| |
| |||||||
Log-Analyse und Auswertung: Win32/Small.CA-VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.03.2013, 17:55
| #1 |
| |  Win32/Small.CA-Virus Hallo, es gab hier zu schon mindestens einen Thread, allerdings wusste ich nicht ob ich in einen fremden thread schreiben soll, deswegen ein neuer. Habe wie derjenige aus diesem Thread eine Meldung bekommen, dass ich den Win32/Small.CA-Virus habe. als Schutz nutze ich auch Sophos. Den ersten Schritt habe ich schon befolgt. Hier die OTL.txt: Code:
ATTFilter OTL logfile created on: 04.03.2013 17:24:33 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 60,56% Memory free 7,86 Gb Paging File | 6,17 Gb Available in Paging File | 78,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 53,23 Gb Total Space | 10,80 Gb Free Space | 20,28% Space Free | Partition Type: NTFS Drive D: | 228,16 Gb Total Space | 95,74 Gb Free Space | 41,96% Space Free | Partition Type: NTFS Drive S: | 16,60 Gb Total Space | 9,55 Gb Free Space | 57,55% Space Free | Partition Type: NTFS Computer Name: PAULOLOID | User Name: paul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.04 16:27:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2013.02.13 16:29:38 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe PRC - [2013.02.13 16:29:37 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe PRC - [2013.02.13 16:29:23 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2012.12.20 18:44:32 | 000,844,296 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.12.04 16:17:05 | 002,878,016 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2012.11.09 20:30:26 | 000,353,640 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe PRC - [2012.11.09 20:30:26 | 000,287,592 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyD.exe PRC - [2012.11.09 20:30:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe PRC - [2012.11.05 11:03:01 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2012.10.23 21:08:05 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe PRC - [2012.09.28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe PRC - [2012.09.28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe PRC - [2012.04.05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe PRC - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe PRC - [2011.01.28 06:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.28 01:13:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.21 07:18:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.13 16:29:38 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2013.02.13 16:29:23 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.12.04 16:17:05 | 002,878,016 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012.12.04 16:16:57 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2012.11.09 20:30:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify) SRV - [2012.11.05 11:03:01 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.10.23 21:08:05 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2012.09.28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.04.05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2010.10.21 09:38:38 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2010.10.21 09:38:38 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.21 01:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.30 03:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2009.03.30 03:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2008.07.10 04:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.31 18:48:00 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2) DRV:64bit: - [2012.12.06 17:25:14 | 000,195,632 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2012.11.06 11:19:24 | 000,461,624 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.11.05 11:06:09 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:47:32 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2011.08.25 02:46:56 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2010.10.05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2010.10.05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009.09.02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.06 08:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2009.04.06 08:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2009.01.15 23:01:04 | 000,067,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR) DRV:64bit: - [2007.04.23 15:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mgmt.sys -- (s115mgmt) DRV:64bit: - [2007.04.23 15:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115obex.sys -- (s115obex) DRV:64bit: - [2007.04.23 15:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdm.sys -- (s115mdm) DRV:64bit: - [2007.04.23 15:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdfl.sys -- (s115mdfl) DRV:64bit: - [2007.04.23 15:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115bus.sys -- (s115bus) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 88 61 B6 49 B0 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9%7D:2.3.4 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar-Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.29 01:22:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.19 19:50:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.21 07:18:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.21 07:18:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 17:55:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.21 07:18:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.21 07:18:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 17:55:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.22 12:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\Extensions [2013.02.27 10:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\309djc83.default\extensions [2012.11.09 21:15:35 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\309djc83.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2012.11.13 21:30:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\309djc83.default\extensions\ich@maltegoetz.de [2012.12.07 10:19:44 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\309djc83.default\extensions\autofillForms@blueimp.net.xpi [2012.11.25 22:17:48 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\309djc83.default\extensions\DivXWebPlayer@divx.com.xpi [2013.02.27 10:26:44 | 000,166,670 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\309djc83.default\extensions\info@mp3it.eu.xpi [2013.02.19 14:58:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\309djc83.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.02 08:56:14 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\paul\AppData\Roaming\mozilla\firefox\profiles\309djc83.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.02.21 12:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.21 07:18:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - Startup: C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk = C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.130.115.1 134.130.4.1 134.130.5.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23C96CC9-3792-4EA7-9055-70226056F1DF}: DhcpNameServer = 134.130.115.1 134.130.4.1 134.130.5.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F77A42FD-779A-4D0B-9A09-3ABA06EF326A}: NameServer = 192.168.140.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.12.19 14:25:50 | 000,000,000 | ---D | M] - S:\Automaten, Sprachen, Komplexität -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE - (Adobe Systems, Inc.) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 17:24:09 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.03.04 16:27:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\OTL.exe [2013.03.01 21:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.01 17:26:32 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\Hold'em_Manager [2013.03.01 17:20:50 | 000,000,000 | ---D | C] -- C:\HM2Archive [2013.03.01 17:20:41 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\HEM Data [2013.03.01 17:19:26 | 000,000,000 | ---D | C] -- D:\Neuer Ordner [2013.03.01 17:05:28 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Holdem Manager 1+2 Trial Reseter [2013.03.01 17:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\XHEO INC [2013.03.01 17:04:19 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\IsolatedStorage [2013.03.01 17:03:58 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\HoldemManager [2013.03.01 16:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.4 [2013.03.01 16:45:06 | 000,000,000 | ---D | C] -- C:\postgreSQL [2013.03.01 16:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSQLINSTALL [2013.03.01 09:59:13 | 000,000,000 | ---D | C] -- D:\kramhausbrericht [2013.02.28 11:40:46 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\XnView [2013.02.27 14:04:58 | 000,000,000 | ---D | C] -- D:\Gmail [2013.02.27 10:22:40 | 000,000,000 | ---D | C] -- C:\Users\paul\dwhelper [2013.02.25 15:10:20 | 000,000,000 | ---D | C] -- D:\poker [2013.02.23 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\FullTiltPoker.eu [2013.02.23 09:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker.Eu [2013.02.23 09:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker.Eu [2013.02.23 09:24:14 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\cache [2013.02.23 09:13:07 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\FullTiltPoker [2013.02.23 09:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker [2013.02.22 23:16:34 | 000,000,000 | ---D | C] -- D:\Guitar.Pro.v5.2 [2013.02.22 18:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV [2013.02.22 18:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PANDORA.TV [2013.02.22 09:52:09 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker [2013.02.22 09:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker [2013.02.22 09:51:42 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\PacificPoker [2013.02.22 09:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacificPoker [2013.02.22 00:46:53 | 000,000,000 | ---D | C] -- C:\Users\paul\DesktopStart Menu [2013.02.22 00:46:53 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\888poker [2013.02.21 17:59:37 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\wacom bamboo ctl-460 [2013.02.21 17:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.02.21 16:34:17 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Updater [2013.02.21 16:33:46 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\Adobe [2013.02.21 16:32:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2013.02.21 16:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2013.02.21 16:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2013.02.21 16:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.02.21 16:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.02.21 16:27:59 | 000,000,000 | ---D | C] -- C:\PS_CS2_Gr_NonRet [2013.02.21 16:13:02 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\WTablet [2013.02.21 16:13:01 | 000,749,936 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Touch_Tablet.dll [2013.02.21 16:13:01 | 000,642,928 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll [2013.02.21 16:12:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo [2013.02.21 16:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins [2013.02.21 16:12:55 | 000,018,288 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys [2013.02.21 16:12:48 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys [2013.02.21 16:12:26 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys [2013.02.21 16:12:24 | 000,756,592 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll [2013.02.21 16:12:24 | 000,650,096 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll [2013.02.21 16:12:24 | 000,600,432 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll [2013.02.21 16:12:24 | 000,506,736 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll [2013.02.21 16:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet [2013.02.21 07:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.11 13:40:00 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\OpenOffice.org [2013.02.11 13:15:54 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2013.02.11 13:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.02.11 01:43:38 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\DDMSettings [2013.02.10 00:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2013.02.10 00:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2013.02.10 00:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2013.02.10 00:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2013.02.10 00:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2013.02.07 09:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.02.07 09:38:59 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Local\Google [2013.02.06 11:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak [2013.02.05 11:03:43 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\anwalt [2013.02.04 12:34:36 | 000,000,000 | ---D | C] -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FBReader for Windows [2013.02.04 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows [2013.02.04 12:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FBReader ========== Files - Modified Within 30 Days ========== [2013.03.04 17:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.04 16:39:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.04 16:27:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe [2013.03.04 14:10:42 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 14:10:42 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 14:07:49 | 001,799,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.04 14:07:49 | 000,763,042 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.04 14:07:49 | 000,718,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.04 14:07:49 | 000,173,396 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.04 14:07:49 | 000,146,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.04 14:04:44 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012b Startup Accelerator.job [2013.03.04 14:03:37 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.04 14:02:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.04 14:02:26 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 17:32:29 | 001,046,142 | ---- | M] () -- D:\mcdonalds_gutscheine.pdf [2013.03.02 15:06:31 | 000,045,188 | ---- | M] () -- D:\102707772_0000000000_B_20130301_I_26_0090.pdf [2013.03.01 10:26:43 | 000,252,004 | ---- | M] () -- D:\oeg-antrag.pdf [2013.03.01 10:26:08 | 000,045,312 | ---- | M] () -- D:\img-301102257-0001.pdf [2013.03.01 10:25:22 | 000,145,642 | ---- | M] () -- D:\img-301102417-0001.pdf [2013.03.01 10:15:13 | 000,208,955 | ---- | M] () -- D:\dak anfrage.pdf [2013.03.01 10:14:25 | 000,044,788 | ---- | M] () -- D:\uniklinik rechnung.pdf [2013.03.01 10:12:38 | 000,214,648 | ---- | M] () -- D:\img-301101123-0001.pdf [2013.03.01 09:59:07 | 000,370,919 | ---- | M] () -- D:\krank.2-johanes-blat-4.pdf [2013.03.01 09:52:14 | 000,359,490 | ---- | M] () -- D:\Kuendigung_ZDP1_000008646936_20121212.pdf [2013.03.01 09:07:00 | 000,354,438 | ---- | M] () -- D:\base-kundigung.pdf [2013.03.01 08:43:51 | 000,100,332 | ---- | M] () -- D:\268101_494460703950756_2142870780_n.jpg [2013.02.28 23:33:45 | 002,988,211 | ---- | M] () -- D:\DSCF1581.JPG [2013.02.27 14:04:38 | 002,118,653 | ---- | M] () -- D:\Gmail.zip [2013.02.27 10:19:47 | 152,646,114 | ---- | M] () -- D:\Das Universum in der Nussschale - Hörbuch.mp4 [2013.02.26 09:04:06 | 000,044,940 | ---- | M] () -- D:\Info-Klausur.pdf [2013.02.25 15:12:33 | 001,122,368 | ---- | M] () -- D:\Eigene Dokumente\personeu.zip [2013.02.25 08:31:34 | 000,301,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.23 09:24:43 | 021,748,128 | ---- | M] () -- C:\Users\paul\AppData\Local\TempFullTiltPokerEuSetup.exe [2013.02.22 15:48:47 | 004,321,963 | ---- | M] () -- D:\Eigene Dokumente\HoldemPoker-a3116-mf.apk [2013.02.22 13:12:19 | 001,026,117 | ---- | M] () -- D:\Zusammenschrift BS_WS12-13.pdf [2013.02.14 15:27:38 | 000,310,648 | ---- | M] () -- D:\Eigene Dokumente\perso.7z [2013.02.11 10:58:12 | 001,657,066 | ---- | M] () -- D:\Eigene Dokumente\akku polarcell.pdf [2013.02.07 11:51:00 | 011,272,038 | ---- | M] () -- D:\Eigene Dokumente\309djc83.default - Kopie.zip [2013.02.05 21:11:42 | 000,001,043 | ---- | M] () -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk [2013.02.04 12:34:36 | 000,001,879 | ---- | M] () -- C:\Users\paul\DesktopFBReader.lnk [2013.02.02 19:01:57 | 000,000,943 | ---- | M] () -- D:\THIT.lnk ========== Files Created - No Company Name ========== [2013.03.02 17:32:28 | 001,046,142 | ---- | C] () -- D:\mcdonalds_gutscheine.pdf [2013.03.02 15:06:29 | 000,045,188 | ---- | C] () -- D:\102707772_0000000000_B_20130301_I_26_0090.pdf [2013.03.01 10:26:42 | 000,252,004 | ---- | C] () -- D:\oeg-antrag.pdf [2013.03.01 10:26:08 | 000,045,312 | ---- | C] () -- D:\img-301102257-0001.pdf [2013.03.01 10:25:21 | 000,145,642 | ---- | C] () -- D:\img-301102417-0001.pdf [2013.03.01 10:15:12 | 000,208,955 | ---- | C] () -- D:\dak anfrage.pdf [2013.03.01 10:14:24 | 000,044,788 | ---- | C] () -- D:\uniklinik rechnung.pdf [2013.03.01 10:12:38 | 000,214,648 | ---- | C] () -- D:\img-301101123-0001.pdf [2013.03.01 09:52:14 | 000,359,490 | ---- | C] () -- D:\Kuendigung_ZDP1_000008646936_20121212.pdf [2013.03.01 09:06:59 | 000,354,438 | ---- | C] () -- D:\base-kundigung.pdf [2013.03.01 08:43:49 | 000,100,332 | ---- | C] () -- D:\268101_494460703950756_2142870780_n.jpg [2013.02.28 23:33:43 | 002,988,211 | ---- | C] () -- D:\DSCF1581.JPG [2013.02.27 14:04:36 | 002,118,653 | ---- | C] () -- D:\Gmail.zip [2013.02.27 14:04:30 | 000,370,919 | ---- | C] () -- D:\krank.2-johanes-blat-4.pdf [2013.02.27 10:19:32 | 152,646,114 | ---- | C] () -- D:\Das Universum in der Nussschale - Hörbuch.mp4 [2013.02.26 09:04:04 | 000,044,940 | ---- | C] () -- D:\Info-Klausur.pdf [2013.02.25 15:12:33 | 001,122,368 | ---- | C] () -- D:\Eigene Dokumente\personeu.zip [2013.02.23 09:24:43 | 021,748,128 | ---- | C] () -- C:\Users\paul\AppData\Local\TempFullTiltPokerEuSetup.exe [2013.02.22 15:48:46 | 004,321,963 | ---- | C] () -- D:\Eigene Dokumente\HoldemPoker-a3116-mf.apk [2013.02.22 13:12:18 | 001,026,117 | ---- | C] () -- D:\Zusammenschrift BS_WS12-13.pdf [2013.02.21 16:32:26 | 000,002,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2013.02.21 16:31:49 | 000,002,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk [2013.02.21 16:31:20 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2013.02.21 16:31:19 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2013.02.21 12:57:23 | 146,997,248 | ---- | C] () -- D:\Eigene Dokumente\DANIEL~1.ISO [2013.02.14 15:27:37 | 000,310,648 | ---- | C] () -- D:\Eigene Dokumente\perso.7z [2013.02.11 10:58:11 | 001,657,066 | ---- | C] () -- D:\Eigene Dokumente\akku polarcell.pdf [2013.02.07 11:51:13 | 011,272,038 | ---- | C] () -- D:\Eigene Dokumente\309djc83.default - Kopie.zip [2013.02.07 09:39:18 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.07 09:39:17 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.05 21:12:19 | 000,001,043 | ---- | C] () -- C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk [2013.02.04 12:34:36 | 000,001,879 | ---- | C] () -- C:\Users\paul\DesktopFBReader.lnk [2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.12.04 12:32:16 | 000,009,130 | ---- | C] () -- C:\Users\paul\AppData\Local\recently-used.xbel [2012.10.18 17:27:42 | 001,777,104 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.18 16:29:48 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.04 14:20:21 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\BOM [2012.12.29 21:07:43 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Broken Sword 2.5 [2013.01.29 01:22:54 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\DVDVideoSoft [2013.01.29 01:25:58 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.18 16:39:40 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\e-academy Inc [2012.10.29 07:55:47 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Foxit Software [2013.03.01 17:20:41 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\HEM Data [2013.03.01 17:33:30 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\HoldemManager [2012.12.09 16:04:19 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\MAGIX [2012.10.23 14:29:33 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Notepad++ [2013.02.11 13:40:00 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\OpenOffice.org [2013.02.22 09:52:16 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\PacificPoker [2012.11.21 20:49:56 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\phonostar GmbH [2013.01.31 07:17:57 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Samsung [2012.11.25 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Spotify [2012.12.17 16:48:35 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Subversion [2012.12.06 18:11:32 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Synaptics [2012.10.18 16:43:18 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Thunderbird [2012.10.21 17:58:54 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Xerox [2013.02.28 11:41:13 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\XnView [2012.11.18 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\paul\AppData\Roaming\Zylom ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.18 15:35:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.03.04 16:25:29 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.10.18 15:35:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.03.01 17:21:15 | 000,000,000 | ---D | M] -- C:\HM2Archive [2012.10.22 17:42:51 | 000,000,000 | ---D | M] -- C:\Intel [2012.12.09 15:10:39 | 000,000,000 | ---D | M] -- C:\OEM [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.03.01 16:48:52 | 000,000,000 | ---D | M] -- C:\postgreSQL [2013.02.21 16:12:22 | 000,000,000 | R--D | M] -- C:\Program Files [2013.03.03 22:36:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.03.03 22:36:11 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.10.18 15:35:07 | 000,000,000 | -HSD | M] -- C:\Programme [2013.02.21 16:28:07 | 000,000,000 | ---D | M] -- C:\PS_CS2_Gr_NonRet [2012.10.18 15:35:08 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.03.04 17:26:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.03.01 16:48:12 | 000,000,000 | R--D | M] -- C:\Users [2013.03.04 17:24:09 | 000,000,000 | ---D | M] -- C:\Windows [2013.01.31 06:53:30 | 000,000,000 | ---D | M] -- C:\WMSDK < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > [2013.02.23 09:24:43 | 021,748,128 | ---- | M] () -- C:\Users\paul\AppData\Local\TempFullTiltPokerEuSetup.exe < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,026,586 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.10.18 16:15:16 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.12.17 16:38:27 | 000,000,544 | ---- | C] () -- C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job [2013.02.07 09:39:17 | 000,001,102 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013.02.07 09:39:18 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2010.01.26 23:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2012b\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.02.04 12:34:36 | 000,001,879 | ---- | M] () -- C:\Users\paul\DesktopFBReader.lnk [2013.03.04 17:48:32 | 006,815,744 | -HS- | M] () -- C:\Users\paul\NTUSER.DAT [2013.03.04 17:48:31 | 000,262,144 | -HS- | M] () -- C:\Users\paul\ntuser.dat.LOG1 [2012.10.18 15:35:18 | 000,000,000 | -HS- | M] () -- C:\Users\paul\ntuser.dat.LOG2 [2012.10.18 17:36:41 | 000,065,536 | -HS- | M] () -- C:\Users\paul\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.10.18 17:36:41 | 000,524,288 | -HS- | M] () -- C:\Users\paul\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.10.18 17:36:41 | 000,524,288 | -HS- | M] () -- C:\Users\paul\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.13 22:06:14 | 000,065,536 | -HS- | M] () -- C:\Users\paul\NTUSER.DAT{de4345b9-42f4-11e2-a098-00262285f698}.TM.blf [2012.12.13 22:06:14 | 000,524,288 | -HS- | M] () -- C:\Users\paul\NTUSER.DAT{de4345b9-42f4-11e2-a098-00262285f698}.TMContainer00000000000000000001.regtrans-ms [2012.12.13 22:06:14 | 000,524,288 | -HS- | M] () -- C:\Users\paul\NTUSER.DAT{de4345b9-42f4-11e2-a098-00262285f698}.TMContainer00000000000000000002.regtrans-ms [2012.10.18 15:35:18 | 000,000,020 | -HS- | M] () -- C:\Users\paul\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.03.2013 16:29:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 52,64% Memory free
7,86 Gb Paging File | 5,76 Gb Available in Paging File | 73,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 53,23 Gb Total Space | 10,90 Gb Free Space | 20,48% Space Free | Partition Type: NTFS
Drive D: | 228,16 Gb Total Space | 95,84 Gb Free Space | 42,00% Space Free | Partition Type: NTFS
Drive S: | 16,60 Gb Total Space | 9,55 Gb Free Space | 57,55% Space Free | Partition Type: NTFS
Computer Name: PAULOLOID | User Name: paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B7ACD7-C695-42F9-9874-D3D47172C846}" = lport=5223 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{081D7D64-481A-4E40-9539-3E5F74336323}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0A41C453-71E9-4DBF-8639-1C33AD7041FB}" = lport=3479 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{0C5C00C8-9F76-4B19-93BE-9E1A57C7B0A2}" = lport=59278 | protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{0D4193BA-2FEF-4EB1-8F38-528E757231E8}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{17BAE82A-0D6C-4363-B61F-232030124064}" = lport=3478 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{1A5E4F09-4182-49B3-BC18-5AE4A7481453}" = lport=5000 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{22E4320E-5931-45A9-A66C-5B371242E9C9}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{2B4B8F0C-D6A0-4E83-8EF5-AF3A83A0F07D}" = lport=3074 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{32E7EDED-0443-4C2E-A80E-3264ED2A249E}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{330194B1-23B2-4E1A-867C-5A03A51A8824}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{362C89CE-9A85-4E6C-896F-A9BE1376D90E}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{3E418092-BC5B-42CD-BAF6-BD0D83D8A7AA}" = lport=3658 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{412EC3BF-4AF9-4F7D-8F53-EFFEE193B564}" = lport=3074 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{510F8697-70B1-4B8C-A0D8-2A96CBCF5F1D}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{5654D1CF-8E70-45DA-8C3B-2B81C95E2394}" = lport=5000 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{5E11ECE9-A5F3-4E95-9B76-A7B1F4E90B3D}" = lport=3658 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{6BA76ED5-290F-4675-BDC2-C1CE1E56CCD5}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{6DF2823C-CC80-4AFA-A8C8-D84B605E996C}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{6F23C30D-9B25-4ECF-9733-19D90F7C73BB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{74697C36-496F-4341-8047-A9910EF49BF1}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{75E2E847-95BD-4558-90BB-85A04B66F19B}" = lport=88 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{7634B297-D848-4D20-99E3-3AD72D8E4F9D}" = lport=59278 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{83CF0ECC-B449-4FB6-9E04-2B523969E834}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8AE31961-5DEE-44F9-A3C8-AAEA4FEF538C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{910D0F92-194B-41BF-8D16-96EB9D9BE1A0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{96237285-3C82-47B3-B6EA-C7A916388DD5}" = lport=3479 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{A559EA7D-3A7C-4425-96F7-9DAE65B11FED}" = lport=3074 | protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{A7289EAE-0C2D-4456-B9F6-6DF5F6A859A5}" = lport=3478 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{A7512DB9-C68C-44B8-B0A5-2599D5EE0EFB}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{AB5C84E4-6B66-4EEB-B101-D5629FA84CE2}" = lport=5223 | protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{AEDF9ECB-DE56-4339-A3D1-837B369D7A3D}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{BCC06A35-C2F2-475E-A0C2-8890A1151418}" = lport=88 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{CF64995A-189F-4FC4-A097-14BDEEF951AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA7DD2A6-AAFE-445F-B1AF-87811C279C8F}" = lport=3074 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FA3D1B-AF21-4DA7-9E97-51C942D17A64}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{17DAB2E2-764B-4D55-89C2-DEF437C6186A}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{19F514C4-FC9C-4B53-B8AD-CBA08B8A0D8C}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{21135E6D-D21B-4112-BB75-C29EE5FAF3B7}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{216CD5B4-1479-42B0-9D15-56530B6A8165}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{2C660D18-263B-4DEF-8829-F80DDA597416}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{34644E52-3649-41DD-8D8E-A6C883AC9C4A}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{368DFF0B-16BE-41CF-8325-FE3FE133707F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3FED5D0D-4630-4C30-8E4E-A206E3A8CE1C}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{469EAA1C-F5BA-4C6F-957D-A0926AEB0C71}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{4AB82841-0C71-4C4F-A1AA-75DCC9CA1B27}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{55CBAC2B-5412-4A05-AD09-CF5895E54FE0}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{6B32B875-6074-43C6-80C1-08012D75FB87}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{6BE59EEA-AD7E-4593-94A7-971A7CFCE455}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{786B2572-5F66-45C0-B947-A37397623A87}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{7A5BA51C-01B9-4053-9A1A-31ECA912DF52}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{7F78E992-EAAD-4823-BF53-819CE0619253}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{801E9EC9-BC71-42ED-BEE4-FA438F57B906}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{85C1B70E-46E9-42F2-9163-41B948E2E497}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{8E28CB87-BCE2-4C29-A12B-74B3BE0E62DB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9A2321B9-11CF-4203-8EA3-B59F7119E806}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{9A73A269-097E-4BF3-87EA-C5C4887B6C9E}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{A4243B9C-7E5C-4AF1-8FCC-C923C12FD698}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{AC82E124-D13A-4E42-8C44-E03BBCEFBB0A}" = protocol=1 | dir=in | name=icmp - in |
"{D0235B7F-B57C-4C23-8D0F-2F994F03953B}" = dir=out | app=c:\windows\system32\svchost.exe |
"{D167EAE8-F7C6-4F1C-8C0D-0402D9CCCB66}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{DD692795-22C1-44B5-9B19-D59428F37C91}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{E20F5C87-FEE0-489E-8343-174605C984DA}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{F4D61778-E3BD-4648-ACB1-BFC8885DCD89}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{F61C1521-27C8-47CF-BC71-E8E0AB7FB558}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"TCP Query User{51A02E88-856D-4976-8CD5-10129A5C9BF1}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{BF9D3DCD-1C79-4E16-9757-E5AFB30D3A70}C:\users\paul\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\paul\appdata\roaming\spotify\spotify.exe |
"TCP Query User{D6A063AD-A095-4D72-B93F-24FAD462BDAC}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{E8557CB0-7C67-45D2-8BC7-618E02E458A4}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{ED856B5B-B6A3-42FE-BE99-624CFF5AEF1D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{43C66E7A-6155-4DF9-9AE6-BEFD05DEC227}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{A8D1349C-E6EB-47C1-AC2E-8BD46B5D6B75}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{C9148A7D-1FAD-469A-B472-0085A5944057}C:\users\paul\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\paul\appdata\roaming\spotify\spotify.exe |
"UDP Query User{CDF763EC-0AC4-4FC0-8B36-BB227EC3DC60}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{F9239DDF-AC1A-4C95-992C-66C9431F9B5B}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"Connectify" = Connectify Hotspot
"GIMP-2_is1" = GIMP 2.8.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Matlab R2012b" = MATLAB R2012b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Pen Tablet Driver" = Bamboo
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{353B1E6D-7073-4450-8C80-699BD8FCFB49}" = MTP Porting Kit
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"5513-1208-7298-9440" = JDownloader 0.9
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Broken Sword 2.5_is1" = Broken Sword 2.5
"DivX Setup" = DivX-Setup
"FBReader for Windows" = FBReader for Windows
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 2.2.0.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LinuxLive USB Creator" = LinuxLive USB Creator
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"PostgreSQL 8.4" = PostgreSQL 8.4
"Sync-my-L2P 1.0" = Sync-my-L2P
"The KMPlayer" = The KMPlayer (remove only)
"TmNationsForever_is1" = TmNationsForever
"Trivial Pursuit Genus Edition Deluxe" = Trivial Pursuit Genus Edition Deluxe
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLems_is1" = WinLems 1.24
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.03.2013 09:01:54 | Computer Name = pauloloid | Source = PostgreSQL | ID = 0
Description = 2013-03-02 14:01:54 CETFATAL: the database system is starting up
Error - 02.03.2013 09:02:25 | Computer Name = pauloloid | Source = PandoraService.exe | ID = 0
Description =
Error - 02.03.2013 09:02:43 | Computer Name = pauloloid | Source = WinMgmt | ID = 10
Description =
Error - 02.03.2013 09:48:03 | Computer Name = pauloloid | Source = PostgreSQL | ID = 0
Description = 2013-03-02 14:48:03 CETFATAL: the database system is starting up
Error - 02.03.2013 09:48:04 | Computer Name = pauloloid | Source = PostgreSQL | ID = 0
Description = 2013-03-02 14:48:04 CETFATAL: the database system is starting up
Error - 02.03.2013 09:48:18 | Computer Name = pauloloid | Source = PandoraService.exe | ID = 0
Description =
Error - 02.03.2013 09:49:16 | Computer Name = pauloloid | Source = WinMgmt | ID = 10
Description =
Error - 04.03.2013 09:03:11 | Computer Name = pauloloid | Source = PostgreSQL | ID = 0
Description = 2013-03-04 14:03:11 CETFATAL: the database system is starting up
Error - 04.03.2013 09:03:12 | Computer Name = pauloloid | Source = PostgreSQL | ID = 0
Description = 2013-03-04 14:03:12 CETFATAL: the database system is starting up
Error - 04.03.2013 09:04:17 | Computer Name = pauloloid | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.02.2013 19:39:44 | Computer Name = pauloloid | Source = ipnathlp | ID = 30013
Description =
Error - 26.02.2013 04:01:25 | Computer Name = pauloloid | Source = ipnathlp | ID = 30013
Description =
Error - 27.02.2013 12:18:36 | Computer Name = pauloloid | Source = ipnathlp | ID = 30013
Description =
Error - 28.02.2013 09:08:16 | Computer Name = pauloloid | Source = ipnathlp | ID = 30013
Description =
Error - 28.02.2013 13:16:38 | Computer Name = pauloloid | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 28.02.2013 19:10:35 | Computer Name = pauloloid | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?02.?2013 um 23:50:32 unerwartet heruntergefahren.
Error - 02.03.2013 08:47:25 | Computer Name = pauloloid | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst TouchServicePen erreicht.
Error - 02.03.2013 08:47:25 | Computer Name = pauloloid | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 03.03.2013 03:02:14 | Computer Name = pauloloid | Source = ipnathlp | ID = 30013
Description =
Error - 04.03.2013 09:04:04 | Computer Name = pauloloid | Source = ipnathlp | ID = 30013
Description =
< End of report >
bei tdskiller: Code:
ATTFilter 18:38:04.0870 4940 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:38:05.0091 4940 ============================================================
18:38:05.0091 4940 Current date / time: 2013/03/04 18:38:05.0091
18:38:05.0091 4940 SystemInfo:
18:38:05.0091 4940
18:38:05.0091 4940 OS Version: 6.1.7601 ServicePack: 1.0
18:38:05.0091 4940 Product type: Workstation
18:38:05.0091 4940 ComputerName: PAULOLOID
18:38:05.0091 4940 UserName: paul
18:38:05.0091 4940 Windows directory: C:\Windows
18:38:05.0091 4940 System windows directory: C:\Windows
18:38:05.0091 4940 Running under WOW64
18:38:05.0091 4940 Processor architecture: Intel x64
18:38:05.0091 4940 Number of processors: 2
18:38:05.0091 4940 Page size: 0x1000
18:38:05.0091 4940 Boot type: Normal boot
18:38:05.0091 4940 ============================================================
18:38:08.0735 4940 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:38:09.0726 4940 ============================================================
18:38:09.0726 4940 \Device\Harddisk0\DR0:
18:38:09.0726 4940 MBR partitions:
18:38:09.0726 4940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:38:09.0726 4940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6A74000
18:38:09.0726 4940 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6AA6800, BlocksNum 0x1C853000
18:38:09.0753 4940 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x232FA000, BlocksNum 0x2134000
18:38:09.0753 4940 ============================================================
18:38:09.0804 4940 C: <-> \Device\Harddisk0\DR0\Partition2
18:38:09.0858 4940 D: <-> \Device\Harddisk0\DR0\Partition3
18:38:09.0903 4940 S: <-> \Device\Harddisk0\DR0\Partition4
18:38:09.0903 4940 ============================================================
18:38:09.0904 4940 Initialize success
18:38:09.0904 4940 ============================================================
18:39:39.0587 4896 ============================================================
18:39:39.0587 4896 Scan started
18:39:39.0588 4896 Mode: Manual; SigCheck; TDLFS;
18:39:39.0588 4896 ============================================================
18:39:40.0636 4896 ================ Scan system memory ========================
18:39:40.0636 4896 System memory - ok
18:39:40.0637 4896 ================ Scan services =============================
18:40:34.0402 4896 [Global] - ok
18:40:34.0402 4896 ================ Scan MBR ==================================
18:40:34.0411 4896 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:40:34.0739 4896 \Device\Harddisk0\DR0 - ok
18:40:34.0740 4896 ================ Scan VBR ==================================
18:40:34.0745 4896 [ A3CDD71AB15304B16347002E8C4AEED5 ] \Device\Harddisk0\DR0\Partition1
18:40:34.0748 4896 \Device\Harddisk0\DR0\Partition1 - ok
18:40:34.0776 4896 [ C6C9BBEFEF1E0B8DF496754CB286C72B ] \Device\Harddisk0\DR0\Partition2
18:40:34.0778 4896 \Device\Harddisk0\DR0\Partition2 - ok
18:40:34.0797 4896 [ D632915EB541E4BF8E3B016B77D50D1E ] \Device\Harddisk0\DR0\Partition3
18:40:34.0798 4896 \Device\Harddisk0\DR0\Partition3 - ok
18:40:34.0821 4896 [ E2A93508DF44C1BFFFEFB96E35E4AD98 ] \Device\Harddisk0\DR0\Partition4
18:40:34.0823 4896 \Device\Harddisk0\DR0\Partition4 - ok
18:40:34.0823 4896 ============================================================
18:40:34.0823 4896 Scan finished
18:40:34.0823 4896 ============================================================
18:40:34.0841 2660 Detected object count: 3
18:40:34.0841 2660 Actual detected object count: 3
18:41:08.0570 2660 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:41:08.0571 2660 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:41:08.0571 2660 Connectify ( UnsignedFile.Multi.Generic ) - skipped by user
18:41:08.0571 2660 Connectify ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:41:08.0574 2660 RTSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
18:41:08.0575 2660 RTSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.03.2013, 23:07
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win32/Small.CA-Virus Hallo und
__________________ Zitat:
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender? Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
| Themen zu Win32/Small.CA-Virus |
| 7-zip, adobe, application/pdf:, bho, converter, dvdvideosoft ltd., error, explorer, firefox, flash player, format, google, install.exe, jdownloader, logfile, mozilla, msvcrt, nvidia, object, pandora.tv, photoshop, plug-in, realtek, recuva, registry, required, rundll, scan, schutz, server, sigcheck, software, svchost.exe, tablet, udp, virtualbox, visual studio, windows, winlogon.exe |
Linear-Darstellung
