei FXAA_Tool.SQLite.Read() Error - 1/29/2013 6:35:33 PM | Computer Name = Alexander-PC | Source = FxaaToolError | ID = 0 Description = System.Data.SQLite.SQLiteException (0x80004005): SQLite error no such table: GameList bei System.Data.SQLite.SQLite3.Prepare(SQLiteConnection cnn, String strSql, SQLiteStatement previous, UInt32 timeoutMS, String& strRemain) bei System.Data.SQLite.SQLiteCommand.BuildNextCommand() bei System.Data.SQLite.SQLiteCommand.GetStatement(Int32 index) bei System.Data.SQLite.SQLiteDataReader.NextResult() bei System.Data.SQLite.SQLiteDataReader..ctor(SQLiteCommand cmd, CommandBehavior behave) bei System.Data.SQLite.SQLiteCommand.ExecuteReader(CommandBehavior behavior) bei System.Data.SQLite.SQLiteCommand.ExecuteReader() bei FXAA_Tool.SQLite.Read() Error - 1/29/2013 6:38:11 PM | Computer Name = Alexander-PC | Source = FxaaToolError | ID = 0 Description = System.Data.SQLite.SQLiteException (0x80004005): SQLite error no such table: GameList bei System.Data.SQLite.SQLite3.Prepare(SQLiteConnection cnn, String strSql, SQLiteStatement previous, UInt32 timeoutMS, String& strRemain) bei System.Data.SQLite.SQLiteCommand.BuildNextCommand() bei System.Data.SQLite.SQLiteCommand.GetStatement(Int32 index) bei System.Data.SQLite.SQLiteDataReader.NextResult() bei System.Data.SQLite.SQLiteDataReader..ctor(SQLiteCommand cmd, CommandBehavior behave) bei System.Data.SQLite.SQLiteCommand.ExecuteReader(CommandBehavior behavior) bei System.Data.SQLite.SQLiteCommand.ExecuteReader() bei FXAA_Tool.SQLite.Read() Error - 1/29/2013 6:39:34 PM | Computer Name = Alexander-PC | Source = FxaaToolError | ID = 0 Description = System.Data.SQLite.SQLiteException (0x80004005): SQLite error duplicate column name: Shader6 bei System.Data.SQLite.SQLite3.Prepare(SQLiteConnection cnn, String strSql, SQLiteStatement previous, UInt32 timeoutMS, String& strRemain) bei System.Data.SQLite.SQLiteCommand.BuildNextCommand() bei System.Data.SQLite.SQLiteCommand.GetStatement(Int32 index) bei System.Data.SQLite.SQLiteDataReader.NextResult() bei System.Data.SQLite.SQLiteDataReader..ctor(SQLiteCommand cmd, CommandBehavior behave) bei System.Data.SQLite.SQLiteCommand.ExecuteReader(CommandBehavior behavior) bei System.Data.SQLite.SQLiteCommand.ExecuteReader() bei FXAA_Tool.SQLite.Write() Error - 1/29/2013 8:39:20 PM | Computer Name = Alexander-PC | Source = FxaaToolError | ID = 0 Description = System.Data.SQLite.SQLiteException (0x80004005): SQLite error duplicate column name: Shader6 bei System.Data.SQLite.SQLite3.Prepare(SQLiteConnection cnn, String strSql, SQLiteStatement previous, UInt32 timeoutMS, String& strRemain) bei System.Data.SQLite.SQLiteCommand.BuildNextCommand() bei System.Data.SQLite.SQLiteCommand.GetStatement(Int32 index) bei System.Data.SQLite.SQLiteDataReader.NextResult() bei System.Data.SQLite.SQLiteDataReader..ctor(SQLiteCommand cmd, CommandBehavior behave) bei System.Data.SQLite.SQLiteCommand.ExecuteReader(CommandBehavior behavior) bei System.Data.SQLite.SQLiteCommand.ExecuteReader() bei FXAA_Tool.SQLite.Write() Error - 1/29/2013 8:41:35 PM | Computer Name = Alexander-PC | Source = FxaaToolError | ID = 0 Description = System.Data.SQLite.SQLiteException (0x80004005): SQLite error duplicate column name: Shader6 bei System.Data.SQLite.SQLite3.Prepare(SQLiteConnection cnn, String strSql, SQLiteStatement previous, UInt32 timeoutMS, String& strRemain) bei System.Data.SQLite.SQLiteCommand.BuildNextCommand() bei System.Data.SQLite.SQLiteCommand.GetStatement(Int32 index) bei System.Data.SQLite.SQLiteDataReader.NextResult() bei System.Data.SQLite.SQLiteDataReader..ctor(SQLiteCommand cmd, CommandBehavior behave) bei System.Data.SQLite.SQLiteCommand.ExecuteReader(CommandBehavior behavior) bei System.Data.SQLite.SQLiteCommand.ExecuteReader() bei FXAA_Tool.SQLite.Write() Error - 1/29/2013 8:43:11 PM | Computer Name = Alexander-PC | Source = FxaaToolError | ID = 0 Description = System.Data.SQLite.SQLiteException (0x80004005): SQLite error duplicate column name: Shader6 bei System.Data.SQLite.SQLite3.Prepare(SQLiteConnection cnn, String strSql, SQLiteStatement previous, UInt32 timeoutMS, String& strRemain) bei System.Data.SQLite.SQLiteCommand.BuildNextCommand() bei System.Data.SQLite.SQLiteCommand.GetStatement(Int32 index) bei System.Data.SQLite.SQLiteDataReader.NextResult() bei System.Data.SQLite.SQLiteDataReader..ctor(SQLiteCommand cmd, CommandBehavior behave) bei System.Data.SQLite.SQLiteCommand.ExecuteReader(CommandBehavior behavior) bei System.Data.SQLite.SQLiteCommand.ExecuteReader() bei FXAA_Tool.SQLite.Write() Error - 1/29/2013 8:44:22 PM | Computer Name = Alexander-PC | Source = FxaaToolError | ID = 0 Description = System.Data.SQLite.SQLiteException (0x80004005): SQLite error duplicate column name: Shader6 bei System.Data.SQLite.SQLite3.Prepare(SQLiteConnection cnn, String strSql, SQLiteStatement previous, UInt32 timeoutMS, String& strRemain) bei System.Data.SQLite.SQLiteCommand.BuildNextCommand() bei System.Data.SQLite.SQLiteCommand.GetStatement(Int32 index) bei System.Data.SQLite.SQLiteDataReader.NextResult() bei System.Data.SQLite.SQLiteDataReader..ctor(SQLiteCommand cmd, CommandBehavior behave) bei System.Data.SQLite.SQLiteCommand.ExecuteReader(CommandBehavior behavior) bei System.Data.SQLite.SQLiteCommand.ExecuteReader() bei FXAA_Tool.SQLite.Write() Error - 1/29/2013 8:49:59 PM | Computer Name = Alexander-PC | Source = FxaaToolError | ID = 0 Description = System.Data.SQLite.SQLiteException (0x80004005): SQLite error duplicate column name: Shader6 bei System.Data.SQLite.SQLite3.Prepare(SQLiteConnection cnn, String strSql, SQLiteStatement previous, UInt32 timeoutMS, String& strRemain) bei System.Data.SQLite.SQLiteCommand.BuildNextCommand() bei System.Data.SQLite.SQLiteCommand.GetStatement(Int32 index) bei System.Data.SQLite.SQLiteDataReader.NextResult() bei System.Data.SQLite.SQLiteDataReader..ctor(SQLiteCommand cmd, CommandBehavior behave) bei System.Data.SQLite.SQLiteCommand.ExecuteReader(CommandBehavior behavior) bei System.Data.SQLite.SQLiteCommand.ExecuteReader() bei FXAA_Tool.SQLite.Write() Error - 1/29/2013 8:50:35 PM | Computer Name = Alexander-PC | Source = FxaaToolError | ID = 0 Description = System.Data.SQLite.SQLiteException (0x80004005): SQLite error duplicate column name: Shader6 bei System.Data.SQLite.SQLite3.Prepare(SQLiteConnection cnn, String strSql, SQLiteStatement previous, UInt32 timeoutMS, String& strRemain) bei System.Data.SQLite.SQLiteCommand.BuildNextCommand() bei System.Data.SQLite.SQLiteCommand.GetStatement(Int32 index) bei System.Data.SQLite.SQLiteDataReader.NextResult() bei System.Data.SQLite.SQLiteDataReader..ctor(SQLiteCommand cmd, CommandBehavior behave) bei System.Data.SQLite.SQLiteCommand.ExecuteReader(CommandBehavior behavior) bei System.Data.SQLite.SQLiteCommand.ExecuteReader() bei FXAA_Tool.SQLite.Write() [ System Events ] Error - 2/9/2013 6:35:51 AM | Computer Name = Alexander-PC | Source = DCOM | ID = 10005 Description = Error - 2/9/2013 6:35:51 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/9/2013 6:35:51 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/9/2013 6:35:51 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/9/2013 6:35:51 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/9/2013 6:35:51 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/9/2013 6:35:51 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/9/2013 6:35:51 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/9/2013 6:35:51 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/9/2013 6:44:02 AM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Viele Grüße Alex |
|
11.02.2013, 12:30
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | AdWare.Win32.Bromngr.h Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Zitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.02.2013, 17:56
| #3 |
| | AdWare.Win32.Bromngr.h Hallo und guten Tag,
__________________das ist die Log- File von heute. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander :: ALEXANDER-PC [administrator]
11.02.2013 17:50:35
mbar-log-2013-02-11 (17-50-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29681
Time elapsed: 5 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Alex Hoffendlich habe ich es richtig gemacht Er hat wie oben beschrieben jedoch nicht nach einem Neustart verlangt. |
|
11.02.2013, 23:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AdWare.Win32.Bromngr.h Hast du nicht was vergessen? Was ist mit dem Nachreichen der Kaspersky-Logs? Oder gab es von Kaspersky nur diesen Fund?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu AdWare.Win32.Bromngr.h |
| 0x80004005, babylontoolbar, bho, browser, browser manager, browserprotect.dll, desktop, downloader, driver genius, error, firefox, flash player, google, home, iminent toolbar, index, install.exe, kaspersky, launch, logfile, maleware, microsoft office starter 2010, mozilla, msiexec.exe, nvidia update, officejet, optimizer pro, plug-in, problem, programm, realtek, registry, scan, search the web, security, software, svchost.exe, tastatur, teamspeak, warnung, windows |
Linear-Darstellung
