Hallo zusammen,

ich hab ne frage wie man den zimuse virus.a am besten entfernen kann? (außer bitdefender tool)

MfG duddl

Hallo,

warum im Diskussionsbereich? Wenn du deinen Rechner bereinigen willst, bist du hier falsch.

ok sorry das wusste ich nicht

Ich verschieb mal.

ok aber wohin?

MfG duddl

Ich hab es doch schon verschoben


Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

nein es war so:
als ich diese exe datei ausführte meldete mir bitdefender is 2013: "auf ihrem computer wurde ein virus gefunden worm.zimuse.a bitdefender konnte das objekt nicht bereinigen"

nun führte ich einen scan mit bitdefender aus und es wurden keine bedrohungen gefunden

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
  
  
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  
  
• Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
  
  
• Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
  
  
• Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
  
  
• Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in CODE-Tags in den Thread.

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 12.04.2013 14:39:11 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Info\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,61 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 37,27% Memory free
5,21 Gb Paging File | 3,15 Gb Available in Paging File | 60,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 492,52 Gb Free Space | 82,63% Space Free | Partition Type: NTFS
 
Computer Name: ALEXANDER-HP630 | User Name: Info | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Info\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Users\Info\Downloads\2srp292x.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
PRC - C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
PRC - C:\Programme\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Info\Downloads\2srp292x.exe ()
MOD - C:\Programme\Bitdefender\Bitdefender 2013\txmlutil.dll ()
MOD - C:\Programme\Bitdefender\Bitdefender 2013\bdmetrics.dll ()
MOD - C:\Users\Info\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Info\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
MOD - C:\Users\Info\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll ()
MOD - C:\Users\Info\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll ()
MOD - C:\Users\Info\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HitmanPro37Crusader) -- C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV - (BdDesktopParental) -- C:\Programme\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Programme\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (ICCS) -- C:\Programme\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (HPWMISVC) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MEMSWEEP2) -- C:\Windows\system32\AAD6.tmp File not found
DRV - (kglyauow) -- C:\Users\Info\AppData\Local\Temp\kglyauow.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (gzflt) -- C:\Windows\System32\drivers\gzflt.sys (BitDefender LLC)
DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software)
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (gfiark) -- C:\Windows\System32\drivers\gfiark.sys (GFI Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (iaStorA) -- C:\Windows\System32\drivers\iaStorA.sys (Intel Corporation)
DRV - (iaStorF) -- C:\Windows\System32\drivers\iaStorF.sys (Intel Corporation)
DRV - (BDSandBox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (bdselfpr) -- C:\Programme\Bitdefender\Bitdefender 2013\bdselfpr.sys (BitDefender LLC)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros)
DRV - (RSPCIESTOR) -- C:\Windows\System32\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV - (SmbDrvI) -- C:\Windows\System32\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV - (BdfNdisf) -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (SmbDrv) -- C:\Windows\System32\drivers\Smb_driver.sys (Synaptics Incorporated)
DRV - (bdfwfpf) -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RTL2832U_IRHID) -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (GeneStor) -- C:\Windows\System32\drivers\GeneStor.sys (GenesysLogic)
DRV - (RTL2832UBDA) -- C:\Windows\System32\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UUSB) -- C:\Windows\System32\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ebinfiltr) -- C:\Windows\System32\drivers\ebinfiltr.sys (SR Research Ltd.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{442F2447-0259-4E83-A694-BB132990BBA8}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=724&r=2013/02/15&hid=4095452143&lg=EN&cc=DE
IE - HKLM\..\SearchScopes\{B40F2A28-1A34-4C68-85BF-A86C79D3B79D}: "URL" = ${SEARCH_URL}{searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\..\SearchScopes\{1C6847EC-FF67-4485-B29A-9BA0E2DA4FBB}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\..\SearchScopes\{372DD3D5-C31C-42F8-87A4-C8D9456A33A6}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\..\SearchScopes\{A78BAF76-ABE3-496C-8C37-49C8C1A2554F}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\..\SearchScopes\{B9E1D440-AE58-4DAD-A528-B020DFF8D0E5}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Info\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Info\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.12.18 17:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.16 22:58:23 | 000,000,000 | ---D | M]
 
[2012.12.29 14:41:45 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2012.12.29 14:41:45 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2013.03.07 22:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.16 22:58:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.18 15:54:52 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Info\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Info\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Info\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Info\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Info\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Info\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google-Suche = C:\Users\Info\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WEB.DE MailCheck = C:\Users\Info\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo\1.0.1_0\
CHR - Extension: Google Mail-Checker = C:\Users\Info\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Privacy Palette (Adblock + Security) = C:\Users\Info\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone\0.2_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Info\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Google Mail = C:\Users\Info\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.03.13 15:46:23 | 000,444,957 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15308 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Info\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E70BA11-C8F2-4E5A-AE19-2A1638EC9218}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.11 19:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.04.11 16:06:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.04.11 16:06:41 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.11 16:06:41 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.11 16:06:40 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.11 16:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.04.11 16:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.04.10 20:29:00 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.04.10 15:38:43 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 15:38:41 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 15:38:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.10 15:38:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 15:38:39 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 15:38:38 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 15:38:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.10 15:38:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.10 15:38:38 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.10 15:38:38 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 15:28:18 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 15:28:12 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 15:28:12 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 15:28:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 15:28:04 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 15:28:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.07 12:30:32 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine
[2013.04.07 12:30:32 | 000,000,000 | ---D | C] -- \Stinger_Quarantine
[2013.04.07 12:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013.04.04 16:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.04.04 09:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.04.04 09:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013.04.03 21:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.04.03 21:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.04.03 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.04.03 18:13:00 | 000,000,000 | ---D | C] -- C:\Users\Info\Documents\firewalltest
[2013.04.03 18:10:56 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013.03.29 11:03:29 | 000,000,000 | ---D | C] -- C:\Users\Info\Documents\USB-Stick
[2013.03.27 22:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013.03.27 22:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2013.03.26 10:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2013.03.26 09:56:53 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.26 09:56:52 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.26 09:56:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.26 09:56:49 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.26 09:56:49 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.26 09:56:49 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.26 09:56:49 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.26 09:56:48 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.26 09:56:48 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.26 09:56:48 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.26 09:56:48 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.26 09:56:48 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.26 09:56:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.26 09:56:48 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.26 09:56:48 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.26 09:56:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.26 09:56:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.26 09:56:43 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.26 09:56:43 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.26 09:56:41 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.26 09:56:41 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.26 09:56:41 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.26 09:56:41 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.26 09:56:41 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.26 09:56:41 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.26 09:56:40 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.25 13:56:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.03.25 13:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.03.24 23:31:55 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013.03.24 23:31:55 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013.03.24 23:31:55 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013.03.24 23:31:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013.03.24 23:31:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2013.03.24 23:13:15 | 000,000,000 | ---D | C] -- C:\Users\Info\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.03.24 23:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.03.24 23:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013.03.24 22:59:48 | 000,000,000 | ---D | C] -- C:\Users\Info\AppData\Local\Thunderbird
[2013.03.23 22:22:22 | 000,000,000 | ---D | C] -- C:\Users\Info\AppData\Local\F-Secure
[2013.03.23 20:58:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.23 20:58:34 | 000,000,000 | -HSD | C] -- \Config.Msi
[2013.03.20 19:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013.03.20 18:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2013.03.20 18:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013.03.19 18:26:46 | 000,000,000 | ---D | C] -- C:\Users\Info\Documents\EasyBox Key Decrypter Logfile
[2013.03.19 18:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\EasyBox Key Decrypter
[2013.03.18 18:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\F-Secure
[2013.03.18 17:57:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\System Shared
[2013.03.18 17:57:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Device
[2013.03.17 17:49:43 | 000,000,000 | -H-D | C] -- C:\Users\Info\Documents\Freemake_do_not_remove_this_folder634991357833544107
[2013.03.17 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\Info\Documents\Freemake
[2013.03.14 22:49:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.03.13 21:47:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.13 21:47:08 | 000,000,000 | ---D | C] -- \_OTL
[2013.03.13 17:20:31 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.13 17:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.03.13 17:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.12 14:10:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.12 14:09:53 | 000,009,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 14:09:53 | 000,009,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 07:08:33 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.12 07:06:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.12 07:06:51 | 2099,662,848 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.12 07:04:52 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.12 07:04:52 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.12 07:04:52 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.11 19:32:40 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.11 16:19:27 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.04.10 20:29:00 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.04.10 20:29:00 | 000,000,194 | ---- | M] () -- C:\Windows\System32\bootdelete.lst
[2013.04.10 19:10:17 | 344,316,018 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.10 19:09:08 | 000,000,382 | ---- | M] () -- C:\Windows\System32\.crusader
[2013.04.10 18:37:19 | 000,320,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.09 20:40:45 | 000,009,472 | ---- | M] () -- C:\Users\Info\Documents\1365525796_1_01.xml
[2013.04.08 15:39:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013.04.08 14:01:38 | 000,663,052 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.08 14:01:38 | 000,624,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.08 14:01:38 | 000,134,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.08 14:01:38 | 000,110,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.03 21:49:20 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.03 18:10:56 | 000,162,976 | ---- | M] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013.04.01 14:32:22 | 000,002,372 | ---- | M] () -- C:\Users\Info\Desktop\Google Chrome.lnk
[2013.03.26 10:20:55 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.26 10:20:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.26 09:56:53 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.26 09:56:53 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.26 09:56:49 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.26 09:56:49 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.26 09:56:49 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.26 09:56:49 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.26 09:56:49 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.26 09:56:48 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.26 09:56:48 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.26 09:56:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.26 09:56:48 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.26 09:56:48 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.26 09:56:48 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.26 09:56:48 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.26 09:56:48 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.26 09:56:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.26 09:56:44 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.26 09:56:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.26 09:56:43 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.26 09:56:43 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.26 09:56:41 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.26 09:56:41 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.26 09:56:41 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.26 09:56:41 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.26 09:56:41 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.26 09:56:41 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.26 09:56:40 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.25 13:57:59 | 000,000,020 | ---- | M] () -- C:\Windows\0õí
[2013.03.24 22:59:39 | 002,168,108 | ---- | M] () -- C:\Users\Info\Documents\userguide.pdf
[2013.03.23 21:50:00 | 000,048,612 | ---- | M] () -- C:\Windows\System32\ExampleCodeGeneratedCS.skm
[2013.03.23 21:50:00 | 000,045,705 | ---- | M] () -- C:\Windows\System32\ExampleCodeGeneratedVB.skm
[2013.03.20 18:37:05 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.03.18 18:25:11 | 000,019,444 | ---- | M] () -- C:\Windows\prodsett_copy.ini
[2013.03.18 18:07:34 | 000,000,025 | ---- | M] () -- C:\NET.INI
[2013.03.18 18:07:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\excltmp~.dat
[2013.03.13 15:46:23 | 000,444,957 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
 
========== Files Created - No Company Name ==========
 
[2013.04.12 14:29:44 | 000,009,472 | ---- | C] () -- C:\Users\Info\Documents\1365525796_1_01.xml
[2013.04.11 16:06:58 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.10 20:29:00 | 000,000,194 | ---- | C] () -- C:\Windows\System32\bootdelete.lst
[2013.04.08 15:39:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013.04.03 21:49:20 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.03.27 22:23:46 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2013.03.26 09:56:41 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.25 13:57:58 | 000,000,020 | ---- | C] () -- C:\Windows\0õí
[2013.03.24 22:59:38 | 002,168,108 | ---- | C] () -- C:\Users\Info\Documents\userguide.pdf
[2013.03.20 18:37:01 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2013.03.18 18:25:12 | 000,019,444 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2013.03.18 17:58:01 | 000,000,124 | ---- | C] () -- C:\Windows\System32\ctlsw.ini
[2013.03.18 17:57:51 | 000,000,041 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL
[2013.03.18 17:57:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\excltmp~.dat
[2013.03.18 17:57:47 | 000,000,025 | ---- | C] () -- C:\NET.INI
[2013.03.18 17:57:47 | 000,000,025 | ---- | C] () -- \NET.INI
[2013.03.16 21:01:26 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2013.03.13 17:01:09 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.03.10 13:56:27 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013.03.10 13:56:26 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2013.03.10 13:56:25 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2013.03.05 17:44:13 | 000,320,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.05 08:01:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.05 08:01:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.05 08:01:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.05 08:01:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.05 08:01:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.28 19:08:06 | 000,000,308 | -H-- | C] () -- \bdr-cf01
[2013.02.28 19:07:07 | 035,184,777 | -H-- | C] () -- \bdr-im01.gz
[2013.02.28 19:07:07 | 002,294,848 | -H-- | C] () -- \bdr-bz01
[2013.02.28 19:07:07 | 000,253,404 | -H-- | C] () -- \bdr-ld01
[2013.02.28 19:07:07 | 000,009,216 | -H-- | C] () -- \bdr-ld01.mbr
[2013.02.25 18:27:41 | 000,139,264 | ---- | C] () -- C:\Windows\System32\ustor.dll
[2013.02.25 18:27:41 | 000,049,152 | ---- | C] () -- C:\Windows\System32\UMonit.exe
[2013.02.25 18:27:31 | 000,172,097 | ---- | C] () -- C:\Windows\System32\NoMSGuninstall.exe
[2013.02.25 18:27:31 | 000,000,840 | ---- | C] () -- C:\Windows\System32\ProductName.ini
[2013.02.25 18:27:29 | 000,000,187 | ---- | C] () -- C:\Windows\System32\IconCfg0.ini
[2013.02.24 20:16:39 | 000,394,185 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013.02.24 14:28:41 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2013.02.24 14:28:41 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2013.02.24 14:28:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.02.19 15:37:40 | 000,001,996 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.02.02 20:42:23 | 000,001,656 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2013.01.14 16:49:03 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2013.01.13 13:56:09 | 000,007,606 | ---- | C] () -- C:\Users\Info\AppData\Local\resmon.resmoncfg
[2013.01.01 15:37:00 | 005,746,780 | ---- | C] ( ) -- C:\Windows\System32\RTKISDBT.dll
[2012.12.29 20:05:53 | 000,000,929 | ---- | C] () -- C:\Windows\wininit.ini
[2012.12.18 15:54:52 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2012.12.18 15:54:52 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2012.10.22 18:40:04 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2012.10.22 18:39:46 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2012.10.22 18:39:44 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012.10.03 18:15:43 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.10.03 18:14:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.29 11:40:45 | 000,000,557 | ---- | C] () -- \NetworkCfg.xml
[2012.09.27 12:25:26 | 2099,662,848 | -HS- | C] () -- \hiberfil.sys
[2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.07.27 22:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012.04.20 14:57:00 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll
[2012.01.10 15:17:06 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.09.15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011.06.26 19:49:12 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.06.26 19:49:08 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2009.07.14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009.07.14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.27 19:40:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\1&1 Mail & Media GmbH
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2013.02.16 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\bdch
[2013.01.31 17:34:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\BDLogging
[2013.02.28 19:08:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Bitdefender
[2013.03.27 22:24:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Canneverbe Limited
[2013.02.12 16:13:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\clp
[2012.12.18 17:34:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Common Files
[2013.02.12 16:13:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\Common Toolkit Suite
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2013.03.18 18:07:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Device
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2013.01.31 17:39:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\Dumps
[2013.01.21 20:23:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts
[2013.03.24 20:04:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\f-secure
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2012.12.28 23:58:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Freemake
[2013.01.13 12:01:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\fssg
[2013.03.12 23:02:21 | 000,000,000 | ---D | M] -- C:\Users\All Users\HitmanPro
[2013.02.23 12:35:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Innovative Solutions
[2012.10.20 14:20:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\MakeMusic
[2012.12.28 22:13:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\PC Drivers HeadQuarters
[2013.03.10 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\Qualcomm Atheros
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2013.02.27 22:21:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\Synaptics
[2012.12.18 18:54:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2013.03.10 13:16:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\TomTom
[2012.12.18 17:34:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\TuneUp Software
[2013.02.27 19:40:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\UUdb
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2013.02.15 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\Wincert
[2013.02.26 17:51:50 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2013.02.26 17:51:50 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2013.02.05 15:22:06 | 000,000,000 | -HSD | M] -- C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.26 17:23:26 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2013.03.23 20:58:43 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2012.09.27 12:32:36 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2013.03.25 14:37:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2012.09.27 12:32:36 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2013.03.16 21:02:10 | 000,000,000 | -HSD | M] -- C:\Users\Gast\Anwendungsdaten
[2013.03.16 21:02:17 | 000,000,000 | -H-D | M] -- C:\Users\Gast\AppData
[2013.03.16 21:02:46 | 000,000,000 | R--D | M] -- C:\Users\Gast\Contacts
[2013.03.16 21:02:10 | 000,000,000 | -HSD | M] -- C:\Users\Gast\Cookies
[2013.04.05 10:45:56 | 000,000,000 | R--D | M] -- C:\Users\Gast\Desktop
[2013.03.16 21:02:47 | 000,000,000 | R--D | M] -- C:\Users\Gast\Documents
[2013.03.16 21:02:47 | 000,000,000 | R--D | M] -- C:\Users\Gast\Downloads
[2013.03.16 21:02:10 | 000,000,000 | -HSD | M] -- C:\Users\Gast\Druckumgebung
[2013.03.16 21:02:10 | 000,000,000 | -HSD | M] -- C:\Users\Gast\Eigene Dateien
[2013.03.16 21:02:46 | 000,000,000 | R--D | M] -- C:\Users\Gast\Favorites
[2013.03.16 21:02:47 | 000,000,000 | R--D | M] -- C:\Users\Gast\Links
[2013.03.16 21:02:10 | 000,000,000 | -HSD | M] -- C:\Users\Gast\Lokale Einstellungen
[2013.03.16 21:02:46 | 000,000,000 | R--D | M] -- C:\Users\Gast\Music
[2013.03.16 21:02:10 | 000,000,000 | -HSD | M] -- C:\Users\Gast\Netzwerkumgebung
[2013.03.16 21:02:46 | 000,000,000 | R--D | M] -- C:\Users\Gast\Pictures
[2013.03.16 21:02:10 | 000,000,000 | -HSD | M] -- C:\Users\Gast\Recent
[2013.03.16 21:02:47 | 000,000,000 | R--D | M] -- C:\Users\Gast\Saved Games
[2013.03.16 21:02:47 | 000,000,000 | R--D | M] -- C:\Users\Gast\Searches
[2013.03.16 21:02:10 | 000,000,000 | -HSD | M] -- C:\Users\Gast\SendTo
[2013.03.16 21:02:10 | 000,000,000 | -HSD | M] -- C:\Users\Gast\Startmenü
[2013.03.16 21:02:46 | 000,000,000 | R--D | M] -- C:\Users\Gast\Videos
[2013.03.16 21:02:10 | 000,000,000 | -HSD | M] -- C:\Users\Gast\Vorlagen
[2012.09.27 12:34:16 | 000,000,000 | -HSD | M] -- C:\Users\Info\Anwendungsdaten
[2013.02.16 18:09:07 | 000,000,000 | -H-D | M] -- C:\Users\Info\AppData
[2012.10.03 18:47:55 | 000,000,000 | R--D | M] -- C:\Users\Info\Contacts
[2012.09.27 12:34:16 | 000,000,000 | -HSD | M] -- C:\Users\Info\Cookies
[2013.04.07 12:35:41 | 000,000,000 | R--D | M] -- C:\Users\Info\Desktop
[2013.04.12 14:29:44 | 000,000,000 | R--D | M] -- C:\Users\Info\Documents
[2013.04.12 14:37:34 | 000,000,000 | R--D | M] -- C:\Users\Info\Downloads
[2012.09.27 12:34:16 | 000,000,000 | -HSD | M] -- C:\Users\Info\Druckumgebung
[2012.09.27 12:34:15 | 000,000,000 | -HSD | M] -- C:\Users\Info\Eigene Dateien
[2013.03.25 11:00:28 | 000,000,000 | R--D | M] -- C:\Users\Info\Favorites
[2012.09.29 09:38:24 | 000,000,000 | -H-D | M] -- C:\Users\Info\InstallAnywhere
[2013.03.04 17:21:39 | 000,000,000 | R--D | M] -- C:\Users\Info\Links
[2012.09.27 12:34:16 | 000,000,000 | -HSD | M] -- C:\Users\Info\Lokale Einstellungen
[2013.03.25 11:00:28 | 000,000,000 | R--D | M] -- C:\Users\Info\Music
[2012.09.27 12:34:16 | 000,000,000 | -HSD | M] -- C:\Users\Info\Netzwerkumgebung
[2013.02.03 16:14:43 | 000,000,000 | ---D | M] -- C:\Users\Info\Pavark
[2013.04.08 14:18:30 | 000,000,000 | R--D | M] -- C:\Users\Info\Pictures
[2012.09.27 12:34:16 | 000,000,000 | -HSD | M] -- C:\Users\Info\Recent
[2012.10.03 18:47:55 | 000,000,000 | R--D | M] -- C:\Users\Info\Saved Games
[2013.02.05 17:05:22 | 000,000,000 | R--D | M] -- C:\Users\Info\Searches
[2012.09.27 12:34:16 | 000,000,000 | -HSD | M] -- C:\Users\Info\SendTo
[2013.03.25 13:52:57 | 000,000,000 | R--D | M] -- C:\Users\Info\SkyDrive
[2012.09.27 12:34:16 | 000,000,000 | -HSD | M] -- C:\Users\Info\Startmenü
[2013.03.25 14:16:21 | 000,000,000 | ---D | M] -- C:\Users\Info\Tracing
[2013.03.25 11:00:28 | 000,000,000 | R--D | M] -- C:\Users\Info\Videos
[2012.09.27 12:34:16 | 000,000,000 | -HSD | M] -- C:\Users\Info\Vorlagen
[2013.03.05 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Malisa\AppData
[2012.11.17 17:39:29 | 000,000,000 | ---D | M] -- C:\Users\Malisa\Desktop
[2013.03.05 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013.04.11 19:32:40 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2013.03.07 23:30:34 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2013.03.07 23:30:33 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2013.03.07 23:30:34 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2013.03.07 23:30:33 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2013.03.07 23:30:33 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2012.10.02 14:02:43 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2013.03.07 23:30:33 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 

< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 12.04.2013 14:39:11 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Info\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,61 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 37,27% Memory free
5,21 Gb Paging File | 3,15 Gb Available in Paging File | 60,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 492,52 Gb Free Space | 82,63% Space Free | Partition Type: NTFS
 
Computer Name: ALEXANDER-HP630 | User Name: Info | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DBE142-27E9-4773-A0CD-B304003A5DF7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{12F58715-4624-4FD1-B010-BDBB1E7B080E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1D2089B8-89D0-4BA7-A5B4-8F155E15D214}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{32A2271E-7150-4DA8-8C6D-BEE0170453F2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{37CFFEA8-E16F-43E4-BF1A-F88551A92DE4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{39748B89-9815-4550-B841-532E2154ACF6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3D59763D-1ED3-4C74-BDFA-8A8FCC9FC525}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3EB7CAEB-87BB-4EA0-B067-ACC73089BC53}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4361BAA7-7834-412A-9E44-1BA065BD74E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4839B456-FDA6-4BEB-8D20-3376989267D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{49BABFCE-DC11-4F95-ACBC-9C8BE5EDC36D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4DE142EE-3AC5-4683-A93D-73C964D0A799}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56A0396B-6F40-4055-A5C3-5063299FB17E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{66F5B08D-0A57-46B4-AA17-F10C3C22F759}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6EBD336E-E1B8-482B-AE29-B36B21BEAB4F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8C8F29E3-63A1-4816-81E5-EE4150655CFB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{90695147-1B32-4BF1-929C-80FA22015799}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A86F6B4F-9E54-4DB3-AA76-A0A683C3E610}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AFC82FD5-38F0-4F3E-9E7D-057741979768}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C4066647-0930-4F92-AED6-7BFA6D998905}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D8117D61-1CCA-4EC3-ABAB-AC3CA63E3100}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{EAB4A630-A4D2-4BD4-8678-B51E957BE3FC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EFE6FD3C-175A-4490-963E-25D99B7C8EA2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F48DB664-08F0-4795-9171-196F48F7B1D2}" = lport=80 | protocol=6 | dir=in | name=www | 
"{F5167275-B910-4332-8B20-73F7A0B8BBCF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FFA4C39C-5201-4494-9C67-A43E86E58075}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D07C9B-2AD0-4369-AB48-298D5D18296B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AF7B335-6CF4-4D3E-8667-438F4A4EADDA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1253855C-B82A-4533-A923-299F385CEE73}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{15EA55BC-0D82-4443-B1D0-D1D174C8B98A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{31EF75E5-69F3-4986-A494-697A2D4B0B79}" = protocol=17 | dir=in | app=c:\users\info\appdata\roaming\bittorrent\bittorrent.exe | 
"{3367344A-00FA-45DB-846E-477E214F9D96}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{36C659E4-9313-4E22-A9CA-B5B3FE55F6F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{47A7770A-CDF0-42BE-B810-BC82EC215190}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4CF43D84-0084-43ED-B110-3D63EDF671BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E9C997D-58B2-4974-9A3B-5B3FBC9FBDDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{55224F95-277E-482D-BC14-B97F8D85E435}" = protocol=6 | dir=in | app=c:\users\info\appdata\roaming\bittorrent\bittorrent.exe | 
"{5E76D313-567F-495F-8B8C-24A65DD02DA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6156A7B9-18E4-4FF5-AF53-F97D16C2D1AF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{664CA150-E671-4567-90EC-299E6D3B4035}" = protocol=6 | dir=out | app=system | 
"{791C8FDF-21B4-4874-B18A-F02E0285293E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{80C8EE46-FD19-483A-B00E-A9CCE3000760}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{8CC52C5F-AA3B-41D7-A1B7-203AA9B2C047}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{94D74F6B-79F1-46DB-A69A-A8B39BE3639D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB6B0AAB-C44F-418A-969C-D4712E88839F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ACE84729-F7CE-40F2-BBFE-1E21659DB267}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C95F78A8-49C0-44EC-99C4-940067C828E7}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{DAD0094F-D544-4CED-A3C4-ECC5FD4C9F36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E72A7411-CB21-440F-B894-74A43100BFD3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E9182B6C-9065-48DF-8991-4E7BE3001FE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{5AE05BC8-C5D2-4583-AED7-24C58FC6768E}C:\users\info\appdata\roaming\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\info\appdata\roaming\bittorrent\bittorrent.exe | 
"TCP Query User{6C914251-2626-430D-84DE-5249E13427AF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{0DF4C5BA-CE9D-4847-A7DD-9D84929383D0}C:\users\info\appdata\roaming\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\info\appdata\roaming\bittorrent\bittorrent.exe | 
"UDP Query User{3669F7DB-5032-4F4F-AA0A-01C4A71BADEC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{152A537F-45E9-4B15-8847-2E3E5BE61859}" = Intel® Trusted Connect Service Client
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{2C26B97F-698E-4E04-B398-8203B147859B}_is1" = TOPP Vorlagen-Druckstudio (5156)
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{5F32D89B-D3A0-4562-AC03-F6DE4614AE1A}" = DVB-T USB DEVICE
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BBBA20E0-D9F3-4C6F-83AC-D66EFC0BFA93}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"6D0D8C013A1992A83A403358172679D9BA46DF3B" = Windows-Treiberpaket - Intel(R) Corporation (IntcDAud) MEDIA  (06/19/2012 6.14.00.3097)
"78687D16D0A71C3BDAA0468F5661543CDF26FD7C" = Windows-Treiberpaket - Intel System  (10/05/2012 9.2.0.1032)
"7E9FE2A1075EF0CBC79E935D39DCE2F811618FE7" = Windows-Treiberpaket - Intel System  (10/05/2012 9.2.0.1032)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Avira AntiVir Desktop" = Avira Free Antivirus
"BEBD188D699DEE8649A9B6D18A94D552D9616614" = Windows-Treiberpaket - Intel USB  (10/05/2012 9.2.0.1032)
"Bitdefender" = Bitdefender Internet Security 2013
"BitTorrent" = BitTorrent
"DA98CAF7C61E6CF8439BF7FFDAFE5717CFF73687" = Windows-Treiberpaket - Intel System  (10/05/2012 9.2.0.1032)
"E51DE166B0BD4C4E322EC96FAE547CCC562F90FB" = Windows-Treiberpaket - Synaptics (SmbDrv) System  (07/24/2012 16.2.7.2)
"EasyBox Key Decrypter" = EasyBox Key Decrypter
"Finale NotePad 2012" = Finale NotePad 2012
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.0
"HitmanPro37" = HitmanPro 3.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Revo Uninstaller" = Revo Uninstaller 1.94
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SynTPDeinstKey" = Synaptics TouchPad Driver
"TuneUp Utilities 2013" = TuneUp Utilities 2013
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3437191235-2556486254-1160177188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1&1 Mail & Media WEB.DE MailCheck GC" = WEB.DE MailCheck für Google Chrome
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.04.2013 05:03:23 | Computer Name = Alexander-HP630 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: netprofm.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5bda75  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73a92505
ID
 des fehlerhaften Prozesses: 0x12e4  Startzeit der fehlerhaften Anwendung: 0x01ce336e17161386
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: netprofm.dll  Berichtskennung: ffd106c1-9f61-11e2-8720-e4115bf9b2f0
 
Error - 07.04.2013 11:07:31 | Computer Name = Alexander-HP630 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OneClick.exe, Version: 13.0.3020.2,
 Zeitstempel: 0x510679e6  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00052c39  ID des fehlerhaften
 Prozesses: 0x3c50  Startzeit der fehlerhaften Anwendung: 0x01ce338ce11b6e49  Pfad der
 fehlerhaften Anwendung: C:\Program Files\TuneUp Utilities 2013\OneClick.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ddd8197d-9f94-11e2-8720-e4115bf9b2f0
 
Error - 07.04.2013 11:46:05 | Computer Name = Alexander-HP630 | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 07.04.2013 13:00:58 | Computer Name = Alexander-HP630 | Source = Windows Backup | ID = 4104
Description = 
 
Error - 08.04.2013 07:58:55 | Computer Name = Alexander-HP630 | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 08.04.2013 08:48:10 | Computer Name = Alexander-HP630 | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 08.04.2013 08:53:59 | Computer Name = Alexander-HP630 | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 08.04.2013 09:24:07 | Computer Name = Alexander-HP630 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\DriverTuner\DPInst64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.04.2013 12:42:27 | Computer Name = Alexander-HP630 | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 10.04.2013 13:10:56 | Computer Name = Alexander-HP630 | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 10.04.2013 14:18:38 | Computer Name = Alexander-HP630 | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
[ Media Center Events ]
Error - 03.12.2012 14:10:35 | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 19:10:35 - Fehler beim Herstellen der Internetverbindung.  19:10:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.12.2012 14:10:44 | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 19:10:40 - Fehler beim Herstellen der Internetverbindung.  19:10:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.12.2012 09:37:39 | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 14:37:39 - Fehler beim Herstellen der Internetverbindung.  14:37:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.12.2012 09:37:47 | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 14:37:44 - Fehler beim Herstellen der Internetverbindung.  14:37:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.12.2012 12:09:49 | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 17:09:49 - Directory konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
Error - 06.12.2012 11:54:39 | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 16:54:39 - Fehler beim Herstellen der Internetverbindung.  16:54:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.12.2012 11:54:48 | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 16:54:44 - Fehler beim Herstellen der Internetverbindung.  16:54:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.12.2012 10:40:37 | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 15:40:37 - Fehler beim Herstellen der Internetverbindung.  15:40:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.12.2012 10:40:47 | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 15:40:43 - Fehler beim Herstellen der Internetverbindung.  15:40:43 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.12.2012 15:52:47 | Computer Name = Alexander-PC | Source = MCUpdate | ID = 0
Description = 20:52:47 - Fehler beim Herstellen der Internetverbindung.  20:52:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 21.02.2013 11:04:26 | Computer Name = Alexander-HP630 | Source = Service Control Manager | ID = 7034
Description = Dienst "Yontoo Desktop Updater" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 21.02.2013 11:09:06 | Computer Name = Alexander-HP630 | Source = DCOM | ID = 10010
Description = 
 
Error - 22.02.2013 01:57:32 | Computer Name = Alexander-HP630 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 22.02.2013 01:58:29 | Computer Name = Alexander-HP630 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 22.02.2013 09:11:44 | Computer Name = Alexander-HP630 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 22.02.2013 14:55:16 | Computer Name = Alexander-HP630 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 22.02.2013 14:55:34 | Computer Name = Alexander-HP630 | Source = DCOM | ID = 10010
Description = 
 
Error - 22.02.2013 14:56:04 | Computer Name = Alexander-HP630 | Source = DCOM | ID = 10010
Description = 
 
Error - 23.02.2013 03:14:57 | Computer Name = Alexander-HP630 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 23.02.2013 06:31:50 | Computer Name = Alexander-HP630 | Source = Service Control Manager | ID = 7034
Description = Dienst "Yontoo Desktop Updater" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
 
< End of report >
         

Zitat:

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum hast du eine Ultimate Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

ne als ich das notebook gekauft hab, war ne testversion drauf und danach hab ich mir von computermensch ein betreibssystem draufmachen lassen warum er ultimate nahm weiß ich auch nicht

Mit anderen Worten: er hat dir schon die Basis versaut wenn das Betriebssystem aus einer Crackquelle kommt?

Versteh das nicht falsch, ich will dir nichts unterstellen, aber jede Bereinigung kann nur schiefgehen wenn die Basis ein gecracktes Windows ist. Deswegen mach ich auch erstmal nicht weiter.

Klär das bitte.

ich weiß nicht ob es gecrackt ist. hat er mir nicht gesagt.

Nagut, machen wir mal weiter. Vllt hat er sich ja auch einfach seine echte (orignale) Windows-DVD genommen und dir mit seinem gekauften Schlüssel das installiert, ist zwar nicht erlaubt aber technisch sollte das funktionieren. Weißt du denn ob er Windows bei dir aktivieren musste und wenn ja wie? Telefonisch?


Weiter gehts:

Rootkitscan mit GMER

Bitte lade dir GMER herunter: (Dateiname zufällig)

• Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
• Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:

  WARNING !!!
  GMER has found system modification, which might have been caused by ROOTKIT activity.
  Do you want to fully scan your system ?
  

  Unbedingt auf "No" klicken.
• Entferne rechts den Haken bei: IAT/EAT und Show All
• Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
• Starte den Scan mit "Scan".
• Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

• Probiere alternativ den abgesicherten Modus.
• Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

ich hatte als testversion windows 7 enterprise drauf und er hat dann ultimate drauf gemacht. wieso weiß ich nicht.

gmer scan "finished successfully"

und mbar fand auch nichts:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.13.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Info :: ALEXANDER-HP630 [administrator]

13.04.2013 13:45:50
mbar-log-2013-04-13 (13-45-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28100
Time elapsed: 10 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)