| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.04.2013, 21:38
| #1 |
| |  TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Hallo zusammen, ich hoffe, ich bin hier im richtigen Unterforum. Also ich habe folgendes Problem: Ich habe eben ein altes Handy von einer Freundin an meinen Rechner angeschlossen. Daraufhin bekam ich zuerst von antivir die Nachricht, dass ein Autorun blockiert wurde. Als ich das Handy dann als Laufwerk im Explorer geöffnet habe (H  , hat antivir gemeldet den Trojaner TR/Crypt.ZPACK.Gen gefunden zu haben und ihn in Quarantäne gepackt. Hier ist das entsprechende Log:Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 23. April 2013 19:35
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ****-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3499 49286 Bytes 19.03.2013 16:29:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 02.04.2013 18:03:24
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15
LUKE.DLL : 13.6.0.902 67808 Bytes 02.04.2013 18:03:30
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19.03.2013 16:53:52
AVREG.DLL : 13.6.0.940 250592 Bytes 19.03.2013 16:53:52
avlode.dll : 13.6.2.940 434912 Bytes 02.04.2013 18:03:24
avlode.rdf : 13.0.0.46 15591 Bytes 02.04.2013 18:03:33
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 20:08:47
VBASE001.VDF : 7.11.70.1 2048 Bytes 04.04.2013 20:08:48
VBASE002.VDF : 7.11.70.2 2048 Bytes 04.04.2013 20:08:48
VBASE003.VDF : 7.11.70.3 2048 Bytes 04.04.2013 20:08:48
VBASE004.VDF : 7.11.70.4 2048 Bytes 04.04.2013 20:08:48
VBASE005.VDF : 7.11.70.5 2048 Bytes 04.04.2013 20:08:48
VBASE006.VDF : 7.11.70.6 2048 Bytes 04.04.2013 20:08:49
VBASE007.VDF : 7.11.70.7 2048 Bytes 04.04.2013 20:08:49
VBASE008.VDF : 7.11.70.8 2048 Bytes 04.04.2013 20:08:49
VBASE009.VDF : 7.11.70.9 2048 Bytes 04.04.2013 20:08:49
VBASE010.VDF : 7.11.70.10 2048 Bytes 04.04.2013 20:08:49
VBASE011.VDF : 7.11.70.11 2048 Bytes 04.04.2013 20:08:49
VBASE012.VDF : 7.11.70.12 2048 Bytes 04.04.2013 20:08:49
VBASE013.VDF : 7.11.70.13 2048 Bytes 04.04.2013 20:08:50
VBASE014.VDF : 7.11.70.103 136192 Bytes 05.04.2013 15:55:38
VBASE015.VDF : 7.11.70.183 183808 Bytes 06.04.2013 15:55:45
VBASE016.VDF : 7.11.71.9 145920 Bytes 08.04.2013 17:21:17
VBASE017.VDF : 7.11.71.115 169472 Bytes 10.04.2013 17:21:17
VBASE018.VDF : 7.11.71.197 172544 Bytes 11.04.2013 17:21:18
VBASE019.VDF : 7.11.72.17 135168 Bytes 12.04.2013 18:49:25
VBASE020.VDF : 7.11.72.103 158208 Bytes 15.04.2013 18:02:04
VBASE021.VDF : 7.11.72.137 152064 Bytes 15.04.2013 18:02:04
VBASE022.VDF : 7.11.72.223 159232 Bytes 16.04.2013 19:08:40
VBASE023.VDF : 7.11.73.59 204288 Bytes 18.04.2013 19:40:19
VBASE024.VDF : 7.11.73.133 164864 Bytes 19.04.2013 19:22:19
VBASE025.VDF : 7.11.73.134 2048 Bytes 19.04.2013 19:22:19
VBASE026.VDF : 7.11.73.135 2048 Bytes 19.04.2013 19:22:19
VBASE027.VDF : 7.11.73.136 2048 Bytes 19.04.2013 19:22:19
VBASE028.VDF : 7.11.73.137 2048 Bytes 19.04.2013 19:22:19
VBASE029.VDF : 7.11.73.138 2048 Bytes 19.04.2013 19:22:19
VBASE030.VDF : 7.11.73.139 2048 Bytes 19.04.2013 19:22:19
VBASE031.VDF : 7.11.73.192 153088 Bytes 21.04.2013 17:11:36
Engineversion : 8.2.12.30
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.106 483709 Bytes 11.04.2013 17:21:20
AESCN.DLL : 8.1.10.4 131446 Bytes 02.04.2013 18:03:22
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 23:39:20
AEPACK.DLL : 8.3.2.6 827767 Bytes 02.04.2013 18:03:22
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 09.03.2013 16:11:34
AEHEUR.DLL : 8.1.4.302 5890425 Bytes 18.04.2013 19:40:22
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.7.2 442741 Bytes 02.04.2013 18:03:20
AEEXP.DLL : 8.4.0.22 196982 Bytes 18.04.2013 19:40:22
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 19:00:08
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.480 26480 Bytes 16.02.2013 20:06:28
AVPREF.DLL : 13.6.0.480 51056 Bytes 16.02.2013 20:06:38
AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 18:25:51
AVARKT.DLL : 13.6.0.902 260832 Bytes 02.04.2013 18:03:22
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 02.04.2013 18:03:23
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 16.02.2013 20:06:38
NETNT.DLL : 13.6.0.480 16240 Bytes 16.02.2013 20:06:45
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.6.0.976 69344 Bytes 02.04.2013 18:03:18
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5176c5f8\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Dienstag, 23. April 2013 19:35
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'a2service.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingDesktopUpdater.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Netzmanager_Service.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiioService.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiioService.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'viakaraokesrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '187' Modul(e) wurden durchsucht
Durchsuche Prozess 'StikyNot.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '156' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'PureSyncTray.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'Kies.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrobat_sl.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'UltraMon.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'UltraMonTaskbar.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'VDeck.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '221' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiApSrv.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'RTSHookInterop.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_169.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_169.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'jbUpdater.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'UltraMonUiAcc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'H:\Install.exe'
H:\Install.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53ac5892.qua' verschoben!
Ende des Suchlaufs: Dienstag, 23. April 2013 19:35
Benötigte Zeit: 00:05 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1073 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1072 Dateien ohne Befall
5 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Ich hab schon wie hier empfohlen OTL und GMER laufen lassen. Dabei habe ich von GMER die Meldungen bekommen: "C:\Windows\system32\config\system: Der Prozess kann auf die Datei nicht zugreifen, da sie von einem anderen Prozess verwendet wird" und "C:\user\****\ntuser.dat: Der Prozess kann auf die Datei nicht zugreifen, da sie von einem anderen Prozess verwendet wird" Hier kommen die Logs: OTL: Code:
ATTFilter OTL logfile created on: 23.04.2013 21:37:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 77,09% Memory free 15,92 Gb Paging File | 13,45 Gb Available in Paging File | 84,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,57 Gb Total Space | 57,44 Gb Free Space | 51,49% Space Free | Partition Type: NTFS Drive D: | 7,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 931,51 Gb Total Space | 761,46 Gb Free Space | 81,74% Space Free | Partition Type: NTFS Drive F: | 1363,01 Gb Total Space | 325,14 Gb Free Space | 23,85% Space Free | Partition Type: NTFS Drive G: | 500,00 Gb Total Space | 332,64 Gb Free Space | 66,53% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.23 21:36:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2013.04.23 19:59:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2013.04.10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe PRC - [2013.04.09 23:06:58 | 000,903,712 | ---- | M] (Jumping Bytes) -- C:\Program Files (x86)\PureSync\PureSyncTray.exe PRC - [2013.04.02 20:03:30 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.02 20:03:24 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.04.02 20:03:23 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.13 12:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.02.13 12:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.17 19:29:53 | 000,684,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.08.24 17:45:00 | 000,084,360 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2012.07.17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.06.25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.05.22 12:43:18 | 000,149,584 | ---- | M] (Jumping Bytes) -- C:\Program Files (x86)\Common Files\Jumping Bytes\jbUpdater.exe PRC - [2012.05.20 18:26:26 | 000,291,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2013.02.18 23:27:00 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.02.16 22:39:49 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll MOD - [2013.01.12 16:46:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll MOD - [2013.01.12 16:45:49 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.12 16:00:36 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.12 16:00:28 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.12 16:00:24 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.12 16:00:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.12 16:00:21 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.12 16:00:20 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.01.12 16:00:20 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.12 16:00:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.12 16:00:16 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.10.17 19:30:22 | 000,062,968 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.08.03 07:27:50 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.23 19:59:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.12 21:02:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.12 20:48:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate) SRV - [2013.04.02 20:03:30 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.02 20:03:24 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.12 15:29:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.19 18:04:06 | 000,348,160 | ---- | M] () [Auto | Running] -- C:\Programme\Serviio\bin\ServiioService.exe -- (Serviio) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.10.10 03:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- E:\Programme (x86, HDD)\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2012.07.17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.06.25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.02 20:03:33 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.02 20:03:33 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.02 20:03:33 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.06 08:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.01.23 20:20:48 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2013.01.23 20:20:48 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2013.01.11 23:43:10 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.17 19:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.10.17 19:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.10.10 03:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.07 09:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.08.07 09:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2012.08.03 07:27:44 | 002,206,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2012.07.19 11:14:28 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.07.02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.19 16:40:51 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.05.20 18:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.05.20 18:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.05.20 18:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.02 11:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.04.23 20:00:00 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2012.08.24 17:45:54 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc) DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- E:\Programme (x86, HDD)\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.de/search?q=" FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.11.18 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.01.12 15:39:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 21:02:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 19:37:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 21:02:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 19:37:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.11 01:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2013.04.12 21:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.12 15:39:54 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013.04.12 21:02:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 21:54:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 21:54:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 21:54:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 21:54:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 21:54:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 21:54:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [icq] C:\Users\****\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandenes PDF anfügen - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F567656-F6F6-47E2-BD84-CD79F2FBE344}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.30 18:10:55 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ] O32 - AutoRun File - [2008.10.10 16:51:07 | 001,586,176 | R--- | M] () - D:\autorun.dat -- [ UDF ] O32 - AutoRun File - [2008.10.10 16:51:06 | 000,447,752 | R--- | M] (Electronic Arts, Inc.) - D:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.10 16:51:01 | 000,000,137 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{1e3107d9-5bb2-11e2-9eb3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e3107d9-5bb2-11e2-9eb3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2008.10.10 16:51:06 | 000,447,752 | R--- | M] (Electronic Arts, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.23 21:36:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.04.18 22:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.16 21:32:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Red Alert 3 [2013.04.16 21:31:53 | 000,000,000 | RH-D | C] -- C:\Users\****\AppData\Roaming\SecuROM [2013.04.12 21:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.12 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync [2013.04.12 20:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureSync [2013.04.12 20:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Jumping Bytes [2013.04.11 23:04:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.11 23:04:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.11 23:04:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.11 23:04:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.11 23:04:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.11 23:04:34 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.11 23:04:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.11 23:04:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.11 23:04:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.11 23:04:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.11 23:04:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.11 23:04:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.11 23:04:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.11 23:04:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.11 23:04:32 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.11 19:27:24 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.11 19:27:23 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.11 19:27:23 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.11 19:27:23 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.11 19:27:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.11 19:27:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.03 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\hjsplit3 [2013.04.03 20:23:55 | 000,719,872 | -HS- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2013.04.03 20:23:54 | 000,369,152 | -HS- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2013.04.03 20:23:53 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2013.04.03 20:23:53 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2013.04.03 20:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2013.04.03 20:21:35 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\eRightSoft [2013.04.03 20:21:26 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll [2013.04.03 20:21:26 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2013.04.03 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\vlc [2013.04.03 19:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.03 19:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.04.02 20:03:42 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.02 20:03:42 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.02 20:03:42 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files - Modified Within 30 Days ========== [2013.04.23 21:36:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.04.23 21:34:21 | 000,000,111 | ---- | M] () -- C:\.dir [2013.04.23 21:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.23 21:00:00 | 000,011,666 | ---- | M] () -- C:\Users\****\Network_Meter_Data.js [2013.04.23 19:40:50 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 19:40:50 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 19:39:38 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.23 19:39:38 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.23 19:39:38 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.23 19:39:38 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.23 19:39:38 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.23 19:33:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.23 19:33:40 | 2114,625,535 | -HS- | M] () -- C:\hiberfil.sys [2013.04.21 23:03:32 | 000,000,024 | ---- | M] () -- C:\Users\****\AppData\Roaming\Network Meter_Usage.ini [2013.04.20 21:19:17 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini [2013.04.12 20:48:15 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.12 20:48:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.12 20:43:40 | 000,418,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.11 19:32:27 | 000,001,340 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.02 23:32:09 | 000,000,274 | ---- | M] () -- C:\Windows\Brownie.ini [2013.04.02 23:32:06 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Local\PUTTY.RND [2013.04.02 20:03:33 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.02 20:03:33 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.02 20:03:33 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2013.04.20 21:19:17 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2013.04.03 20:23:54 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2013.03.23 20:12:17 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND [2013.03.06 19:05:27 | 000,000,024 | ---- | C] () -- C:\Users\****\AppData\Roaming\Network Meter_Usage.ini [2013.03.06 19:02:51 | 000,011,666 | ---- | C] () -- C:\Users\****\Network_Meter_Data.js [2013.02.20 22:52:55 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.02.20 22:52:55 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013.02.04 23:00:00 | 000,003,382 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv [2013.02.03 19:55:31 | 000,000,531 | ---- | C] () -- C:\Windows\wiso.ini [2013.01.13 15:55:37 | 000,000,576 | ---- | C] () -- C:\Users\****\AppData\Roaming\All CPU MeterV3_Settings.ini [2013.01.12 16:19:04 | 000,000,252 | ---- | C] () -- C:\Users\****\AppData\Roaming\GPU MeterV2_Settings.ini [2013.01.12 16:17:44 | 000,001,130 | ---- | C] () -- C:\Users\****\AppData\Roaming\Network Meter_Settings.ini [2013.01.12 16:15:05 | 000,000,839 | ---- | C] () -- C:\Users\****\AppData\Roaming\Drives Meter_Settings.ini [2013.01.12 03:28:40 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2013.01.12 03:28:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2013.01.12 03:28:40 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2013.01.12 03:28:22 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.01.12 03:27:15 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat [2013.01.12 03:26:50 | 000,000,274 | ---- | C] () -- C:\Windows\Brownie.ini [2013.01.11 23:24:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.01.11 23:23:06 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.01.11 23:23:06 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013.01.11 23:23:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2013.01.11 08:06:57 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.11 08:03:48 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013.01.11 02:04:50 | 000,007,597 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.10.10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 03:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 03:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.03 19:56:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Buhl Data Service [2013.01.19 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CrypTool [2013.01.19 20:07:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ-Profile [2013.01.19 20:03:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQM [2013.04.12 20:46:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Jumping Bytes [2013.01.11 01:53:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera [2013.01.12 04:27:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Origin [2013.04.16 21:32:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Red Alert 3 [2013.02.20 22:51:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Samsung [2013.01.12 16:57:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Swiss Academic Software [2013.01.12 01:34:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2013.01.11 23:47:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TrueCrypt [2013.02.22 22:22:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ubisoft [2013.01.19 17:33:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.04.2013 21:37:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 77,09% Memory free
15,92 Gb Paging File | 13,45 Gb Available in Paging File | 84,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,57 Gb Total Space | 57,44 Gb Free Space | 51,49% Space Free | Partition Type: NTFS
Drive D: | 7,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 931,51 Gb Total Space | 761,46 Gb Free Space | 81,74% Space Free | Partition Type: NTFS
Drive F: | 1363,01 Gb Total Space | 325,14 Gb Free Space | 23,85% Space Free | Partition Type: NTFS
Drive G: | 500,00 Gb Total Space | 332,64 Gb Free Space | 66,53% Space Free | Partition Type: NTFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-617984047-1022462007-3006896860-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FBF198B-F15B-46BA-82FB-92FFA30D6F04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{276528C3-138A-40E8-94E2-D4CE7915232C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2B7C1642-C074-4CD1-BC3C-9AA620B1D11A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{33419E14-F998-4B7D-A469-392C235B423E}" = lport=138 | protocol=17 | dir=in | app=system |
"{36863865-CBBF-4332-B77A-27AEF1FC2D29}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41B6DA0D-FBA5-418C-8E44-1E27234799EC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{445B7FDB-640F-4AE2-800B-E1A4B1DD634B}" = lport=137 | protocol=17 | dir=in | app=system |
"{446BA78A-E9EE-439A-A766-869133DB011C}" = rport=137 | protocol=17 | dir=out | app=system |
"{6D90640A-80AD-497A-98B4-375D75B907F8}" = rport=445 | protocol=6 | dir=out | app=system |
"{7DDECE48-4282-439E-9DCE-280A73F2120B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{83473D52-B2FF-4320-95F3-68C3D97BE3D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{977C4F7F-7CC7-4C31-945B-E63677D20320}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A22A678-02DB-46C4-AC3D-B4F8ECB710CB}" = lport=445 | protocol=6 | dir=in | app=system |
"{B335EA8E-FA8C-48A2-8A2E-907589A99774}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B72162FF-9286-41FD-97C5-88EFFC22DA08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF139E0B-34AD-4742-9956-152ECB5F35B1}" = rport=138 | protocol=17 | dir=out | app=system |
"{CC78DAB5-72B3-4C4B-86F5-76110A887BCD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1D0F3DC-3BF8-4D05-95D0-E83DBE06B701}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DAA03A09-9085-4486-869F-353AAE029215}" = lport=139 | protocol=6 | dir=in | app=system |
"{F147F9A6-DB05-4866-B041-253FD9014F20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7137B38-B7D9-4612-B40A-1E15D6AA362F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F787289C-744A-4DBD-AB24-9FA6E8410F94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9C9B2E8-D777-48A9-8F99-D7F4D8A00B3E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC9DF6D5-C58D-4447-9B3D-09547C25D3D8}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C3E11A-6316-42E7-807F-551758A16E75}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{04D1FF61-772E-4067-B24F-129E87C25F2F}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{04FFCD75-C9CB-45F6-86D5-27609860036D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{082722F1-3FEF-4EB4-A02F-D5A7879079A8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1AD950F7-5A18-47DA-8848-697EF43D6C33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2873A3CE-4070-4421-8378-36532BB1426E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2BFF4593-7BAD-42EA-9E0F-1BE15EB14982}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\anno4.exe |
"{2FF35E24-0B5F-4765-AF6B-9828431656CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E8715B4-6409-43EC-87AE-473BAE226FE4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{44770D65-590E-4D39-8904-36861AFA0A54}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{4514F9C8-6470-4AA1-B9B1-679828C2B67C}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{47EC13A9-1BC1-4C08-9F95-BA7499F98EA2}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{4F56AE84-2B70-4C22-B41C-82588963BF12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5082D0AF-64D0-4D8A-AA05-9A8DC0EF514D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53C17DAA-19C8-4653-843F-33DCA502F61E}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{640A1755-1574-460B-A3C5-87CA296F14DD}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{64DA73EA-7C7F-4A04-9B46-2004768839A0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6658D25B-439E-4206-A945-62E1B6CB824C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6781FFEF-E1D6-46AB-BB32-3C9574140594}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{688C79C3-EE41-4738-8F79-00D53476012F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B1902A5-D13E-42AE-99AE-DAFAC4460176}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6CB5BAF3-6670-42BC-AF98-386E13DDA289}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{6CE32060-9E4E-4E31-A8B9-D860750BCD65}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E859C61-B0B4-4AE3-B9D3-05A109A32390}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B9697F4-26EC-47D3-915D-E14F99D1387F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EB8C43A-DB87-4499-8745-D42BFD5BE435}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F708DB7-BF5D-4728-A7C4-7AF37DD407D2}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8EE3F319-B3F6-4BD5-996E-F70133653AD1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9396B61B-D62C-495D-BBEF-119F79E9632A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94998B10-D9BB-4704-9043-7053EB87CED2}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{976284CE-0F90-4217-824C-8E27009D6FEA}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{98FEDE2D-F0A9-41D9-8E86-326B51CE6BF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9BBD810C-D3A8-455C-B4BA-90EF562ED67D}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\anno4.exe |
"{A3E90030-CD33-486A-9425-30D274BA7499}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{A5B7B329-09EB-4F7C-A5AD-4DBE46A62A32}" = protocol=6 | dir=out | app=system |
"{AC04C0C1-2896-4ED8-9CDF-29A7DF54ED56}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AD0C6E5B-CA95-4F26-9328-5165AAEB0C98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AE19FF22-0515-4DA8-A221-24C5E49B01C5}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{B40C780E-C719-4DE4-9242-46E7CA9992B2}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{BBC786EB-5B51-47E9-B9CD-0201939CAE63}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\steam\steam.exe |
"{BC308061-2372-45E5-863C-C0D68C91F6D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5905A0C-52A8-42FC-9B2A-AB5A5F6DEDD8}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{C8C91754-081F-41B6-AE81-6DF8E5794F25}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{D48CC1C4-19A7-47D8-9EB4-BE444CFE8585}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{EA45FB32-C09C-4A6E-96D2-6161D45934DA}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\steam\steam.exe |
"{EA79C7D6-1507-4B9F-9C3E-F9F53B754927}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EC345C24-3A64-4124-B256-609FA6DA58F0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED2D006F-6140-4C40-A2A4-3612C77DE2EC}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe |
"{EDC5317A-77EF-41AD-9D93-C31608A5AFB4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F1A454B7-F122-4E02-86E6-41D1293914BE}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe |
"{F7DFE7FC-6BBC-46EB-B105-3387243E36F2}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{FD88834B-FB10-4D37-A968-0904A26EAFB3}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"TCP Query User{8A399D68-A838-47FC-914C-68A55EA1751F}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"TCP Query User{BA3F1E74-04D6-47EF-93F6-7A663AE6FBB7}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"TCP Query User{D221EEC6-C8B6-4EDD-88C7-DC53268CFDD8}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{E8B7D228-723F-433E-9642-E150F8553EF4}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{246EBC39-CDB0-4A6D-84A0-733143E44C38}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"UDP Query User{612D8C9C-0F3C-449D-87E6-8FE2E740ECB8}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"UDP Query User{944089AF-BE00-492A-8818-9BBDF69C50AA}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{DF84F7E9-7F80-494C-9583-C28B0E1E3BC3}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06CB0DD1-71A5-F352-E0A9-FE6016380A8F}" = AMD Drag and Drop Transcoding
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}" = AMD Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{477D05CA-C151-9CF5-22A1-9DF6DF543CD4}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9069EE0A-7615-4D86-AD80-CA263E936DA6}" = UltraMon
"{C1ACBDBF-6F86-185A-E158-AB07893968FC}" = AMD Accelerated Video Transcoding
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D61EB116-6878-9676-F28F-54F6B647023C}" = ccc-utility64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Serviio" = Serviio
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{022BC727-ACB7-4C1D-109C-177515714A32}" = Catalyst Control Center
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish
"{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English
"{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard
"{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B12.0822.1
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2BD6DD47-D5BA-49B1-A91F-C716CD8EF016}" = Brother HL-2030
"{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean
"{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish
"{6B1F9121-5599-47F9-9F82-9FEA0F03C47F}" = 3DPower B12.0619.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{8444E466-CE54-4D77-BC84-0007C7B4710B}" = PureSync
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy
"{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.1
"{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All
"{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian
"{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CrypTool" = CrypTool 1.4.30
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netzmanager" = Netzmanager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"PureSync" = PureSync 3.7.5
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TrueCrypt" = TrueCrypt
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-617984047-1022462007-3006896860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.04.2013 15:24:17 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xd40 Startzeit der fehlerhaften Anwendung: 0x01ce32332895bde0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 6832bdfe-9e26-11e2-ac8f-902b34a70c96
Error - 11.04.2013 13:17:00 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.04.2013 14:45:28 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.04.2013 13:09:51 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.04.2013 13:57:43 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.04.2013 15:05:27 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.04.2013 13:14:22 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.04.2013 15:37:07 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.04.2013 15:19:08 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.04.2013 13:08:15 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2013 13:35:33 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 23.04.2013 13:34:21 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.
Error - 23.04.2013 13:34:21 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 23.04.2013 13:34:21 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 23.04.2013 13:34:51 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391706
(0xFE210026) Description: CERTIFICATE_ERROR_VERIFY_POLICY_FAILED:Certificate failed
a policy check server name: vpn-unidsl.rwth-aachen.de
Error - 23.04.2013 13:34:53 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.
Error - 23.04.2013 13:34:53 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 23.04.2013 13:34:53 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 23.04.2013 13:38:44 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 23.04.2013 13:38:44 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 23.04.2013 13:38:44 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ System Events ]
Error - 21.03.2013 12:50:56 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 21.03.2013 12:50:56 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 21.03.2013 12:50:57 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 02.04.2013 17:31:25 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 02.04.2013 17:31:26 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 02.04.2013 17:31:27 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 11.04.2013 13:39:30 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 11.04.2013 13:39:30 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 23.04.2013 14:08:56 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 23.04.2013 14:08:56 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-23 22:12:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Samsung_SSD_840_Series rev.DXT06B0Q 111,79GB
Running: h4ucxbhr.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kgtiruod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 696 fffff800037b9088 7 bytes [04, AD, 69, 02, 0D, AD, 69]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3200] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000076fd000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3200] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007705f85a 5 bytes JMP 000000017700d571
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b21465 2 bytes [B2, 75]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b214bb 2 bytes [B2, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1764:1768] 00000000001bd227
Thread C:\Windows\SysWOW64\ntdll.dll [1764:2456] 000000007291e2db
Thread C:\Windows\SysWOW64\ntdll.dll [1764:2596] 0000000070b58df0
Thread C:\Windows\SysWOW64\ntdll.dll [1764:2600] 0000000070b58df0
Thread C:\Windows\SysWOW64\ntdll.dll [1764:2604] 0000000070b58df0
Thread C:\Windows\SysWOW64\ntdll.dll [1764:2608] 0000000070b54e70
Thread C:\Windows\SysWOW64\ntdll.dll [4068:5576] 0000000000652870
Thread C:\Windows\SysWOW64\ntdll.dll [4068:2760] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:1392] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:2148] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4292] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4188] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:6052] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4960] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4668] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4756] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4980] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:5924] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:3468] 0000000000406a04
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden |
| adobe reader xi, antivir, autorun, bho, blockiert, cpu, desktop, dllhost.exe, emsisoft, error, failed, flash player, frage, helper, iexplore.exe, install.exe, logfile, mozilla, ntdll.dll, plug-in, problem, programm, prozesse, registry, rundll, security, senden, svchost.exe, taskhost.exe, trojaner, udp, windows |
Baum-Darstellung