| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop CPU Auslastung bie Start schon 100%Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.04.2013, 19:05
| #1 |
 |  Laptop CPU Auslastung bie Start schon 100% Guten Tag liebe leute! Schreibe zum Ersten mal hier im Forum und hoffe bin hier richtig. Also hab mir vorgenommen den Lappi von meiner Freundin mal bissl schneller zu machen weil sie immer drüber klagt wie sehr doch alles hängt. So nun hab ich gesehen das die CPU auslastung schon beim start 80- 100% ist. Sie hat den Lappi von ihrem Stiefpapa und was der damit gemacht hat weiß ich net^^ hab versucht mit Avira zu schauen ob was an Schädlingen drauf ist aber der findet nix. Hab CCleaner drüber laufen lassen und paar GB belöscht aber auch das hat nicht geholfen. Nun hab ich dieses ESET was hier im Forum immer wieder auftaucht drüber laufen lassen aber das ist schon ne halbe stunde dran und braucht auch denke noch mindestens 1 stunde. Würde ja auch gern Alles runter hauen und Windows neu drauf ziehen aber auch das ist keine Option da ich davon keine CD/DVD hab und der bei der letzten Virus Attacke schon den Code nicht angenommen hat der unten auf dem Laptop steht(wieso auch immer er den haben wollte). Hoffe ihr habt alles verstanden und könnt bissl helfen MFG TheDragon |
|
28.04.2013, 20:15
| #2 |
| /// TB-Ausbilder   |  Laptop CPU Auslastung bie Start schon 100% Hi,
__________________poste dann das Ergebnis vom ESET-Scan, sobald er fertig ist. Und zusätzlich: Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.
__________________ |
|
29.04.2013, 06:08
| #3 |
| | Laptop CPU Auslastung bie Start schon 100%Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=03bb8ff539302d4c878a7fa653fddf14
# engine=13715
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-28 10:36:44
# local_time=2013-04-29 12:36:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 99 41352 232611894 34064 0
# compatibility_mode=3588 16777213 100 96 55425938 116262939 0 0
# compatibility_mode=5893 16776574 100 85 119627347 119627347 0 0
# scanned=222198
# found=2
# cleaned=0
# scan_time=17627
sh=5A9C0319F37CD9770F67986928109EE8CE1DDCDE ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\ProgramData\qijsslxkrbtjtau\main.html"
sh=5A9C0319F37CD9770F67986928109EE8CE1DDCDE ft=0 fh=0000000000000000 vn="HTML/Ransom.B trojan" ac=I fn="C:\Users\All Users\qijsslxkrbtjtau\main.html"
|
|
29.04.2013, 12:37
| #4 |
| /// TB-Ausbilder | Laptop CPU Auslastung bie Start schon 100% Ok, wenn ich über den Rechner drüberschauen soll, dann mach und poste bitte noch die Gmer- und OTL-Logs (wie in oben verlinkter Anleitung beschrieben).
__________________ cheers, Leo |
|
29.04.2013, 17:22
| #5 |
| | Laptop CPU Auslastung bie Start schon 100% So also hier schonmal die log files von OTL^^ hoffe ist so richtig^^ Code:
ATTFilter OTL Extras logfile created on: 29.04.2013 17:47:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,63% Memory free
5,62 Gb Paging File | 4,59 Gb Available in Paging File | 81,65% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,01 Gb Total Space | 13,87 Gb Free Space | 12,61% Space Free | Partition Type: NTFS
Drive D: | 27,32 Gb Total Space | 4,56 Gb Free Space | 16,69% Space Free | Partition Type: NTFS
Drive E: | 686,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: JULIA | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08654EFC-46D2-4C7E-8516-CBEC8F76F8D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11DD7A5B-9ECE-4269-A6EC-C84D60C430EF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{14CC44CF-1814-4958-8912-8330D4E7512F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17BB42EB-08EE-461F-8CB1-C00F2B5428D1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E692585-2289-4B9D-A7F7-F25A476E36B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{244826D4-2539-48CF-9127-90D678720DC8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{245819C8-95E9-442E-8238-68D8706BE827}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25201575-ACFF-4E17-B434-B224C01AC8BE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{26CDC7F8-C596-463C-AFF6-BF8C98BB5CE5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27A0B88B-8FBA-464A-98FC-50CE7E9C43C1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2B42F44B-8F4F-43DC-B3F8-B69C70831BD1}" = lport=56146 | protocol=17 | dir=in | name=pando media booster |
"{2E3F8C69-A9BC-4729-8E2D-20FFB2B3C810}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EFAC057-D9A6-42DF-9935-6D882A41B446}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3960544B-11D7-4649-A843-C47BB3C4F6EF}" = rport=2869 | protocol=6 | dir=out | app=system |
"{3B37398C-220F-4F67-BEE0-45315AA1F304}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3C55CB81-366D-4957-8101-111F6795F10E}" = lport=56146 | protocol=6 | dir=in | name=pando media booster |
"{4076C664-17BD-4ACE-AC53-48ECDFD8F43E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4919EB46-C9D9-40A7-A404-4BDFC3A98F84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6DA6348B-DBCE-459E-A250-8CAC582239B2}" = lport=56146 | protocol=17 | dir=in | name=pando media booster |
"{74E4FD2D-924D-479A-A2FE-65104983704A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BA7B517-2784-4A01-897E-B23ECEB9E489}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8328CD22-6AC2-4224-989B-2955C27ED807}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9BF01D92-EA84-4ED0-BD56-E5D7CFDEA257}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BCF982F3-168F-48A7-B8B2-45C2F488E540}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C38A7B74-26F6-4F04-A8F8-DEAB4FF87043}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D29E965B-D55F-42FA-A13B-9EA6BC567CD0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D61CD1CB-79B5-4D5A-A773-B676BE57AEEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D95B8AFD-2716-4081-B017-01BD33740E54}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F042C6D3-CE6B-4BAA-ABBE-FE5F5FB76FF9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F1F842F3-E112-4AC2-B001-406C4E61C270}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBEDFB4E-1D81-4963-A548-A0D13EECC9C5}" = lport=56146 | protocol=6 | dir=in | name=pando media booster |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EB7D70-CB18-45D9-8F7B-2B04F36EEE4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0983506B-E96F-40F7-AEA6-2572DBB6B1BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AF33586-4A72-4829-9698-4F5CD1561072}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0B7F9B07-2594-46B0-9FAE-241CBE44CD78}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{0DC9917C-7EE7-4870-818C-AB72F8D67785}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10C5A32D-332C-49F5-8696-1772DB219F67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{145147C7-F7D9-4B4E-84A6-FA13686DC8CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D304778-FED4-41AA-8572-648689D167BC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1FACE77A-7DD6-4E84-A8F9-BA7808A73669}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2940E372-AAF8-4DAC-87C9-71537559387D}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"{29B36FAB-3049-4407-B373-268A7F2B05C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31FC7D30-CD46-4855-89D5-0F9B5DEE11E1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{3D2AE433-A82E-4798-97F1-4B414569365A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{42C754CE-D0F1-4AB7-8567-E8A35D7E6F6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46551134-08DA-4F72-9923-2F283A9D7047}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{4F5CF4EE-A45F-4F3A-B4BB-6E782BB09FBA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{57997001-ACC7-4DCD-B52F-45A2A6E14A6B}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{67DF9DDC-34F4-4D54-AE41-656E6908A64F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F2D788A-FA0A-4638-B98C-5EFB3F04C3C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{75D3E1ED-F0DC-47D1-B964-91B8AA57AF4E}" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"{76C783FD-E128-4813-B5E9-F0D4ECE3D44E}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"{803EB001-F3F1-418C-9E1E-08DF306EC221}" = protocol=17 | dir=in | app=f:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{8A9DD836-232F-4FA3-ABDA-505B1FBFF51C}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{96361FF8-BE43-418D-9816-A2A5BD123E0C}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{9932F96B-AE10-4172-81E4-DD159A83267D}" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"{AF62976E-04AC-4754-B165-F9ADE49F7038}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{B00252FA-DFAD-4664-B49D-25460B0AD532}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{B6591B29-2080-4203-AE77-6DB7F0C210DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C98D76A3-20B3-4BD7-9565-76CE76BDF095}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D4E08671-7822-45FE-95F8-22A80710A548}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9030FCB-998C-4856-8F61-DE7D0ED38A0B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DC28CD57-D724-4152-8C8F-E8D67D969F27}" = protocol=6 | dir=out | app=system |
"{E0B15398-906E-4B55-8598-4222EF3C8A8D}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{EDD2E25D-7504-4D7F-A499-095AF179BC8C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F140104D-7EB4-4C2E-9706-D5A22CCE1137}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F3EB9915-821B-4A36-8C6C-F1C036BC55EB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FF36D5AD-DC41-4543-AEBE-0304E3E96D14}" = protocol=6 | dir=in | app=f:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"TCP Query User{1F751E3E-FD2F-4084-91B6-567EFA2267D4}C:\ut2003\system\ut2003.exe" = protocol=6 | dir=in | app=c:\ut2003\system\ut2003.exe |
"TCP Query User{235647C8-5FDB-4E7C-AE48-857C9A8E62CA}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe |
"TCP Query User{28FC8C5F-1E67-4047-859E-4FA418A4EE02}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{2D96F0DD-132B-463F-9128-8D96D5AFC064}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"TCP Query User{33E65000-08B3-4C07-AF99-F1D27BC00DE3}C:\users\gast\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\gast\program files\dna\btdna.exe |
"TCP Query User{437B0D32-6233-498D-A6CB-C5619EBBE5BB}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{4F6A8E47-CB0C-46ED-A33D-C811B7AC06FB}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{52EE82B5-06ED-447E-8520-FD9D82DDCB8E}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{53B0FECA-5F72-464C-B688-B1072EB3CD9E}F:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.exe |
"TCP Query User{55D6EEFA-7362-4539-BC56-743B9248775D}F:\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe |
"TCP Query User{6E325B3B-4518-4506-A1A8-CD9EF9C735BD}F:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"TCP Query User{89E24BA8-DA63-4F2E-BAA3-9352C730E1A6}F:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=f:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"TCP Query User{8F792D6F-067F-4B45-B78F-CB111B4E7FD8}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B4FCDBDE-3050-464C-958E-5EA5EDE9B2C1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{BBCBB806-2DD0-40AB-BDBA-3C11F4C3D06A}F:\world of warcraft\repair.exe" = protocol=6 | dir=in | app=f:\world of warcraft\repair.exe |
"TCP Query User{C2BEF8A5-E864-40AE-994A-1054A7AC9643}C:\users\user\desktop\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe |
"TCP Query User{D85AA258-2F53-4C8A-9758-8E833CD67CF2}C:\users\user\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\user\program files\dna\btdna.exe |
"TCP Query User{F5840FFA-0572-43D6-95BD-F97A1CE2A16E}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{F5B98561-B81A-49FB-ADFF-ECE22BA1367F}C:\users\gast\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\gast\program files\dna\btdna.exe |
"UDP Query User{17BB8C5D-FC5C-4EA5-9364-07C546E7DCC9}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{2881D1F4-ACE2-48BC-8D0D-48276D89C547}F:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"UDP Query User{34707DF4-359F-4F21-A959-1F7872ABBDB3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3EB5BF72-9656-4F95-9766-284DA173D8E1}F:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.exe |
"UDP Query User{43DAC4C6-D45C-470B-B218-F6F13B991424}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{5392B246-14AF-49F5-B405-0E374D03C5C5}C:\users\user\desktop\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe |
"UDP Query User{53D46A22-EF38-4D0D-9D84-83DB6F3B6563}F:\world of warcraft\repair.exe" = protocol=17 | dir=in | app=f:\world of warcraft\repair.exe |
"UDP Query User{5FA6110E-C3D8-47AC-8231-3BFE28527AC7}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{60CBB0A1-0CF8-42B1-8C5B-F95AE7B4C3BD}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{68891A2D-66BB-4695-8413-887D48796BC3}C:\users\gast\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\gast\program files\dna\btdna.exe |
"UDP Query User{78BE329F-CC3A-4463-A3E8-2084384F3B01}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe |
"UDP Query User{7D29ED84-6191-41BE-B35F-E39BE58DE8AA}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B10A09FE-0229-4100-8E67-3C2883BEF70A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{BDB99255-234D-4D5A-9BBD-29E9DC4AD4A5}C:\ut2003\system\ut2003.exe" = protocol=17 | dir=in | app=c:\ut2003\system\ut2003.exe |
"UDP Query User{CF027B4E-CE02-4409-BD5D-CDE848F9F17E}F:\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-dede-downloader.exe |
"UDP Query User{D5CEF04D-BF87-4D0F-9C18-EDCC25D3281A}F:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=f:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{EFAEC3CD-1DA4-41B5-ABE4-18ADB9DDEF9B}C:\users\gast\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\gast\program files\dna\btdna.exe |
"UDP Query User{F27C80AD-8472-4DAA-84CB-2E5F43B34713}C:\users\user\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\user\program files\dna\btdna.exe |
"UDP Query User{FBC63886-CA0A-4430-8A63-3A23493DD982}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = Spellforce 2 - Shadow Wars
"{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22984187-6C4C-4871-8A72-ABBF24F3ADF8}" = Requiem
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition
"{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}" = SpellForce 2 Shadow Wars
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-3.4.0.20
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{38FC2AF7-9140-409F-8F85-0375B3ED6641}" = FooBillard++
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{60B81442-7AB5-49A2-BF90-02A2786587ED}" = USB-Flachbettscanner
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61563672-84C4-47A2-A037-B4322C38FFCE}" = Manga Studio EX 4.0
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{777C64A3-5909-4DBC-B917-F5AD8DFB9B09}" = COMPUTERBILD Alles-Öffner
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{8842825B-C865-40D3-89FD-A48A942195B4}" = Wireless LAN Driver
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPROR_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{91244C78-951F-457C-B7E5-1447A3F79238}_is1" = ANSTOSS 4 Edition 03-04 1.7
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A70ABAD3-7887-4F7F-9DA3-80363E70FDC2}" = Buhl Buero komplett
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B388231D-672A-4169-A3DF-BD80266252AB}" = StarMoney
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{D1D02D9E-46BB-484D-B051-27D72C85F75B}" = COMPUTERBILD Alles-Öffner
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E9E4BB29-FA98-401B-9EDE-9906906E33DE}" = Paragon Festplattenmanager 2007
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface
"ANNO1602" = Anno 1602
"Ashampoo WinOptimizer 2012_is1" = Ashampoo WinOptimizer 2012 v.8.1.4
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cave Quest" = Cave Quest
"CCleaner" = CCleaner (remove only)
"Die Jade-Münze" = Die Jade-Münze
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EdenEternal-DE" = EdenEternal-DE
"ESET Online Scanner" = ESET Online Scanner v3
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"KnightsAndMerchants" = KnightsAndMerchants
"Land der Magie" = Land der Magie
"Metin2_is1" = Metin2
"Moorhuhn Piraten" = Moorhuhn Piraten
"Motherboard Monitor 5.3.7.0 Languages_is1" = Motherboard Monitor 5 Languages
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PRJPROR" = Microsoft Office Project Professional 2007 Trial
"RealPlayer 12.0" = RealPlayer
"Retter in der Not" = Retter in der Not
"Ritter Arthur" = Ritter Arthur
"RollerCoaster Tycoon Setup" = Roll
"S4Uninst" = Die Siedler IV
"Sandra Fleming Chronicles – Crystal Skulls" = Sandra Fleming Chronicles – Crystal Skulls
"Sheep" = Sheep
"Soul Reaver 2" = Soul Reaver 2
"UT2003" = Unreal Tournament 2003
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.04.2013 18:36:22 | Computer Name = Julia | Source = EventSystem | ID = 4621
Description =
Error - 25.04.2013 00:48:57 | Computer Name = Julia | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 25.04.2013 18:18:39 | Computer Name = Julia | Source = MsiInstaller | ID = 11321
Description =
Error - 25.04.2013 18:18:49 | Computer Name = Julia | Source = MsiInstaller | ID = 1024
Description =
Error - 25.04.2013 18:18:49 | Computer Name = Julia | Source = MsiInstaller | ID = 1024
Description =
Error - 26.04.2013 07:02:06 | Computer Name = Julia | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 26.04.2013 18:48:28 | Computer Name = Julia | Source = EventSystem | ID = 4621
Description =
Error - 27.04.2013 01:05:35 | Computer Name = Julia | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 28.04.2013 06:48:14 | Computer Name = Julia | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
Error - 28.04.2013 13:29:13 | Computer Name = Julia | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
[ OSession Events ]
Error - 18.11.2007 10:50:07 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 389
seconds with 360 seconds of active time. This session ended with a crash.
Error - 11.12.2007 07:21:33 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 217
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.04.2013 10:00:55 | Computer Name = Julia | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 29.04.2013 10:03:58 | Computer Name = Julia | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 29.04.2013 10:07:42 | Computer Name = Julia | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 29.04.2013 10:17:10 | Computer Name = Julia | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 29.04.2013 10:27:22 | Computer Name = Julia | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 29.04.2013 10:33:19 | Computer Name = Julia | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 29.04.2013 10:35:47 | Computer Name = Julia | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 29.04.2013 10:56:59 | Computer Name = Julia | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 29.04.2013 11:29:03 | Computer Name = Julia | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 29.04.2013 11:39:26 | Computer Name = Julia | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agent nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
< End of report >
Code:
ATTFilter OTL logfile created on: 29.04.2013 17:47:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
|
|
29.04.2013, 20:56
| #7 |
| | Laptop CPU Auslastung bie Start schon 100%Code:
ATTFilter OTL logfile created on: 29.04.2013 17:47:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,63% Memory free 5,62 Gb Paging File | 4,59 Gb Available in Paging File | 81,65% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,01 Gb Total Space | 13,87 Gb Free Space | 12,61% Space Free | Partition Type: NTFS Drive D: | 27,32 Gb Total Space | 4,56 Gb Free Space | 16,69% Space Free | Partition Type: NTFS Drive E: | 686,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JULIA | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe PRC - [2012.11.14 21:23:44 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\user\AppData\Local\Skillbrains\lightshot\3.4.0.20\LightShot.exe PRC - [2012.08.08 20:59:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2006.12.29 12:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe ========== Modules (No Company Name) ========== MOD - [2010.02.27 14:20:46 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2010.02.27 14:20:45 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.02.27 14:20:45 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.02.27 14:20:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.02.27 14:20:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.02.27 14:20:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2010.02.27 14:20:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.02.27 14:20:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.02.27 14:20:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.02.27 14:20:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.02.27 14:20:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.02.27 14:20:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.02.27 14:20:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2010.02.27 14:20:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.02.27 14:20:23 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.02.27 14:20:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.02.27 14:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.02.27 14:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.02.27 14:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.02.27 14:20:23 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2010.02.27 14:20:23 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2010.02.27 14:20:22 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.02.27 14:20:22 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.02.27 14:20:22 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.02.27 14:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.02.27 14:20:21 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.02.27 14:20:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.02.27 14:20:20 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.02.27 14:20:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.02.27 14:20:19 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll MOD - [2010.02.27 14:20:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.02.27 14:20:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.02.27 14:20:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll MOD - [2009.07.14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll MOD - [2009.07.14 06:42:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ========== Services (SafeList) ========== SRV - [2013.04.05 12:58:54 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2012.12.06 17:12:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.08.27 10:48:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVEX15.SYS -- (NAVEX15) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVENG.SYS -- (NAVENG) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.03 15:54:37 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\cchpx86.sys -- (ccHP) DRV - [2009.10.29 00:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys -- (IDSVix86) DRV - [2009.10.23 17:03:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.09.11 13:34:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\SymEFA.sys -- (SymEFA) DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1008000.029\srtsp.sys -- (SRTSP) DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86) DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symtdi.sys -- (SYMTDI) DRV - [2009.08.22 09:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symfw.sys -- (SYMFW) DRV - [2009.08.22 09:21:19 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symndisv.sys -- (SYMNDISV) DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\srtspx.sys -- (SRTSPX) DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.27 12:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.05.27 12:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.05.27 12:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.05.27 12:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007.03.09 07:29:00 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr) DRV - [2001.06.07 17:56:38 | 000,018,120 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ArtecGT.sys -- (SampleScanner) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} IE - HKCU\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIC IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=VZ2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q=" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B33044118-6597-4D2F-ABEA-7974BB185379%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - prefs.js..network.proxy.type: 4 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.yodl.de/?&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.26 23:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.07.27 12:29:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.03.22 15:28:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.28 16:24:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 17:12:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\user\AppData\Roaming\17001.005 [2012.12.10 23:59:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 17:12:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2010.02.26 23:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2012.12.03 22:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions [2010.05.02 05:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.29 17:00:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.11.21 23:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012.10.14 19:20:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\moveplayer@movenetworks.com [2012.12.03 22:52:29 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.11.27 01:14:43 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.27 01:15:12 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.27 10:19:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2009.01.23 14:10:22 | 000,000,681 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\ask.xml [2007.11.23 13:11:15 | 000,000,953 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\businesscom.xml [2009.10.23 17:11:57 | 000,002,395 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\daemon-search.xml [2012.12.01 00:00:23 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin-1.xml [2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.gif [2010.05.14 02:52:20 | 000,000,955 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.xml [2009.11.27 00:15:18 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\sweetim.xml [2012.12.06 17:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.12.06 17:12:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.12.06 17:12:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.12.06 17:12:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.06 17:12:04 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [2012.12.10 23:59:35 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\USER\APPDATA\ROAMING\17001.005 [2012.12.06 17:12:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 18:31:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation) O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [LightShot] C:\Users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe () O4 - HKCU..\Run: [Ybgiyw] C:\Users\user\AppData\Roaming\Luawha\anze.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Suche - res://D:\Software\eBayTb.dll/RCSearch.html File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9783C717-B01F-4A76-9322-21990B52AC05}: DhcpNameServer = 192.168.179.20 O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.08.28 17:02:02 | 000,595,456 | R--- | M] (MAX DESIGN) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,766 | R--- | M] () - E:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{5fccb030-231a-11df-8fd0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5fccb030-231a-11df-8fd0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2000.08.28 17:02:02 | 000,595,456 | R--- | M] (MAX DESIGN) O33 - MountPoints2\{c673243e-2326-11df-ac2d-00030d696d29}\Shell - "" = AutoRun O33 - MountPoints2\{c673243e-2326-11df-ac2d-00030d696d29}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{e0a12629-489b-11df-8ecb-ffbd129f3a6b}\Shell - "" = AutoRun O33 - MountPoints2\{e0a12629-489b-11df-8ecb-ffbd129f3a6b}\Shell\AutoRun\command - "" = H:\autorun.exe -auto O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.29 17:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013.04.28 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Vieqy [2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Luawha [2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ackyze [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013.04.29 17:44:19 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable [2013.04.29 17:21:27 | 000,704,038 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.29 17:21:27 | 000,665,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.29 17:21:27 | 000,149,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.29 17:21:27 | 000,126,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.29 16:38:24 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job [2013.04.29 14:16:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1062125089-281619726-1483776901-1000.job [2013.04.28 23:36:49 | 000,007,601 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2013.04.28 19:29:36 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013.04.28 19:28:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.28 19:28:44 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys [2013.04.28 12:58:44 | 000,002,228 | ---- | M] () -- C:\Users\user\Documents\cc_20130428_125837.reg [2013.04.27 00:48:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.27 00:48:45 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 15:00:01 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job [2013.04.08 18:43:56 | 000,005,318 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat [2013.04.08 18:37:29 | 000,000,541 | ---- | M] () -- C:\Users\user\AppData\Local\UserProducts.xml [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.29 17:43:32 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable [2013.04.28 12:58:41 | 000,002,228 | ---- | C] () -- C:\Users\user\Documents\cc_20130428_125837.reg [2013.01.20 15:42:28 | 000,000,541 | ---- | C] () -- C:\Users\user\AppData\Local\UserProducts.xml [2012.12.08 22:18:34 | 000,000,016 | ---- | C] () -- C:\Users\user\AppData\Roaming\blckdom.res [2012.10.26 00:37:04 | 000,009,728 | ---- | C] () -- C:\Users\user\model.wps [2012.10.25 18:53:08 | 083,023,306 | ---- | C] () -- C:\ProgramData\netdislw.pad [2012.10.23 00:10:22 | 000,128,429 | ---- | C] () -- C:\Users\user\pinsel-atmosphere(19).jpg [2012.10.23 00:06:45 | 004,388,731 | ---- | C] () -- C:\Users\user\clockwork_thoughts__unpainted__by_ariscene.jpg [2012.10.22 23:44:58 | 000,106,347 | ---- | C] () -- C:\Users\user\a80395c-large.png [2012.09.27 23:26:50 | 000,896,773 | ---- | C] () -- C:\Users\user\mmmm.jpg [2012.09.27 23:16:12 | 000,896,991 | ---- | C] () -- C:\Users\user\Unbenannt-3 Kopie.jpg [2012.09.27 23:15:49 | 006,926,780 | ---- | C] () -- C:\Users\user\Unbenannt-3.psd [2012.09.18 15:45:33 | 000,093,949 | ---- | C] () -- C:\Users\user\Unbenannt-1.gif [2012.09.18 01:37:21 | 001,164,828 | ---- | C] () -- C:\Users\user\Unbenannt-1.psd [2012.09.13 20:13:22 | 000,544,232 | ---- | C] () -- C:\Users\user\war2g.gif [2012.09.13 20:01:39 | 009,963,316 | ---- | C] () -- C:\Users\user\Unbenannt-2.psd [2012.09.13 19:50:59 | 000,521,549 | ---- | C] () -- C:\Users\user\War2.gif [2012.07.30 03:23:42 | 000,051,200 | ---- | C] () -- C:\Users\user\take2.wps [2012.07.29 01:48:22 | 000,600,064 | ---- | C] () -- C:\Users\user\take.wps [2012.07.15 22:30:51 | 000,053,736 | ---- | C] () -- C:\Users\user\407780_352510738106384_524306434_n.jpg [2012.03.10 15:34:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.03.04 18:09:53 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2012.02.26 19:19:55 | 000,000,565 | ---- | C] () -- C:\Users\user\.foobillardrc [2011.11.13 18:37:01 | 000,007,601 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2011.06.30 13:30:47 | 000,000,867 | ---- | C] () -- C:\Windows\ScnPanel.ini [2011.06.30 13:19:37 | 000,200,704 | ---- | C] () -- C:\Windows\Ausba3.dll [2011.06.30 13:19:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Arsetup.dll [2011.06.30 13:19:37 | 000,018,120 | ---- | C] ( ) -- C:\Windows\System32\drivers\ArtecGT.sys [2011.06.30 13:19:37 | 000,011,464 | ---- | C] () -- C:\Windows\Dusb3ar.ini [2011.06.30 13:19:37 | 000,002,638 | ---- | C] () -- C:\Windows\Ausba3.INI [2011.06.30 13:19:37 | 000,000,282 | ---- | C] () -- C:\Windows\System32\Arsetup.ini [2011.06.30 13:18:08 | 000,001,704 | ---- | C] () -- C:\Windows\ePlus.ini [2010.02.27 00:37:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007.11.27 15:35:38 | 000,005,318 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat [2007.11.23 16:49:34 | 000,038,426 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft Access 97-2003.ADR [2007.11.17 23:12:07 | 000,027,043 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.10 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\17001.005 [2013.04.27 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ackyze [2010.02.26 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avery [2010.05.16 23:38:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service GmbH [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cornelsen [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataDesign [2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\digital publishing [2013.01.28 16:24:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft [2012.08.06 01:36:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0 [2010.06.14 20:44:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ [2012.12.08 22:18:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kock [2010.02.26 23:56:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech [2013.04.28 19:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Luawha [2010.02.26 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX [2010.06.06 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\McLoad [2012.02.26 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\md studio [2010.02.26 23:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia [2013.02.09 15:06:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Noyd [2012.08.06 01:36:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite [2012.02.25 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Peace Craft [2012.02.26 00:08:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PoBros [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RVS [2011.07.18 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smith Micro [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Steganos AntiSpam 2007 [2010.03.09 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer [2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template [2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird [2012.12.08 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UAs [2010.05.08 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft [2013.02.09 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uchauk [2012.08.06 01:37:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue [2013.04.28 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vieqy [2012.12.10 00:00:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xmldm [2010.05.11 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\XRay Engine [2013.02.11 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ymutr ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:03271074 < End of report > |
|
29.04.2013, 21:00
| #8 |
| /// TB-Ausbilder | Laptop CPU Auslastung bie Start schon 100% Ja, so passt es. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
29.04.2013, 21:02
| #9 |
| | Laptop CPU Auslastung bie Start schon 100%Code:
ATTFilter OTL logfile created on: 29.04.2013 17:47:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,63% Memory free 5,62 Gb Paging File | 4,59 Gb Available in Paging File | 81,65% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,01 Gb Total Space | 13,87 Gb Free Space | 12,61% Space Free | Partition Type: NTFS Drive D: | 27,32 Gb Total Space | 4,56 Gb Free Space | 16,69% Space Free | Partition Type: NTFS Drive E: | 686,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JULIA | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe PRC - [2012.11.14 21:23:44 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\user\AppData\Local\Skillbrains\lightshot\3.4.0.20\LightShot.exe PRC - [2012.08.08 20:59:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2006.12.29 12:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe ========== Modules (No Company Name) ========== MOD - [2010.02.27 14:20:46 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2010.02.27 14:20:45 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.02.27 14:20:45 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.02.27 14:20:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.02.27 14:20:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.02.27 14:20:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2010.02.27 14:20:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.02.27 14:20:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.02.27 14:20:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.02.27 14:20:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.02.27 14:20:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.02.27 14:20:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.02.27 14:20:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2010.02.27 14:20:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.02.27 14:20:23 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.02.27 14:20:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.02.27 14:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.02.27 14:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.02.27 14:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.02.27 14:20:23 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2010.02.27 14:20:23 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2010.02.27 14:20:22 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.02.27 14:20:22 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.02.27 14:20:22 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.02.27 14:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.02.27 14:20:21 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.02.27 14:20:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.02.27 14:20:20 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.02.27 14:20:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.02.27 14:20:19 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll MOD - [2010.02.27 14:20:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.02.27 14:20:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.02.27 14:20:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll MOD - [2009.07.14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll MOD - [2009.07.14 06:42:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ========== Services (SafeList) ========== SRV - [2013.04.05 12:58:54 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2012.12.06 17:12:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.08.27 10:48:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVEX15.SYS -- (NAVEX15) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVENG.SYS -- (NAVENG) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.03 15:54:37 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\cchpx86.sys -- (ccHP) DRV - [2009.10.29 00:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys -- (IDSVix86) DRV - [2009.10.23 17:03:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.09.11 13:34:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\SymEFA.sys -- (SymEFA) DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1008000.029\srtsp.sys -- (SRTSP) DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86) DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symtdi.sys -- (SYMTDI) DRV - [2009.08.22 09:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symfw.sys -- (SYMFW) DRV - [2009.08.22 09:21:19 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symndisv.sys -- (SYMNDISV) DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\srtspx.sys -- (SRTSPX) DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.27 12:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.05.27 12:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.05.27 12:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.05.27 12:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007.03.09 07:29:00 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr) DRV - [2001.06.07 17:56:38 | 000,018,120 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ArtecGT.sys -- (SampleScanner) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} IE - HKCU\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIC IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=VZ2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q=" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B33044118-6597-4D2F-ABEA-7974BB185379%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - prefs.js..network.proxy.type: 4 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.yodl.de/?&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.26 23:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.07.27 12:29:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.03.22 15:28:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.28 16:24:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 17:12:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\user\AppData\Roaming\17001.005 [2012.12.10 23:59:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 17:12:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2010.02.26 23:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2012.12.03 22:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions [2010.05.02 05:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.29 17:00:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.11.21 23:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012.10.14 19:20:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\moveplayer@movenetworks.com [2012.12.03 22:52:29 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.11.27 01:14:43 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.27 01:15:12 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.27 10:19:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2009.01.23 14:10:22 | 000,000,681 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\ask.xml [2007.11.23 13:11:15 | 000,000,953 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\businesscom.xml [2009.10.23 17:11:57 | 000,002,395 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\daemon-search.xml [2012.12.01 00:00:23 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin-1.xml [2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.gif [2010.05.14 02:52:20 | 000,000,955 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.xml [2009.11.27 00:15:18 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\sweetim.xml [2012.12.06 17:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.12.06 17:12:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.12.06 17:12:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.12.06 17:12:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.06 17:12:04 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [2012.12.10 23:59:35 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\USER\APPDATA\ROAMING\17001.005 [2012.12.06 17:12:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 18:31:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation) O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [LightShot] C:\Users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe () O4 - HKCU..\Run: [Ybgiyw] C:\Users\user\AppData\Roaming\Luawha\anze.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Suche - res://D:\Software\eBayTb.dll/RCSearch.html File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9783C717-B01F-4A76-9322-21990B52AC05}: DhcpNameServer = 192.168.179.20 O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.08.28 17:02:02 | 000,595,456 | R--- | M] (MAX DESIGN) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,766 | R--- | M] () - E:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{5fccb030-231a-11df-8fd0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5fccb030-231a-11df-8fd0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2000.08.28 17:02:02 | 000,595,456 | R--- | M] (MAX DESIGN) O33 - MountPoints2\{c673243e-2326-11df-ac2d-00030d696d29}\Shell - "" = AutoRun O33 - MountPoints2\{c673243e-2326-11df-ac2d-00030d696d29}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{e0a12629-489b-11df-8ecb-ffbd129f3a6b}\Shell - "" = AutoRun O33 - MountPoints2\{e0a12629-489b-11df-8ecb-ffbd129f3a6b}\Shell\AutoRun\command - "" = H:\autorun.exe -auto O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.29 17:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013.04.28 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Vieqy [2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Luawha [2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ackyze [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013.04.29 17:44:19 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable [2013.04.29 17:21:27 | 000,704,038 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.29 17:21:27 | 000,665,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.29 17:21:27 | 000,149,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.29 17:21:27 | 000,126,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.29 16:38:24 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job [2013.04.29 14:16:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1062125089-281619726-1483776901-1000.job [2013.04.28 23:36:49 | 000,007,601 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2013.04.28 19:29:36 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013.04.28 19:28:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.28 19:28:44 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys [2013.04.28 12:58:44 | 000,002,228 | ---- | M] () -- C:\Users\user\Documents\cc_20130428_125837.reg [2013.04.27 00:48:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.27 00:48:45 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 15:00:01 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job [2013.04.08 18:43:56 | 000,005,318 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat [2013.04.08 18:37:29 | 000,000,541 | ---- | M] () -- C:\Users\user\AppData\Local\UserProducts.xml [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.29 17:43:32 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable [2013.04.28 12:58:41 | 000,002,228 | ---- | C] () -- C:\Users\user\Documents\cc_20130428_125837.reg [2013.01.20 15:42:28 | 000,000,541 | ---- | C] () -- C:\Users\user\AppData\Local\UserProducts.xml [2012.12.08 22:18:34 | 000,000,016 | ---- | C] () -- C:\Users\user\AppData\Roaming\blckdom.res [2012.10.26 00:37:04 | 000,009,728 | ---- | C] () -- C:\Users\user\model.wps [2012.10.25 18:53:08 | 083,023,306 | ---- | C] () -- C:\ProgramData\netdislw.pad [2012.10.23 00:10:22 | 000,128,429 | ---- | C] () -- C:\Users\user\pinsel-atmosphere(19).jpg [2012.10.23 00:06:45 | 004,388,731 | ---- | C] () -- C:\Users\user\clockwork_thoughts__unpainted__by_ariscene.jpg [2012.10.22 23:44:58 | 000,106,347 | ---- | C] () -- C:\Users\user\a80395c-large.png [2012.09.27 23:26:50 | 000,896,773 | ---- | C] () -- C:\Users\user\mmmm.jpg [2012.09.27 23:16:12 | 000,896,991 | ---- | C] () -- C:\Users\user\Unbenannt-3 Kopie.jpg [2012.09.27 23:15:49 | 006,926,780 | ---- | C] () -- C:\Users\user\Unbenannt-3.psd [2012.09.18 15:45:33 | 000,093,949 | ---- | C] () -- C:\Users\user\Unbenannt-1.gif [2012.09.18 01:37:21 | 001,164,828 | ---- | C] () -- C:\Users\user\Unbenannt-1.psd [2012.09.13 20:13:22 | 000,544,232 | ---- | C] () -- C:\Users\user\war2g.gif [2012.09.13 20:01:39 | 009,963,316 | ---- | C] () -- C:\Users\user\Unbenannt-2.psd [2012.09.13 19:50:59 | 000,521,549 | ---- | C] () -- C:\Users\user\War2.gif [2012.07.30 03:23:42 | 000,051,200 | ---- | C] () -- C:\Users\user\take2.wps [2012.07.29 01:48:22 | 000,600,064 | ---- | C] () -- C:\Users\user\take.wps [2012.07.15 22:30:51 | 000,053,736 | ---- | C] () -- C:\Users\user\407780_352510738106384_524306434_n.jpg [2012.03.10 15:34:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.03.04 18:09:53 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2012.02.26 19:19:55 | 000,000,565 | ---- | C] () -- C:\Users\user\.foobillardrc [2011.11.13 18:37:01 | 000,007,601 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2011.06.30 13:30:47 | 000,000,867 | ---- | C] () -- C:\Windows\ScnPanel.ini [2011.06.30 13:19:37 | 000,200,704 | ---- | C] () -- C:\Windows\Ausba3.dll [2011.06.30 13:19:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Arsetup.dll [2011.06.30 13:19:37 | 000,018,120 | ---- | C] ( ) -- C:\Windows\System32\drivers\ArtecGT.sys [2011.06.30 13:19:37 | 000,011,464 | ---- | C] () -- C:\Windows\Dusb3ar.ini [2011.06.30 13:19:37 | 000,002,638 | ---- | C] () -- C:\Windows\Ausba3.INI [2011.06.30 13:19:37 | 000,000,282 | ---- | C] () -- C:\Windows\System32\Arsetup.ini [2011.06.30 13:18:08 | 000,001,704 | ---- | C] () -- C:\Windows\ePlus.ini [2010.02.27 00:37:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007.11.27 15:35:38 | 000,005,318 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat [2007.11.23 16:49:34 | 000,038,426 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft Access 97-2003.ADR [2007.11.17 23:12:07 | 000,027,043 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.10 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\17001.005 [2013.04.27 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ackyze [2010.02.26 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avery [2010.05.16 23:38:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service GmbH [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cornelsen [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataDesign [2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\digital publishing [2013.01.28 16:24:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft [2012.08.06 01:36:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0 [2010.06.14 20:44:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ [2012.12.08 22:18:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kock [2010.02.26 23:56:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech [2013.04.28 19:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Luawha [2010.02.26 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX [2010.06.06 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\McLoad [2012.02.26 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\md studio [2010.02.26 23:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia [2013.02.09 15:06:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Noyd [2012.08.06 01:36:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite [2012.02.25 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Peace Craft [2012.02.26 00:08:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PoBros [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RVS [2011.07.18 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smith Micro [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Steganos AntiSpam 2007 [2010.03.09 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer [2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template [2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird [2012.12.08 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UAs [2010.05.08 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft [2013.02.09 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uchauk [2012.08.06 01:37:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue [2013.04.28 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vieqy [2012.12.10 00:00:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xmldm [2010.05.11 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\XRay Engine [2013.02.11 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ymutr ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:03271074 < End of report > |
|
29.04.2013, 21:04
| #10 |
| /// TB-Ausbilder | Laptop CPU Auslastung bie Start schon 100% Das Log ist bereits angekommen..  Die nächsten Schritte stehen in meinem vorherigen Post.
__________________ cheers, Leo |
|
29.04.2013, 21:08
| #11 |
| | Laptop CPU Auslastung bie Start schon 100% ja entschuldigung xD krieg den net gelöscht und ist 2 mal gepostet worden wie man sieht^^ mache das so schnell wie möglich aber wenn ich jetzt anfange sitz ich bei der geschwindigkeit heute nacht um 5 noch hier also morgen leider erst.. |
|
29.04.2013, 21:11
| #12 |
| /// TB-Ausbilder | Laptop CPU Auslastung bie Start schon 100% Du brauchst nichts zu löschen, das ist schon ok. Poste dann einfach alle 3 Logs zusammen, wenn du fertig bist.
__________________ cheers, Leo |
|
30.04.2013, 10:16
| #13 |
| | Laptop CPU Auslastung bie Start schon 100% Sooo... 1ter log: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 30/04/2013 um 10:19:34 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate (32 bits)
# Benutzer : user - JULIA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\user\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Ordner Gelöscht : C:\Program Files\AskTBar
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (de)
-\\ Google Chrome v [Version kann nicht ermittelt werden]
*************************
AdwCleaner[S1].txt - [6162 octets] - [30/04/2013 10:19:34]
########## EOF - C:\AdwCleaner[S1].txt - [6222 octets] ##########
nun der combofix bei dem das was am ende von der anleitung steht kam: Code:
ATTFilter ComboFix 13-04-29.01 - user 30.04.2013 10:33:01.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1918.1178 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security Online *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security Online *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Norton Internet Security Online *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\sponsoring\ebay.ico
c:\program files\xp-AntiSpy\sponsoring\ebay_desktop.ico
c:\program files\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\program files\xp-AntiSpy\sponsoring\sponsor.html
c:\program files\xp-AntiSpy\sponsoring\sponsor.url
c:\programdata\netdislw.pad
c:\users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
c:\users\user\AppData\Roaming\17001.005
c:\users\user\AppData\Roaming\17001.005\chrome.manifest
c:\users\user\AppData\Roaming\17001.005\components\AcroFF.txt
c:\users\user\AppData\Roaming\17001.005\install.rdf
c:\users\user\AppData\Roaming\5itwbywq.default.tmp
c:\users\user\AppData\Roaming\AcroIEHelpe.txt
c:\users\user\AppData\Roaming\srvblck5.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\CddbCdda.dll
c:\windows\system32\Dump
c:\windows\system32\Dump\MiniDump.dmp
c:\windows\system32\tmp90AA.tmp
c:\windows\system32\tmp933B.tmp
c:\windows\system32\tmp9981.tmp
c:\windows\UA000096.DLL
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-28 bis 2013-04-30 ))))))))))))))))))))))))))))))
.
.
2013-04-30 08:42 . 2013-04-30 08:45 -------- d-----w- c:\users\user\AppData\Local\temp
2013-04-28 17:40 . 2013-04-28 17:40 -------- d-----w- c:\program files\ESET
2013-04-27 09:20 . 2013-04-28 17:32 -------- d-----w- c:\users\user\AppData\Roaming\Luawha
2013-04-27 09:20 . 2013-04-28 17:26 -------- d-----w- c:\users\user\AppData\Roaming\Vieqy
2013-04-27 09:20 . 2013-04-27 09:20 -------- d-----w- c:\users\user\AppData\Roaming\Ackyze
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-21 10:58 . 2012-07-14 22:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-21 10:58 . 2012-07-14 22:21 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2009-04-15 20:24 . 2012-12-06 15:12 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2012-12-06 15:12 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-12-06 15:12 . 2012-12-06 15:11 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"LightShot"="c:\users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2012-11-15 226152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
R2 SampleScanner;USB-Flachbettscanner;c:\windows\system32\DRIVERS\ArtecGT.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [x]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100312.001\IDSvix86.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MSSQL$SASMB_VRA;SQL Server (SASMB_VRA);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [x]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - EraserUtilRebootDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-30 c:\windows\Tasks\update-S-1-5-21-1062125089-281619726-1483776901-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-01-20 22:26]
.
2013-04-30 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-01-20 22:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Suche - d:\software\eBayTb.dll/RCSearch.html
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}\46C696E6B6: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\5itwbywq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.de/search?q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2010-02-26 22:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-07-27 12:29; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2011-07-27 12:29; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2013-01-28 15:24; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
HKCU-Run-Ybgiyw - c:\users\user\AppData\Roaming\Luawha\anze.exe
AddRemove-KnightsAndMerchants - c:\windows\unin0407.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-Sheep - c:\windows\IsUn0407.exe
AddRemove-Soul Reaver 2 - f:\5.spiele\Eidos Interactive\Eidos Interactive\Soul Reaver 2\uninstsr2.exe
AddRemove-WinSetupFromUSB - c:\users\user\Desktop\Programme\Windows Vista Home Premium 32bit\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{D27B16FA-0B28-4DD6-8AD7-2BD3FBECCCF7}"=""
"{A0898FE3-CABF-4EEA-8828-A096D8F616BE}"=""
"{4986B97E-2288-45BD-ACAF-C44F27CDA8B2}"=""
"{015C2244-B8D7-4867-85BD-3D89FF358EC6}"=""
"{59C5456B-7541-43E6-8108-C7A11F6C3F06}"=""
"{9945B4BB-CEAD-4B93-92CC-5FF4BA2340AC}"=""
"{2870824E-8163-4F77-B013-408A18333734}"=""
"{77365E99-2306-44F3-9770-78BF4E4EAC32}"=""
"{4C4845E6-5B89-4988-828D-3F62AE52D0B2}"=""
"{7441D956-F53F-40C4-9CC0-FF175A1BC728}"=""
"{59D49A23-1EB3-4F21-BB10-5A98081A1440}"=""
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Autorun]
@DACL=(02 0000)
"Autorun"=dword:00000000
"Blank"=dword:00000000
"Number of tests"=dword:00000000
"Repeat"=dword:00000000
"Repeat Delay"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Capture]
@DACL=(02 0000)
"Capture File Dialog"=dword:00000001
"Clipboard"=dword:00000001
"File"=dword:00000001
"Filename"="%M %V %D %T"
"Folder"="c:\\Users\\user\\Documents"
"Format"="png"
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\CD Quality]
@DACL=(02 0000)
"Background Color"=dword:00000000
"Background Color 2"=dword:00404040
"Background Gradient"=dword:00000001
"BG Error Limits"=dword:00000000
"C1 Color"=dword:00ffff00
"C2 Color"=dword:0000ffff
"Color Scheme"=dword:00000001
"Detect Speed"=dword:00000001
"Graph Limit 1"=dword:ffffffff
"Graph Limit 2"=dword:ffffffff
"Graph Mask"=dword:000000ff
"Horizontal Grid"=dword:00000001
"Jitter Color"=dword:00ff00ff
"LiteOn Settings"=dword:000508ee
"Measure Points"=dword:00000014
"Nec Settings"=dword:000508ff
"Panasonic Settings"=dword:000508ee
"Philips Settings"=dword:000508ff
"Pioneer Settings"=dword:000508ff
"Primary Grid Color"=dword:00ff0000
"QuickScan"=dword:00000000
"Sample Length"=dword:00000005
"Secondary Grid Color"=dword:00800000
"Show C1"=dword:00000000
"Show Error Limits"=dword:00000001
"Show Label"=dword:00000001
"Show Speed"=dword:00000001
"Show Statistics"=dword:00000001
"Speed CD"=dword:0000ffff
"Speed Color"=dword:0000d000
"Speed DVD"=dword:00000008
"Speed Limit"=dword:00000032
"Speed Limit DVD"=dword:00000010
"Vertical Grid"=dword:00000001
"Write Speed Color"=dword:00d000d0
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Disc Info]
@DACL=(02 0000)
"Basic"=dword:00000001
"Extended"=dword:00000001
"Raw Data"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\General]
@DACL=(02 0000)
"Read Speed"=dword:00000000
"Selected Read Speed"=dword:00000001
"Selected Tests"=dword:0000007f
"Selected Write Speed"=dword:00000001
"Spinup Time"=dword:0000000a
"Write Speed"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Save]
@DACL=(02 0000)
"Autosave"=dword:00000000
"File Dialog"=dword:00000001
"Filename"="%M %V"
"Folder"="c:\\Users\\user\\Documents"
"Save Type"=dword:00000000
"Status"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\ScanDisc]
@DACL=(02 0000)
"Speed CD"=dword:0000ffff
"Speed DVD"=dword:00000008
"Test"=dword:00000080
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Seek Times]
@DACL=(02 0000)
"Seek Count"=dword:00000064
"Seek Type"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\ahead\Nero Toolkit\CD Speed\Transfer Rate]
@DACL=(02 0000)
"Accuracy"=dword:00000001
"Background Color"=dword:00000000
"Background Color 2"=dword:00404040
"Background Gradient"=dword:00000001
"Buffer Color"=dword:00c080c0
"Buffer Underrun Protection"=dword:00000001
"Color Scheme"=dword:00000001
"CPU Color"=dword:0080c0c0
"Direct overwrite"=dword:00000000
"Display Type"=dword:00000000
"Horizontal Grid"=dword:00000001
"Include Test Results"=dword:00000001
"Maximum Speed CD"=dword:00000032
"Maximum Speed DVD"=dword:00000010
"Overburn"=dword:00000000
"Overburn Capacity"=dword:0006dd39
"Overburn Capacity DVD"=dword:0023f000
"Overburn DVD"=dword:00000000
"Primary Grid Color"=dword:00ff0000
"Read Resolution"=dword:00000001
"RPM Color"=dword:0000ffff
"Secondary Grid Color"=dword:00800000
"Show Buffer Graph"=dword:00000001
"Show CPU Graph"=dword:00000001
"Show Minimum/Maximum"=dword:00000000
"Show RPM"=dword:00000001
"Speed Color"=dword:0000ff00
"Streaming"=dword:00000000
"Vertical Grid"=dword:00000001
"Write Data"=dword:00000001
"Write Mode"=dword:00000000
"Write Resolution"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\innoPlus\Common_Settings]
@Class="Software\innoPlus\Common_Settings\OpenGL\WindowRenderer"
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Office\10.0\Word\Text Converters\Export]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Office\10.0\Word\Text Converters\Import]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Office\9.0\Common\Internet]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\All Ports]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1062125089-281619726-1483776901-1000_Classes\VirtualStore\MACHINE\SOFTWARE\PoINT\PoINT Audio Video SDK]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_2388"="{1F0CE0AE-F764-4959-8968-044F7C54E00E}"
"ccSvcHst_UserSession_3620"="{A7805EB9-CDA7-4E99-8E74-8416CDD2EC06}"
"ccSvcHst_UserSession_2284"="{68EC761F-BE96-4364-BCE3-C6EB316E1065}"
"uiPerf_Service_Channel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"IPS_COMMAND_CHANNEL"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"ccGenericEvent_Global_EM"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"ccGenericEvent_Global_LM"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"SNDServiceRequestChannel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"SNDLocationChannel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"ccGenericLog_Manager"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"ccSettingsService"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"_AvProdSvcComm_"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"g_coVistaProxyChannel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"FWAlert"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"_isDataPrComm_"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"SymRedirSvcRequestChannel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"NortonNetServiceIPC"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"NetMapServiceIPC"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"BashIPCChannel"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"_StatisticsCommand_"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"_TrustSvcComm_"="{72886B6D-30BA-48FF-886D-1B244ACD3312}"
"ccSvcHst_Norton Internet Security"="{60E4C320-471F-4803-A37D-A7892580168C}"
.
[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{1F0CE0AE-F764-4959-8968-044F7C54E00E}"=""
"{C1D52D3A-CFD9-4558-94D1-08CC4FCEFE9D}"=""
"{AC4C64CB-4C60-4DC2-A0AC-86A54FC8F2B7}"=""
"{E8E1F558-D03E-494E-A01E-7B40E94813CB}"=""
"{DA801703-010D-419E-A4D8-25F200FC1F37}"=""
"{913FE402-D908-48FF-BC1B-B1B7AE1AEEF3}"=""
"{89751F78-A1FB-41F4-9A60-8D07A95B7754}"=""
"{1F779EEE-C2C3-4E6D-8B11-B4F32FA767CB}"=""
"{657B2298-C586-4694-B7AA-7D50D986AA91}"=""
"{42433969-2009-448C-9CF6-607EF0651FC9}"=""
"{F4F5A7DD-3F2D-41CA-8745-1F87E15C25D6}"=""
"{A8ED0241-5B55-417F-8C3D-CDBE05418765}"=""
"{D426B47A-6122-49C7-BB55-4796946289C7}"=""
"{66686767-AA07-4D05-892D-F29BEC9A559D}"=""
"{C9044D0E-181D-4763-8940-2B5CC9E582BF}"=""
"{DA4CE3DE-76BC-489B-8731-E575BC9F474B}"=""
"{F9B2209C-5AF2-4F1A-A290-15CF544E18DD}"=""
"{D0E6C109-659A-47AD-92F6-23485E7D9817}"=""
"{53EE0666-1698-4F9A-B781-8BAC81FA4D4F}"=""
"{3A48C9AB-50B4-4A13-B310-9BC72D87B97C}"=""
"{C416953C-71FD-4D56-906D-021F7FB6D406}"=""
"{D90E9A83-A96E-4310-AC19-0075E8CA571D}"=""
"{14D136CE-C257-40E4-B9A9-3BAB4D104FE6}"=""
"{351DAD19-EF81-4A0B-8790-F06F9DFB9755}"=""
"{8BA14526-7E53-44EA-ADE8-D524FD534F6D}"=""
"{4AF73539-A973-42DB-B857-BB122979EC12}"=""
"{A10B2ABE-8DCE-4FDD-BB94-ED6F9776E9C6}"=""
"{55019419-419E-4E21-8391-6A7FE519E62D}"=""
"{2D55631B-0E7A-421C-9CDE-5CAC341FD39B}"=""
"{A7805EB9-CDA7-4E99-8E74-8416CDD2EC06}"=""
"{80F14507-A838-452A-9331-5989102B2D0F}"=""
"{266F7C67-6D75-4938-9DE4-4EDFE710F989}"=""
"{96B6CA39-2335-4700-928A-4AE253F7A755}"=""
"{68EC761F-BE96-4364-BCE3-C6EB316E1065}"=""
"{90F8D445-EC13-4932-877A-1828D380058B}"=""
"{623885FB-17BB-45B1-8D04-EF1B06924FCE}"=""
"{9A494DB0-06B4-4A4D-853A-6592F2A4A882}"=""
"{94CFF360-587A-4800-B13C-E01A031FE46E}"=""
"{2E03027B-AAD2-4B44-AA5E-E7849ACFDE2C}"=""
"{636DD75E-F7B5-485F-8D79-2B0A747A5B67}"=""
"{CF9DFE65-802E-4AAC-918F-19A2F60C6AEC}"=""
"{D613C334-6237-4356-88D2-9C8924183E72}"=""
"{F682569A-9703-4F48-A247-1DEA5687CF86}"=""
"{B80F2012-6D67-46BB-A5B1-8C6F916B8314}"=""
"{72886B6D-30BA-48FF-886D-1B244ACD3312}"=""
"{47FE2291-3ACF-403C-ACDE-A8778EE285D8}"=""
"{04283894-4D3C-4D77-BD61-86AC969985D1}"=""
"{4091B751-0719-4EC9-B6D9-DE3DEAAB1476}"=""
"{D19A0171-A3EC-40CB-AF33-DF79BA390810}"=""
"{FEB707D2-BE49-4520-A6FD-5592B8D933CB}"=""
"{50F9A4E0-BA20-4AFD-B407-C4C1AE157FF8}"=""
"{3A4362F8-7B1B-4DE8-8290-5A3BE3838164}"=""
"{968E9C52-CEF7-4A65-92FD-25D14722E612}"=""
"{CC941D1C-8FAB-408A-A5A9-23EFF313CECA}"=""
"{1CABB327-C8F2-45FB-87E9-F3AA6A8CBFAE}"=""
"{E2C50488-C40F-4F9B-B465-A6114850259D}"=""
"{A24113C9-77F7-4AE6-B55B-02B515980F57}"=""
"{62BC2EB3-84A5-4D99-8088-415621C85561}"=""
"{D474DAF1-E6C7-4771-9AB9-8EF168187FB9}"=""
"{094C6733-5C85-4BC6-8CC1-347D475CE480}"=""
"{ADFEC3BA-0DF2-446E-86BE-FF43130AD9D9}"=""
"{7C4CC7D4-FEFA-4060-8147-E22AA79CCEB3}"=""
"{6A11904D-A5B5-4EDE-BAF9-F623993C2150}"=""
"{8543E7FE-7579-46A3-9BCC-0336D96B085B}"=""
"{967F7C41-EEC4-4771-AC77-6FBB11DF122B}"=""
"{7368869A-49F0-4616-B659-C508EEC3CDB5}"=""
"{8BD2EF18-CEAE-48BE-A770-EFA8F0AC0ED7}"=""
"{BD573747-E09A-4A89-AB6B-404F15D5964E}"=""
"{D034691F-4AFA-4A74-AA72-CB1CFFA9B73D}"=""
"{953608D6-6F7B-409B-AE3B-2DFF7A4DB4F7}"=""
"{47271C16-E6A5-4A93-B686-54BAE876D48A}"=""
"{0EA24DD0-E264-462C-B198-781150AB7B56}"=""
"{D08220DB-C0CB-445E-AA9F-05B51C5F0B16}"=""
"{E53F5CAB-8757-41D2-81DD-FA5DE80C3DF7}"=""
"{FDB9EF16-F64F-4011-B258-3C44870B1E6D}"=""
"{02E4FC07-E251-4718-BB40-606E91E5BF4E}"=""
"{5C53F184-AEF3-419C-AD09-0DEE4BEA4C21}"=""
"{D5549D98-8D24-4517-91E3-C7C0B3C84256}"=""
"{B6F7C4EC-9E8A-4132-AA61-4607C7E13529}"=""
"{F88CDBAA-8126-48C3-95EF-F8372C6F893A}"=""
"{DE712079-89BB-4734-8264-65E684B5F4A0}"=""
"{A46B43BB-FC5C-4B27-AB8D-1A1AD69E0C0C}"=""
"{4C5A6E96-05AD-4D22-BBC9-935349E69217}"=""
"{85803C08-2069-401C-8621-C9B937BCF686}"=""
"{06CB8CD0-3FBB-4F95-B72F-A6F7B5D58928}"=""
"{28328550-FC5C-4C88-BDA3-F090A951ED6B}"=""
"{BFC6B1CD-0CF6-40E7-A7A7-5F9FD307F916}"=""
"{EB4285B9-77DB-41C7-982D-2F848F6B648F}"=""
"{6D6EB262-DC20-47CE-9018-E8090104F957}"=""
"{BFABE6C6-A4B5-4F08-BF98-9FD9B7693F50}"=""
"{F966D7CB-ED8A-4BDB-ABBB-989D0C49AD0C}"=""
"{0285EBC1-1DEB-4672-8243-6FAA58D3FAEC}"=""
"{A293FF71-F1A1-4F9F-9D85-B570F4C3576F}"=""
"{F18A8D38-2718-4F81-B2A1-F67191C321B7}"=""
"{E93B5192-E903-48BA-8A8F-43454E0D6C17}"=""
"{16854716-F142-4651-9494-C83F636592FF}"=""
"{AB4BA74E-8052-4083-8061-A4938ACAF44B}"=""
"{6420BA8F-0FE1-4FF0-A0C2-EAFB654472B8}"=""
"{79EAD956-3D14-4A2D-A204-6A842BAD39D0}"=""
"{439FD9C8-1E85-4487-8698-A8EE9A5DA07C}"=""
"{396DDC6A-DFF8-4AC5-AB8D-82474E4C0C07}"=""
"{85E79F97-7E4A-42F2-898E-8F3892429989}"=""
"{BD06EB33-82EF-49D0-A82C-06E4A840398D}"=""
"{49BCF200-AF32-405F-ACEC-64F8675755FB}"=""
"{8A5D458C-18C5-4094-A7FB-E234FDE1756A}"=""
"{68CC6DFE-D323-44F5-A2F6-726E9BEA002A}"=""
"{45AFEBC6-A86A-49B4-A3E0-52AD9744E563}"=""
"{C88E4C7A-B416-4814-82A8-E5A40E9619D4}"=""
"{6DDCFB1D-F110-473F-B224-0EEC92706686}"=""
"{6D55887B-9A30-4516-8D55-14B6C6909512}"=""
"{4FAE1BF6-74DF-40C3-AEB0-019490F94DC6}"=""
"{CAD3A86F-4D70-458D-9948-5533B809FA4C}"=""
"{880BA745-344D-4A6C-A5E8-E5CE44565D78}"=""
"{D533C765-F49C-4BD9-8EAF-B90EF58D1F38}"=""
"{CFBBEE2E-7C37-4E90-AE0F-0C5342D4D749}"=""
"{E54B9E43-8922-44E4-9487-B20500B418B8}"=""
"{28D4ADC1-6E37-4506-9C99-BFFF56C4F7F0}"=""
"{4EB54D43-6678-4117-9E8B-C872FB2475AA}"=""
"{CE73825C-375B-417A-91BC-DA1E0323910E}"=""
"{A25A5AC7-FAC7-4416-8FD7-7D2828CFCFCB}"=""
"{D2E63AF8-C675-43F7-B2D3-232D6262CD75}"=""
"{6828C31B-C8E7-48A4-9192-79C5F553280E}"=""
"{7FE5D98C-43FE-46FB-98D7-CC624753A6B8}"=""
"{5A31BD9C-8CDD-4733-90B7-0E7777524105}"=""
"{60E4C320-471F-4803-A37D-A7892580168C}"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1844)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\System32\ieframe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RtHDVCpl.exe
c:\users\user\AppData\Local\Skillbrains\lightshot\3.4.0.50\LightShot.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-30 10:52:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-30 08:52
.
Vor Suchlauf: 18 Verzeichnis(se), 17.552.003.072 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 17.479.282.688 Bytes frei
.
- - End Of File - - DDC5C624C1344165E874331379F9BF56
Code:
ATTFilter OTL logfile created on: 30.04.2013 10:59:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 63,45% Memory free 5,62 Gb Paging File | 4,75 Gb Available in Paging File | 84,60% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,01 Gb Total Space | 16,36 Gb Free Space | 14,87% Space Free | Partition Type: NTFS Drive D: | 27,32 Gb Total Space | 4,56 Gb Free Space | 16,69% Space Free | Partition Type: NTFS Drive E: | 686,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JULIA | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe PRC - [2012.11.14 21:23:44 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\user\AppData\Local\Skillbrains\lightshot\3.4.0.50\LightShot.exe PRC - [2012.08.08 20:59:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2006.12.29 12:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe ========== Modules (No Company Name) ========== MOD - [2010.02.27 14:20:46 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2010.02.27 14:20:45 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.02.27 14:20:45 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.02.27 14:20:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.02.27 14:20:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.02.27 14:20:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.02.27 14:20:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.02.27 14:20:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.02.27 14:20:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2010.02.27 14:20:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.02.27 14:20:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.02.27 14:20:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.02.27 14:20:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.02.27 14:20:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.02.27 14:20:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.02.27 14:20:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.02.27 14:20:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.02.27 14:20:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2010.02.27 14:20:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.02.27 14:20:23 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.02.27 14:20:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.02.27 14:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.02.27 14:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.02.27 14:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.02.27 14:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.02.27 14:20:23 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2010.02.27 14:20:23 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2010.02.27 14:20:22 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.02.27 14:20:22 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.02.27 14:20:22 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.02.27 14:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.02.27 14:20:21 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.02.27 14:20:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.02.27 14:20:20 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.02.27 14:20:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.02.27 14:20:19 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll MOD - [2010.02.27 14:20:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.02.27 14:20:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.02.27 14:20:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll MOD - [2009.07.14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll MOD - [2009.07.14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll MOD - [2009.07.14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll MOD - [2009.07.14 06:42:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll MOD - [2009.07.14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll MOD - [2009.07.14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll MOD - [2009.07.14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ========== Services (SafeList) ========== SRV - [2013.04.05 12:58:54 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2012.12.06 17:12:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.08.22 09:21:19 | 000,117,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.08.27 10:48:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVEX15.SYS -- (NAVEX15) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100317.051\NAVENG.SYS -- (NAVENG) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.03 15:54:37 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\cchpx86.sys -- (ccHP) DRV - [2009.10.29 00:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys -- (IDSVix86) DRV - [2009.10.23 17:03:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.09.11 13:34:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\SymEFA.sys -- (SymEFA) DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1008000.029\srtsp.sys -- (SRTSP) DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86) DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symtdi.sys -- (SYMTDI) DRV - [2009.08.22 09:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symfw.sys -- (SYMFW) DRV - [2009.08.22 09:21:19 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\symndisv.sys -- (SYMNDISV) DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008000.029\srtspx.sys -- (SRTSPX) DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.27 12:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.05.27 12:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.05.27 12:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.05.27 12:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007.03.09 07:29:00 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007.02.02 16:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) DRV - [2004.04.10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr) DRV - [2001.06.07 17:56:38 | 000,018,120 | ---- | M] ( ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ArtecGT.sys -- (SampleScanner) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes,DefaultScope = {03_TL-GOOGLE-DE-E1416B8B2E3A} IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812 IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q=" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B33044118-6597-4D2F-ABEA-7974BB185379%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - prefs.js..network.proxy.type: 4 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.yodl.de/?&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.26 23:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.07.27 12:29:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.03.22 15:28:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.30 10:19:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\user\AppData\Roaming\17001.005 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.30 10:19:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.26 00:17:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2010.02.26 23:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2012.12.03 22:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions [2010.05.02 05:47:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.29 17:00:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.11.21 23:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012.10.14 19:20:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.07.27 12:29:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5itwbywq.default\extensions\moveplayer@movenetworks.com [2012.12.03 22:52:29 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.11.27 01:14:43 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.27 01:15:12 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.27 10:19:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2009.01.23 14:10:22 | 000,000,681 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\ask.xml [2007.11.23 13:11:15 | 000,000,953 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\businesscom.xml [2009.10.23 17:11:57 | 000,002,395 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\daemon-search.xml [2012.12.01 00:00:23 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin-1.xml [2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.gif [2010.05.14 02:52:20 | 000,000,955 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.xml [2009.11.27 00:15:18 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\sweetim.xml [2012.12.06 17:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.12.06 17:12:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.12.06 17:12:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.12.06 17:12:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.06 17:12:04 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\17001.005 [2012.12.06 17:12:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 18:31:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2013.04.30 10:42:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000..\Run: [LightShot] C:\Users\user\AppData\Local\Skillbrains\lightshot\LightShot.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Suche - res://D:\Software\eBayTb.dll/RCSearch.html File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E280577-2D7B-4ACF-B908-5027CF5B9124}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9783C717-B01F-4A76-9322-21990B52AC05}: DhcpNameServer = 192.168.179.20 O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.08.28 17:02:02 | 000,595,456 | R--- | M] (MAX DESIGN) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,766 | R--- | M] () - E:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2000.08.28 17:02:02 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.30 10:52:15 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.30 10:45:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.04.30 10:42:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp [2013.04.30 10:29:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.30 10:29:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.30 10:29:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.30 10:28:55 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.04.30 10:28:49 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.30 10:28:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.30 10:27:22 | 005,061,928 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013.04.29 17:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013.04.28 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Vieqy [2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Luawha [2013.04.27 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ackyze [3 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.30 11:04:05 | 000,704,038 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.30 11:04:05 | 000,665,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.30 11:04:05 | 000,149,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.30 11:04:05 | 000,126,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.30 10:56:59 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013.04.30 10:56:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.30 10:56:05 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys [2013.04.30 10:42:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.30 10:32:05 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1062125089-281619726-1483776901-1000.job [2013.04.30 10:28:22 | 005,061,928 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013.04.30 10:18:44 | 000,628,743 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe [2013.04.30 09:12:08 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job [2013.04.29 18:25:08 | 000,377,856 | ---- | M] () -- C:\Users\user\Desktop\gmer_2.1.19163.exe [2013.04.29 18:17:02 | 000,000,498 | ---- | M] () -- C:\Users\user\AppData\Local\UserProducts.xml [2013.04.29 17:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013.04.29 17:44:19 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable [2013.04.28 23:36:49 | 000,007,601 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2013.04.28 12:58:44 | 000,002,228 | ---- | M] () -- C:\Users\user\Documents\cc_20130428_125837.reg [2013.04.27 00:48:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.27 00:48:45 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.08 18:43:56 | 000,005,318 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat [3 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.30 10:29:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.30 10:29:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.30 10:29:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.30 10:29:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.30 10:29:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.30 10:18:41 | 000,628,743 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe [2013.04.29 18:25:06 | 000,377,856 | ---- | C] () -- C:\Users\user\Desktop\gmer_2.1.19163.exe [2013.04.29 17:43:32 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable [2013.04.28 12:58:41 | 000,002,228 | ---- | C] () -- C:\Users\user\Documents\cc_20130428_125837.reg [2013.01.20 15:42:28 | 000,000,498 | ---- | C] () -- C:\Users\user\AppData\Local\UserProducts.xml [2012.12.08 22:18:34 | 000,000,016 | ---- | C] () -- C:\Users\user\AppData\Roaming\blckdom.res [2012.10.26 00:37:04 | 000,009,728 | ---- | C] () -- C:\Users\user\model.wps [2012.10.23 00:10:22 | 000,128,429 | ---- | C] () -- C:\Users\user\pinsel-atmosphere(19).jpg [2012.10.23 00:06:45 | 004,388,731 | ---- | C] () -- C:\Users\user\clockwork_thoughts__unpainted__by_ariscene.jpg [2012.10.22 23:44:58 | 000,106,347 | ---- | C] () -- C:\Users\user\a80395c-large.png [2012.09.27 23:26:50 | 000,896,773 | ---- | C] () -- C:\Users\user\mmmm.jpg [2012.09.27 23:16:12 | 000,896,991 | ---- | C] () -- C:\Users\user\Unbenannt-3 Kopie.jpg [2012.09.27 23:15:49 | 006,926,780 | ---- | C] () -- C:\Users\user\Unbenannt-3.psd [2012.09.18 15:45:33 | 000,093,949 | ---- | C] () -- C:\Users\user\Unbenannt-1.gif [2012.09.18 01:37:21 | 001,164,828 | ---- | C] () -- C:\Users\user\Unbenannt-1.psd [2012.09.13 20:13:22 | 000,544,232 | ---- | C] () -- C:\Users\user\war2g.gif [2012.09.13 20:01:39 | 009,963,316 | ---- | C] () -- C:\Users\user\Unbenannt-2.psd [2012.09.13 19:50:59 | 000,521,549 | ---- | C] () -- C:\Users\user\War2.gif [2012.07.30 03:23:42 | 000,051,200 | ---- | C] () -- C:\Users\user\take2.wps [2012.07.29 01:48:22 | 000,600,064 | ---- | C] () -- C:\Users\user\take.wps [2012.07.15 22:30:51 | 000,053,736 | ---- | C] () -- C:\Users\user\407780_352510738106384_524306434_n.jpg [2012.03.10 15:34:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.03.04 18:09:53 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2012.02.26 19:19:55 | 000,000,565 | ---- | C] () -- C:\Users\user\.foobillardrc [2011.11.13 18:37:01 | 000,007,601 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2011.06.30 13:30:47 | 000,000,867 | ---- | C] () -- C:\Windows\ScnPanel.ini [2011.06.30 13:19:37 | 000,200,704 | ---- | C] () -- C:\Windows\Ausba3.dll [2011.06.30 13:19:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Arsetup.dll [2011.06.30 13:19:37 | 000,018,120 | ---- | C] ( ) -- C:\Windows\System32\drivers\ArtecGT.sys [2011.06.30 13:19:37 | 000,011,464 | ---- | C] () -- C:\Windows\Dusb3ar.ini [2011.06.30 13:19:37 | 000,002,638 | ---- | C] () -- C:\Windows\Ausba3.INI [2011.06.30 13:19:37 | 000,000,282 | ---- | C] () -- C:\Windows\System32\Arsetup.ini [2011.06.30 13:18:08 | 000,001,704 | ---- | C] () -- C:\Windows\ePlus.ini [2010.02.27 00:37:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007.11.27 15:35:38 | 000,005,318 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat [2007.11.23 16:49:34 | 000,038,426 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft Access 97-2003.ADR [2007.11.17 23:12:07 | 000,027,043 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Azureus [2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\BitTorrent [2010.02.26 23:51:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DAEMON Tools Lite [2010.04.13 00:12:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DNA [2010.02.26 23:51:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\GetRightToGo [2010.02.26 23:52:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ [2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Nokia [2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PC Suite [2010.02.26 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Smith Micro [2010.02.26 23:52:52 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Thunderbird [2013.04.27 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ackyze [2010.02.26 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avery [2010.05.16 23:38:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Buhl Data Service GmbH [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Cornelsen [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite [2010.02.26 23:55:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataDesign [2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\digital publishing [2013.01.28 16:24:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft [2012.08.06 01:36:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.26 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0 [2010.06.14 20:44:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ [2012.12.08 22:18:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kock [2010.02.26 23:56:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech [2013.04.28 19:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Luawha [2010.02.26 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX [2010.06.06 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\McLoad [2012.02.26 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\md studio [2010.02.26 23:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia [2013.02.09 15:06:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Noyd [2012.08.06 01:36:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite [2012.02.25 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Peace Craft [2012.02.26 00:08:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PoBros [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RVS [2011.07.18 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smith Micro [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony [2010.02.26 23:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Steganos AntiSpam 2007 [2010.03.09 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer [2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template [2010.02.26 23:56:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird [2012.12.08 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UAs [2010.05.08 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft [2013.02.09 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uchauk [2012.08.06 01:37:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue [2013.04.28 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vieqy [2012.12.10 00:00:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xmldm [2010.05.11 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\XRay Engine [2013.02.11 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ymutr ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:03271074 < End of report > |
|
30.04.2013, 13:30
| #14 |
| /// TB-Ausbilder | Laptop CPU Auslastung bie Start schon 100% Hallo, hier die nächsten Schritte:  Warnung: InfostealerAus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat. Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen. Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern. Hinweis: Mehrere AV-HintergrundwächterMir ist aufgefallen, dass du mehr als ein Antivirus-Programm mit Hintergrundwächter laufen hast:
Entscheide dich für eines dieser Programme und deinstalliere die anderen über Start -> Systemsteuerung -> Programme und Funktionen (Vista & Win 7) bzw. Start -> Systemsteuerung -> Software (Win XP). Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
[2013.02.11 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ymutr
[2013.04.28 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vieqy
[2012.12.10 00:00:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xmldm
[2013.02.09 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uchauk
[2012.12.08 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UAs
[2012.08.06 01:36:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2013.02.09 15:06:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Noyd
[2013.04.28 19:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Luawha
[2012.12.08 22:18:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kock
[2013.04.27 11:20:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ackyze
[2009.01.23 14:10:22 | 000,000,681 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\ask.xml
[2009.10.23 17:11:57 | 000,002,395 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\daemon-search.xml
[2012.12.01 00:00:23 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin-1.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.gif
[2010.05.14 02:52:20 | 000,000,955 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\icqplugin.xml
[2009.11.27 00:15:18 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5itwbywq.default\searchplugins\sweetim.xml
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\user\AppData\Roaming\17001.005
FF - prefs.js..browser.search.order.1: "Ask"
[2012.12.06 17:12:04 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356
[2012.12.06 17:12:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
IE - HKU\S-1-5-21-1062125089-281619726-1483776901-1000\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="
FF - prefs.js..browser.startup.homepage: "hxxp://www.yodl.de/?&affid=1&uid=77FA46BE-F5CC-48DE-A5E4-91322A6E8812"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
:commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Schritt 5 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
30.04.2013, 14:03
| #15 |
| | Laptop CPU Auslastung bie Start schon 100% Also erst einmal hört sich das echt beunruhigend an mit der passwort ausspionier software :-O und 2. habe ich norton eig. schon längst vom system entfernt und wird auch nicht in programm liste aufgeführt. kann es sein das sich das trotzdem noch im hintergrund hält und wenn ja wie krieg ich das dann weg? lg |
|
| Themen zu Laptop CPU Auslastung bie Start schon 100% |
| 100%, attacke, auslastung, avira, ccleaner, code, cpu auslastung, cpu auslastung hoch, forum, freundin, guten, html/ransom.b, langsames system, laptop, laufen, leute, runter, schneller, schädlinge, versucht, windows, ziehen |
Textbox. 
Linear-Darstellung
