| |
| |||||||
Log-Analyse und Auswertung: Delta-Search bin ich nu "sauber"?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.04.2013, 03:17
| #1 |
| |  Delta-Search bin ich nu "sauber"? Hallöle, hab mir vor einer halben Stund ein Video Mp4 Converter gedownloadet (wollt mal auf YouTube paar Vids hochladen), BÄM hab ich gleich mal n Hammer auf den Kopf bekommen als ich Firefox wieder geöffnet habe, total langsam und Delta-Search als Startseite hab dann versucht das rückgängig zu machen den Converter deinstalliert und den Delta Dreck aus der Systemsteuerung gelöscht. Da die erste Regel bei euch ja erst Googlen dann draufloslabern ist, hab ich das gemacht und das "Programm" AdwCleaner[R1] gefunden, installiert, durchlaufen lassen, dann n File geshen mit vielen "Delta" Markierungen, löschen geklickt, PC neustart, AdwCleaner[R1] geöffnet und dann kam beim erneuten durchlaufen das raus Code:
ATTFilter # AdwCleaner v2.300 - Datei am 29/04/2013 um 04:03:00 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Kecky - KECKY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kecky\Downloads\AdwCleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [726 octets] - [29/04/2013 04:03:00]
########## EOF - C:\AdwCleaner[R1].txt - [785 octets] ##########
Microsoft Security Essentials sagt mir das der PC-Status: Geschützt ist und sauber Hab nich so viel Ahnung von dem Zeugs, hoffe ihr könnt mir weiterhelfen, ab und zu lagt der Browser noch (z.b. als ich hier geschrieben hab^^) Hat anfangs richtig stark gelagt, als ich aber in Systemsteuerung das Zeug deinstalliert hab war alles wieder wie gewohnt Kein lag kein nix dacht ich mir ok lässte halt Microsoft Security Essentials durchlaufen und hörst derweil Musik bis dann wieder das lagn anfing -.- (aber nur sehr leicht, außer ich bilde mir das ein? und der hat schon immer gelagt xD) Mfg eastpak24 Geändert von eastpak24 (29.04.2013 um 03:58 Uhr) |
|
29.04.2013, 08:31
| #2 | |
| /// TB-Ausbilder   | Delta-Search bin ich nu "sauber"? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Zitat:
C:\AdwCleaner[SX].txt Anschließend geht es so weiter: Schritt 1 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex
msconfig
CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Bitte poste mit deiner nächsten Antwort
|
|
29.04.2013, 17:03
| #3 |
| | Delta-Search bin ich nu "sauber"? Hallo Matthias
__________________Danke für die Hilfe, hab jetz alles erledigt was mir aufgetragen worden ist. C:\AdwCleaner[SX].txt gibts bei mir nicht hab AdwCleaner deinstalliert gehabt und da hat sich das wahrscheinlich mit gelöscht? Achja und als ich GMER gestartet hatte war ich noch mit dem Internet verbunden  schlimm? Habs dann geschlossen, Antivier + vom Internet getrennt und dann auf scan gedrückt ging alles bis iwann mein Browser sich aufhängte, dann haben sich alle Desktop-Symbole unsichtbar gemacht (sind verschwunden + Taskleiste), hab dann Strg+Alt+Entf gedrückt dann kam eine Fehlermeldung > dass ich Pc per Power On/Off - neustarten soll, das tat ich dann und später hab ich GMER ohne Firefox gestartet und scannen lassen dann hats auf anhieb geklappt ohne probs Zuerst die 2 OTL's OTL.txt Code:
ATTFilter OTL logfile created on: 4/29/2013 3:01:57 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kecky\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.98 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 82.57% Memory free 15.96 Gb Paging File | 14.48 Gb Available in Paging File | 90.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 45.44 Gb Total Space | 2.71 Gb Free Space | 5.96% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 492.17 Gb Free Space | 52.84% Space Free | Partition Type: NTFS Computer Name: KECKY-PC | User Name: Kecky | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/04/29 14:53:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe PRC - [2013/04/19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013/04/19 23:10:48 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\The Elder Scrolls V Skyrim\Steam.exe PRC - [2010/12/02 04:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe PRC - [2010/11/27 07:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010/11/10 21:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2010/11/03 19:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010/10/21 11:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010/10/06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/10/06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/12/23 23:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe PRC - [2009/12/23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe PRC - [2009/07/23 15:16:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe ========== Modules (No Company Name) ========== MOD - [2013/04/19 23:10:50 | 001,114,024 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\chromehtml.dll MOD - [2013/03/27 02:16:40 | 020,341,672 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\libcef.dll MOD - [2013/03/26 00:23:34 | 000,651,776 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\SDL2.dll MOD - [2012/12/11 19:51:10 | 001,100,800 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avcodec-53.dll MOD - [2012/12/11 19:51:10 | 000,192,000 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avformat-53.dll MOD - [2012/12/11 19:51:10 | 000,124,416 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avutil-51.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/09/17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/04/19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/04/12 15:03:33 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/01 05:08:20 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/11/28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010/12/02 04:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc) SRV - [2010/11/03 19:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010/10/21 11:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010/10/06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/10/06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service) SRV - [2009/07/23 15:16:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/04/19 09:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/03 17:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/02/24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/09/23 10:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010/09/17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010/09/17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010/09/17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2010/09/14 12:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/07/01 16:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2010/05/26 11:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\4C3.tmp -- (MEMSWEEP2) DRV:64bit: - [2010/01/15 14:27:46 | 000,032,544 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2010/01/15 14:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) DRV:64bit: - [2010/01/15 14:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) DRV:64bit: - [2010/01/15 14:27:18 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/01/04 23:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp) DRV - [2005/01/03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2213953162-339333542-4111985408-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/ IE - HKU\S-1-5-21-2213953162-339333542-4111985408-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2213953162-339333542-4111985408-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2213953162-339333542-4111985408-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2213953162-339333542-4111985408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011/05/06 19:17:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 15:03:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 15:03:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/24 17:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kecky\AppData\Roaming\Mozilla\Extensions [2013/04/29 03:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\extensions [2013/04/28 18:37:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/10/27 15:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/04/12 15:03:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/22 19:00:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/30 08:15:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/22 19:00:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/22 19:00:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/22 19:00:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/22 19:00:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2213953162-339333542-4111985408-1000..\Run: [Steam] D:\The Elder Scrolls V Skyrim\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E796B2B2-CDAD-49E1-AA14-79017D1E8F87}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/04/29 14:53:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe [2013/04/29 02:19:03 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\DVDVideoSoft [2013/04/28 20:52:06 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\Bilder [2013/04/28 18:53:18 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Plugins [2013/04/28 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\DVDVideoSoft [2013/04/28 18:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013/04/28 18:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013/04/28 18:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013/04/28 18:25:10 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\gtk-2.0 [2013/04/28 18:24:17 | 000,000,000 | ---D | C] -- C:\Users\Kecky\.thumbnails [2013/04/28 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\gegl-0.0 [2013/04/28 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\Kecky\.gimp-2.6 [2013/04/28 17:35:37 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\vlc [2013/04/28 17:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/04/28 14:29:52 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Local\{85B279DF-A995-4EF7-B239-D660A56B82A4} [2013/04/27 17:50:18 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Local\{D04C5D92-B59A-4276-A64E-AC666C2758C9} [2013/04/18 13:14:33 | 000,000,000 | ---D | C] -- C:\Fraps [2013/04/15 19:29:32 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Movie [2013/04/15 19:19:33 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Ordner 2013 [2013/04/14 16:41:37 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Local\{AB88A836-4426-4419-AC04-766A6A86133A} [2013/04/14 16:41:37 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Local\{99827D4E-8A79-469B-85A0-AD0F2818ECD3} [2013/04/11 02:09:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/11 02:09:04 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/11 02:09:03 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/04/11 02:09:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/04/11 02:09:03 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/04/11 02:09:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/04/11 02:09:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/04/11 02:09:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/04/11 02:09:03 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/04/11 02:09:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/04/11 02:09:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/04/11 02:09:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/11 02:09:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/11 02:09:00 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/11 02:09:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/10 10:46:54 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/04/10 10:46:54 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/04/10 10:46:54 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013/04/10 10:46:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013/04/10 10:46:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013/04/10 10:46:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013/04/10 10:43:30 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/04/10 10:43:30 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/04/10 10:43:30 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/04/10 10:43:29 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/04/10 10:43:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/04/10 10:43:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/04/01 05:10:32 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Local\Macromedia [2013/04/01 05:08:19 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/29 14:53:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe [2013/04/29 14:51:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/29 14:51:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/29 14:48:09 | 001,529,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/04/29 14:48:09 | 000,665,562 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/04/29 14:48:09 | 000,627,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/04/29 14:48:09 | 000,133,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/04/29 14:48:09 | 000,110,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/04/29 14:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/29 14:43:42 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys [2013/04/29 04:28:13 | 000,050,477 | ---- | M] () -- C:\Users\Kecky\Desktop\Defogger.exe [2013/04/29 04:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/29 04:02:45 | 000,628,743 | ---- | M] () -- C:\Users\Kecky\Desktop\AdwCleaner.exe [2013/04/29 03:22:59 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/04/29 02:55:11 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013/04/29 02:19:12 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013/04/28 23:59:22 | 000,006,129 | ---- | M] () -- C:\Users\Kecky\.recently-used.xbel [2013/04/28 21:00:45 | 000,002,121 | ---- | M] () -- C:\Users\Kecky\Desktop\Microsoft Security Essentials.lnk [2013/04/28 18:59:09 | 000,001,040 | ---- | M] () -- C:\Users\Kecky\Desktop\IV_Player - Verknüpfung.lnk [2013/04/28 18:37:46 | 000,001,243 | ---- | M] () -- C:\Users\Kecky\Desktop\DVDVideoSoft Free Studio.lnk [2013/04/28 18:23:29 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2013/04/28 17:14:48 | 000,000,655 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/04/11 11:38:25 | 000,417,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/07 02:37:45 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/04/01 05:08:19 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/04/01 05:08:19 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/29 04:28:13 | 000,050,477 | ---- | C] () -- C:\Users\Kecky\Desktop\Defogger.exe [2013/04/29 04:02:24 | 000,628,743 | ---- | C] () -- C:\Users\Kecky\Desktop\AdwCleaner.exe [2013/04/29 03:22:54 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/04/29 02:55:11 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013/04/29 02:19:12 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013/04/28 23:59:22 | 000,006,129 | ---- | C] () -- C:\Users\Kecky\.recently-used.xbel [2013/04/28 21:00:45 | 000,002,121 | ---- | C] () -- C:\Users\Kecky\Desktop\Microsoft Security Essentials.lnk [2013/04/28 18:59:09 | 000,001,040 | ---- | C] () -- C:\Users\Kecky\Desktop\IV_Player - Verknüpfung.lnk [2013/04/28 18:37:42 | 000,001,243 | ---- | C] () -- C:\Users\Kecky\Desktop\DVDVideoSoft Free Studio.lnk [2013/04/28 18:23:29 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2013/04/28 17:14:48 | 000,000,655 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/04/01 05:08:20 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/22 05:52:27 | 000,004,096 | -H-- | C] () -- C:\Users\Kecky\AppData\Local\keyfile3.drm [2012/01/02 09:09:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011/10/25 00:22:38 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI [2011/10/24 17:18:26 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2011/10/23 22:49:33 | 000,000,166 | ---- | C] () -- C:\Windows\WLP.ini [2011/05/06 18:54:22 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2011/05/06 18:53:41 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011/05/06 18:53:34 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll [2011/05/06 18:53:34 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011/05/06 18:53:34 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011/05/06 18:52:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011/05/06 18:47:11 | 000,008,949 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011/05/06 18:47:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/05/06 18:47:04 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2011/05/06 18:47:04 | 000,005,557 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 4/29/2013 3:01:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kecky\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7.98 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 82.57% Memory free
15.96 Gb Paging File | 14.48 Gb Available in Paging File | 90.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 45.44 Gb Total Space | 2.71 Gb Free Space | 5.96% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 492.17 Gb Free Space | 52.84% Space Free | Partition Type: NTFS
Computer Name: KECKY-PC | User Name: Kecky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2213953162-339333542-4111985408-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0386CD1F-D82F-46BB-BF6B-828B157E8B82}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C0BCDF3-2229-4A23-93BF-591621AA61FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FADF6B8-9176-4F25-AF1A-CEEA38E0909D}" = rport=139 | protocol=6 | dir=out | app=system |
"{1925B6B6-631F-4BCB-8185-0FC2C47466AD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{338E34AB-16BB-48AF-B22A-6F2B03FDF3BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37B154A3-5250-4AFE-AD9C-40FA5E228714}" = rport=445 | protocol=6 | dir=out | app=system |
"{3810DC4D-BAF5-41B4-AFF1-AF4BB2457A8E}" = lport=138 | protocol=17 | dir=in | app=system |
"{3B3B386E-4127-4A67-BAB7-54C1B0CACB0A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{463F4E2E-2BF7-44FD-9F87-CE3C475A6B72}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C330739-25C9-4CAF-BEC7-CE618B6EE12B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{634A59D9-7839-48BC-A52B-B9AB743297A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{81A39940-A3E9-46BE-8E0F-23FDCADBADE2}" = rport=137 | protocol=17 | dir=out | app=system |
"{850A67EA-F4C8-4DDD-8C89-8160A5D509C1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{934A89AD-B481-433E-A8FA-C93E27EE6671}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96AABC30-B7BC-47DF-A360-69A5A07F2872}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BCB96FE-B66F-439E-9491-946D8D5CD0B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BCCE45E-AB81-4DF8-92BA-9E774AF93090}" = lport=445 | protocol=6 | dir=in | app=system |
"{B6059378-474E-44C2-A8EE-6E0EAE3F8A8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B761A781-7CA9-4BA4-B999-D83E004AED5A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C9DD9E78-03DE-4E2F-ADC6-A9640DDD6C8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E33416E2-3B7A-4BD0-9C9C-67D4DEA4F689}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F387FDF3-BBDC-43AC-ABA3-E6988F162D40}" = lport=139 | protocol=6 | dir=in | app=system |
"{FC98107C-A4A0-4F6D-9B57-6FA1A69E56AB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088B353E-A8EF-4F37-8D30-8243A17B012D}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{0E835E25-94B5-46A9-AAD6-62AEA0FA923A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{0F916AAB-0146-45BB-9F90-E05353C71A4B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1043BE92-A1BA-4FFB-A593-EF1EF50A7B56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{112BFE27-B88A-499F-B96F-C261C8C908AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{134B205E-5619-4736-A33D-72384219ACF9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{169FE2E9-A1A9-4695-9B84-242911485369}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{1C4A6667-DAF6-42D0-807F-9F6D25BEC81F}" = protocol=6 | dir=in | app=d:\the elder scrolls v skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"{1D9408B3-F504-43F6-BA55-7AA4403E8F7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1EDC16A7-E855-4751-9808-44DA400AC877}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{29F23642-E484-47CD-8B88-A71FE23BD3F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{31150389-657D-4A3E-BA8F-4C91B277A077}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{3E10EC4D-D219-4989-B18F-472C8DE89024}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4124FB86-1452-4D86-8A7B-410F8768E573}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{46E948B5-A4FC-4421-86D9-B1821D98A7DE}" = protocol=6 | dir=out | app=system |
"{477E0412-50F9-44FB-900A-46100B5A7004}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{4BFA3BA1-90C0-4B00-B21A-61DEF722BA34}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{4C422458-A9BC-45BB-97C5-B1F978186BA0}" = protocol=17 | dir=in | app=c:\users\kecky\appdata\roaming\2yourface\updater.exe |
"{5302029D-ACED-44F1-B4D7-5CF82856B7BA}" = protocol=17 | dir=in | app=d:\the elder scrolls v skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"{55C1E1C1-9B91-4798-ADF9-07A28D8DCFF6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{62AD5D0D-A9AB-44F5-9DCA-0AA8BE6CEAD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{69703DAC-5167-4062-BEC6-F55B4E2C693D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73E1532B-C011-441E-9E7D-F5F598B08D35}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{7BA77C9F-21E5-4B65-B393-F21B8BAE74E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{854CC4BE-0E33-4606-8171-3E80E9494D0A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{884BA2FE-041B-4728-AAFA-00F3898BC968}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{8962DBE4-9D34-475A-9ACE-FDA8B53121CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9182A833-859F-47FE-BF66-985EC388C578}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{965D2F90-AB8D-46CD-B965-943D2DFF7A1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A5FDC38-07B3-462F-9435-3AAB1FEFE7DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A21C6DEF-C86B-4530-87EC-252334FA3A54}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{AAD0A0EF-E86A-462D-9695-9939C99F0AD5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B030928E-333D-4C03-9E35-E1696C9FBD01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF55F325-3672-4A60-8E3E-A47FD921F9C6}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{C21ADCCF-9F10-42F4-8600-23F8961FC7AD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{C432E615-D21D-46A6-AA45-17EE7A900EE1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{C4BD0487-D506-4866-842F-58D874F66260}" = protocol=17 | dir=in | app=d:\the elder scrolls v skyrim\steam.exe |
"{C8B7065B-6312-4E3C-8280-83EC28C3FD0E}" = protocol=17 | dir=in | app=d:\diablooooo\diablo iii\diablo iii.exe |
"{C9C3F548-36B8-4306-8572-30E725A37314}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CAA92511-9FDB-484B-8079-351879910F1C}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{CD5AEEA6-14D9-4725-B27C-D7A1DD905E17}" = protocol=6 | dir=in | app=d:\the elder scrolls v skyrim\steam.exe |
"{D47BF837-FBEB-4918-9B01-2789FAA337B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DAE44E19-8FBC-4DA5-8982-01654AC5FDB2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{E0529AFC-2E7B-4EF3-9BA7-788EEB7D3340}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{E3A3D9D5-7D0D-4753-927C-0E5D2D2818B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEEF5903-16D5-4110-A306-7CA1E304E88D}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{F3D9C09C-B3D9-484C-BCDF-6B132DAC143B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F9DFFD89-72E5-46F4-B61C-22A4EABFD36F}" = protocol=6 | dir=in | app=c:\users\kecky\appdata\roaming\2yourface\updater.exe |
"{FAD4F571-059F-48BB-B8DC-1581D24523EE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{FB103DA0-F838-46FB-895D-01EB0E10C742}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB927191-9114-4A02-A186-34F93249F8AB}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{FDF8D6E5-1120-4E83-B983-0CDCB573C8DF}" = protocol=6 | dir=in | app=d:\diablooooo\diablo iii\diablo iii.exe |
"TCP Query User{123E810B-EC72-4EFA-9C14-309DB6768D7B}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{2B82CAEB-E199-4DDF-94F4-FDDD4F7E148D}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{6E4229DA-1AD6-4D77-A656-AA5DD4472E6E}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{7A993C27-A8C0-4E55-88C4-1D78DFBB8025}D:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"TCP Query User{8E2E4412-E7D1-4BEC-9E77-0884ED187F74}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{9852667B-A9B0-469B-AD39-F5A8011BBD24}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{9FA5C62E-CC7B-411D-9544-1F92A1C03EA8}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{AC2431E7-F6B2-4E10-B63E-54E81CB3B143}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{ACED9FD3-446F-41B6-8A56-FE10C808B886}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{B1927DB4-2CC6-4911-83ED-525550FA9A36}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{B6D1D6CE-1E2E-4746-B78D-1301D068E738}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{BBC66214-8793-4471-988B-65D71328220D}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{E23E6333-EDAF-4FFB-A44F-86FA5B3CE827}D:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{F6032BE0-5F1C-43EB-AFE1-00DC8E34F9AA}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{1E8BF838-1E97-4828-808A-4444DE19FF47}D:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"UDP Query User{221029D8-5F8D-42E5-8364-0320452D69D3}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{2F07FC19-BAC7-4C91-AB5C-8573B69CE476}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{45EDC978-9C18-403C-94B3-0E2ED8C3A573}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{54CC63C5-41E5-4A4D-BFB4-BF8CAEE87ED6}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{5F4C353D-7115-4007-B246-F1EB04B285DC}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"UDP Query User{77A1EDD2-8F12-4E08-B4F3-FFB5AB9F8E2E}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{8C541F62-295D-499B-9A0E-E7A9B96310AB}D:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{C7FB8A7F-7010-4276-A7F9-2999F7D84D67}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{CF5E2D36-D5C7-4A24-A723-EA766911A572}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{D2F8BDEB-9FFB-4C17-B227-49E2F9131CCC}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F7DB1FB6-1EF4-4247-B082-099B5F25C777}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{FB399FF7-2AA1-4053-9427-D3EB77E87E0A}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{FEFC9D8F-EC21-4E7F-A4D4-1CDFC90D481D}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.29
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.29
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard
"{12e3104b-7dc7-4ad5-9ea7-411d2955904b}" = Nero 9 Essentials
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40FDC018-23A6-4618-B30A-A8EFCAA22A3D}" = Wildlife Park
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"Audacity_is1" = Audacity 2.0.2
"AV Voice Changer Software 7.0" = AV Voice Changer Software 7.0
"Diablo III" = Diablo III
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.426
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.426
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"StarCraft II" = StarCraft II
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"World of Warcraft" = World of Warcraft
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/28/2013 8:33:43 PM | Computer Name = Kecky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.3.0, Zeitstempel:
0x4c6c2da5 Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.3.0, Zeitstempel:
0x4c6c2da5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001749 ID des fehlerhaften Prozesses:
0x10d8 Startzeit der fehlerhaften Anwendung: 0x01ce44712cf72ede Pfad der fehlerhaften
Anwendung: D:\VLC media Player\VLC\vlc.exe Pfad des fehlerhaften Moduls: D:\VLC
media Player\VLC\vlc.exe Berichtskennung: 7181da35-b064-11e2-93ae-14dae9581f0a
Error - 4/28/2013 8:54:37 PM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Programm_Programm_Programm\SoftonicDownloader(MP3DirectCut).exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 4/28/2013 8:54:37 PM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Programm_Programm_Programm\SoftonicDownloader(irvanView).exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 4/28/2013 8:54:37 PM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Programm_Programm_Programm\SoftonicDownloader(Gimp).exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 4/28/2013 9:26:13 PM | Computer Name = Kecky-PC | Source = WinMgmt | ID = 10
Description =
Error - 4/29/2013 8:45:36 AM | Computer Name = Kecky-PC | Source = WinMgmt | ID = 10
Description =
Error - 4/29/2013 8:54:13 AM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kecky\Downloads\SoftonicDownloader_fuer_morphvox.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 4/29/2013 8:54:14 AM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kecky\Downloads\SoftonicDownloader_fuer_av-voice-changer-software.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 4/29/2013 8:56:36 AM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-2213953162-339333542-4111985408-1000\$RT87K34.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 4/29/2013 8:56:36 AM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-2213953162-339333542-4111985408-1000\$RGPG5ZS.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
[ Media Center Events ]
Error - 10/23/2011 7:25:04 AM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0
Description = 13:25:04 - Fehler beim Herstellen der Internetverbindung. 13:25:04
- Serververbindung konnte nicht hergestellt werden..
Error - 10/23/2011 8:55:57 AM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0
Description = 14:55:57 - Fehler beim Herstellen der Internetverbindung. 14:55:57
- Serververbindung konnte nicht hergestellt werden..
Error - 10/23/2011 10:19:25 AM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0
Description = 16:19:25 - Fehler beim Herstellen der Internetverbindung. 16:19:25
- Serververbindung konnte nicht hergestellt werden..
Error - 10/23/2011 1:01:36 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0
Description = 19:01:36 - Fehler beim Herstellen der Internetverbindung. 19:01:36
- Serververbindung konnte nicht hergestellt werden..
Error - 10/24/2011 9:40:14 AM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0
Description = 15:40:14 - Fehler beim Herstellen der Internetverbindung. 15:40:14
- Serververbindung konnte nicht hergestellt werden..
Error - 10/25/2011 1:19:10 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0
Description = 19:19:10 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)
Error - 10/26/2011 1:06:33 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0
Description = 19:06:33 - Directory konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 10/26/2011 2:12:10 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0
Description = 20:12:10 - Fehler beim Herstellen der Internetverbindung. 20:12:10
- Serververbindung konnte nicht hergestellt werden..
Error - 2/27/2013 11:53:29 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0
Description = 04:53:28 - Fehler beim Herstellen der Internetverbindung. 04:53:28
- Serververbindung konnte nicht hergestellt werden..
Error - 3/3/2013 1:52:19 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0
Description = 18:52:19 - Directory konnte nicht abgerufen werden (Fehler: Invalid
security token.)
[ System Events ]
Error - 4/14/2013 4:49:36 PM | Computer Name = Kecky-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 4/15/2013 1:18:19 PM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 4/17/2013 12:17:19 PM | Computer Name = Kecky-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?04.?2013 um 18:16:42 unerwartet heruntergefahren.
Error - 4/19/2013 7:51:09 PM | Computer Name = Kecky-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 4/22/2013 8:07:19 AM | Computer Name = Kecky-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?04.?2013 um 14:05:44 unerwartet heruntergefahren.
Error - 4/25/2013 11:19:41 AM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 4/25/2013 11:19:41 AM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 4/27/2013 4:49:49 PM | Computer Name = Kecky-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 4/28/2013 10:11:48 AM | Computer Name = Kecky-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 4/28/2013 8:13:46 PM | Computer Name = Kecky-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
Ganz schön viel oder?...und ja ich weiß meine Festplatte is voll 95%  aber keine Ahnung brauch das alles und hab ja nochn andren speicher der noch viel verträgt  hab ja mehrere Game's die bissl "größer" ausfallen unter anderem Skyrim, StarCraft, Diablo3, WoW usw. Defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:19 on 29/04/2013 (Kecky)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Tut mir leid das ich den Beitrag nun spalten muss hatte 130000 Zeichen und es sind nur 120000 Zeichen zugelassen was ich schon die ganze Zeit wissen will WAS genau tut Delta-Search eig.? späht der meine Passwörter bei Facebook oder so aus? kann ich da jetz ungestört einloggn? auf google steht nur Schwachsinn und in einem Dialekt den ich ned versteh bitte erklären will jetz nich die blabla quadratwurzel blubb wissn einfach nur bsp. > Er leitet dich nur um damit du dir andre Viren einfängst oder so ähnlichMfg eastpak24 |
|
29.04.2013, 17:07
| #4 |
| | Delta-Search bin ich nu "sauber"? und hier noch die GMER da ich gezwungen war Beitrag zu splitten Gmer.txt Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-29 15:46:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ADATA_S596_Turbo rev.100730 59,63GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kecky\AppData\Local\Temp\fgtoqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2060] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2060] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000076fd549c 5 bytes JMP 0000000100080800
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000758e1465 2 bytes [8E, 75]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758e14bb 2 bytes [8E, 75]
.text ... * 2
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??2@YAPEAX_K@Z] [a]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcscpy_s] [80020004]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcscat_s] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??_V@YAXPEAX@Z] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!malloc] [6563786556413f2e]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!free] [40406e6f697470]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcsncpy_s] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!__CxxFrameHandler3] [69676f6c56413f2e]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_XcptFilter] [40726f7272655f63]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_initterm] [4040647473]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_unlock] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!__dllonexit] [676e656c56413f2e]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_lock] [726f7272655f6874]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_onexit] [404064747340]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_errno] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [5f74756f56413f2e]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!memcpy_s] [65676e61725f666f]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??3@YAXPEAX@Z] [404064747340]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!OpenServiceW] [10000000000]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!OpenSCManagerW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!CloseServiceHandle] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegSetValueExW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegCloseKey] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegEnumKeyExW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegOpenKeyExW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegDeleteValueW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegQueryInfoKeyW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegCreateKeyExW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!QueryServiceStatus] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentThreadId] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetTickCount] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!QueryPerformanceCounter] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!Sleep] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentProcessId] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetVersionExA] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!lstrcmpiW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!TerminateProcess] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentProcess] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!UnhandledExceptionFilter] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlVirtualUnwind] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlLookupFunctionEntry] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlCaptureContext] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!OutputDebugStringA] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetLastError] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!FindResourceW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!FreeLibrary] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!LoadLibraryExW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetModuleHandleW] [ffffffffffffffff]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!LoadLibraryW] [ffffbb20854ceed7]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!SizeofResource] [11d16528b62f5910]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetModuleFileNameW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetProcAddress] [3daf2b0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!CoTaskMemFree] [455f584356413f2e]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!StringFromGUID2] [6e6f697470656378]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!CoTaskMemRealloc] [4040]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[USER32.dll!UnregisterClassA] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[USER32.dll!CharNextW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!malloc] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memcpy_s] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??1exception@@UEAA@XZ] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBD@Z] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!realloc] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memmove_s] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@XZ] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBDH@Z] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_CxxThrowException] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_callnewh] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!__CxxFrameHandler3] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_XcptFilter] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_initterm] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_amsg_exit] [111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [fffffffffffffffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_unlock] [100000000]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!__dllonexit] [400000002]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_lock] [a00000006]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_onexit] [160000000e]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memset] [2e0000001e]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_vsnwprintf] [5e0000003e]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!free] [be0000007e]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memcpy] [17e000000fe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlGetNtProductType] [5fe000003fe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ntdll.dll!VerSetConditionMask] [bfe000007fe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlVirtualUnwind] [17fe00000ffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlCaptureContext] [2ffe00001ffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlLookupFunctionEntry] [5ffe00003ffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!GetTickCount] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!LoadResource] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!FindResourceW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!GetLastError] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!LoadLibraryExW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!lstrlenW] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!lstrcpynW] [4a5bc17400000000]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!lstrcmpiW] [200000000]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!DisableThreadLibraryCalls] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemRealloc] [17ffe0000fffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemAlloc] [2fffe0001fffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemFree] [5fffe0003fffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoUninitialize] [9fffe0007fffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoInitializeEx] [dfffe000bfffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiDestroyDeviceInfoList] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupOpenInfFileW] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupFindFirstLineW] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetIntField] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetMultiSzFieldW] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiEnumDeviceInfo] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiOpenDevRegKey] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiGetClassDevsW] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupCloseInfFile] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetStringFieldW] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[USER32.dll!CharNextW] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[USER32.dll!LoadStringW] [1111111111111111]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogDeregisterW] [15fffe0013fffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogRegisterW] [19fffe0017fffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogEventW] [1dfffe001bfffe]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceDelete] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceDelete] [80818086808006]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportRemove] [8082868086031000]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminServerDisconnect] [8585454545050514]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigServerDisconnect] [5080303000000585]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminServerConnect] [3827280008008080]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceCreate] [3037000700805750]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceEnum] [2000000088505030]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceGetHandle] [8080888028]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceTransportAdd] [808686868606060]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminTransportCreate] [870707770707807]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigServerConnect] [700080008000008]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceCreate] [8]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceEnum] [706050403020100]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportEnum] [f0e0d0c0b0a0908]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceGetHandle] [605040302010010]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportAdd] [e0d0c0b0a090807]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportGetHandle] [100f]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportCreate] [0]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportDelete] [202010100000000]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportGetHandle] [606050504040303]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportGetInfo] [a0a090908080707]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigBufferFree] [e0e0d0d0c0c0b0b]
IAT C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[slc.dll!SLGetWindowsInformationDWORD] [25fffe0023fffe]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!free] [10000000000]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_U@YAPEAX_K@Z] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_V@YAXPEAX@Z] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_XcptFilter] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!malloc] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_initterm] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!realloc] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_unlock] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!__dllonexit] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcpy] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memset] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ultow_s] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_vsnwprintf] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_amsg_exit] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcmp] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_lock] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_onexit] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ui64tow_s] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlLookupFunctionEntry] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCaptureContext] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlInitUnicodeString] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlMapGenericMask] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateAcl] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlAddAccessAllowedAce] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateSecurityDescriptor] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlSetDaclSecurityDescriptor] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!NtQueryInformationFile] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlVirtualUnwind] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaOpenPolicy] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!CopySid] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaLookupNames2] [44df65cf510e]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaClose] [ffffbb209a30aef1]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegOpenKeyExW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegCloseKey] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegQueryValueExW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetNamedSecurityInfoW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetSecurityDescriptorControl] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!IsValidSid] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!EqualSid] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetLengthSid] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaFreeMemory] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[USER32.dll!CopyImage] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[USER32.dll!LoadStringW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[USER32.dll!ReleaseDC] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[USER32.dll!GetDC] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateDIBSection] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteDC] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetBitmapBits] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateCompatibleDC] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!SelectObject] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!BitBlt] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetObjectW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteObject] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHChangeNotify] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathCombineW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathRemoveFileSpecW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHGetValueW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsRootW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsUNCW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHStrDupW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DisableThreadLibraryCalls] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryW] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FreeLibrary] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetLastError] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryExA] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DelayLoadFailureHook] [ffffffffffffffff]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CloseHandle] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LCMapStringW] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateDirectoryW] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindFirstFileW] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DeleteFileW] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RemoveDirectoryW] [1]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDiskFreeSpaceExW] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTempFileNameW] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDriveTypeW] [2]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MulDiv] [1]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileW] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFilePointer] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WriteFile] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTickCount] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileAttributesW] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!QueryPerformanceCounter] [7]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcessId] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnhandledExceptionFilter] [8]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [1]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalAlloc] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetModuleHandleW] [9]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SystemTimeToFileTime] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!OpenProcess] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateEventW] [a]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ReleaseMutex] [32]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEvent] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MapViewOfFile] [b]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileInformationByHandleEx] [1f4]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileInformationByHandle] [0]
IAT C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[PSAPI.DLL!QueryWorkingSetEx] [0]
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
29.04.2013, 18:56
| #5 |
| /// TB-Ausbilder | Delta-Search bin ich nu "sauber"? Servus, an deiner vollen Festplatte solltest du schleunigst was ändern... sonst geht bald gar nix mehr.  Schritt 1 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 2 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
|
29.04.2013, 20:46
| #6 |
| | Delta-Search bin ich nu "sauber"? Sers, Matthias als jRT drübergelaufen ist war Firefox noch offen, wurde dann wieder geschlossen (aufgehängt) dann verschwanden wieder alle Desktop-Symbole + Taskleiste aber mein Pc hat sich dann gefangen und weiter gemacht nicht wie beim ersten mal einen Neustart gebraucht. (hat auch nur 3-5 sec. gedauert bis Symbole wieder da waren, war wie son Schluckauf )Hab mir dann ComboFix gezogen hat angefangen zu scanen dann kam ein Fenster das aussah wie von jRT also selber Style? hat das ne Bedeutung? War jedenfalls nur 2Sec. da und verschwand dann wieder. Ging alles recht schnell grad mal 5min für beide, achja eins noch nachdem ComboFix fertig war hat meiner keinen Neustart verlangt!? soll ich trzd? jedenfalls hab ich AntiV wieder angemacht und poste jetz JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.2 (04.29.2013:1)
OS: Windows 7 Home Premium x64
Ran by Kecky on 29.04.2013 at 21:08:44,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{0B485216-AEBC-4D8E-A651-043E67F5E15B}
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{13CC521A-2BAC-4D27-B14D-7CCD041F153B}
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{16DCBFB6-A6CA-432A-A8D7-D826C56BFCB9}
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{5AC5B471-3FFD-4176-8EC5-464CCEC14A73}
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{81BE36F6-E80F-41C2-84A3-119BA6CD7F24}
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{85B279DF-A995-4EF7-B239-D660A56B82A4}
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{953E18C4-F563-4A6E-9FF4-0E068A424BC1}
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{99827D4E-8A79-469B-85A0-AD0F2818ECD3}
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{9B2D1F98-C643-4390-BD74-535EB4FE14FC}
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{AB88A836-4426-4419-AC04-766A6A86133A}
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{ABB8788A-ADF6-44E7-AA2D-670C6D6147AE}
Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{D04C5D92-B59A-4276-A64E-AC666C2758C9}
~~~ FireFox
Successfully deleted: [File] C:\Users\Kecky\AppData\Roaming\mozilla\firefox\profiles\m4uxqan0.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Kecky\AppData\Roaming\mozilla\firefox\profiles\m4uxqan0.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Kecky\AppData\Roaming\mozilla\firefox\profiles\m4uxqan0.default\prefs.js
user_pref("extensions.crossrider.bic", "13aad1599874c8c07afd5dbe69dfe2c2");
Emptied folder: C:\Users\Kecky\AppData\Roaming\mozilla\firefox\profiles\m4uxqan0.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.04.2013 at 21:11:21,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und die C:\Combofix.txt Code:
ATTFilter ComboFix 13-04-28.01 - Kecky 29.04.2013 21:16:22.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8173.6326 [GMT 2:00]
ausgeführt von:: c:\users\Kecky\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-28 bis 2013-04-29 ))))))))))))))))))))))))))))))
.
.
2013-04-29 19:21 . 2013-04-29 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-29 19:12 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F1FACE-59FE-4D8B-9648-F125D427A23A}\mpengine.dll
2013-04-29 19:08 . 2013-04-29 19:08 -------- d-----w- c:\windows\ERUNT
2013-04-29 19:08 . 2013-04-29 19:08 -------- d-----w- C:\JRT
2013-04-29 01:22 . 2013-04-29 01:22 98 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-29 00:19 . 2013-04-29 00:55 -------- d-----w- c:\users\Kecky\AppData\Roaming\DVDVideoSoft
2013-04-28 22:04 . 2013-04-28 22:04 -------- d---a-w- c:\users\Users
2013-04-28 16:37 . 2013-04-28 16:37 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-04-28 16:37 . 2013-04-29 00:55 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-04-28 16:25 . 2013-04-29 18:56 -------- d-----w- c:\users\Kecky\AppData\Roaming\gtk-2.0
2013-04-28 16:24 . 2013-04-28 16:24 -------- d-----w- c:\users\Kecky\.thumbnails
2013-04-28 16:23 . 2013-04-29 19:03 -------- d-----w- c:\users\Kecky\.gimp-2.6
2013-04-28 15:35 . 2013-04-29 00:33 -------- d-----w- c:\users\Kecky\AppData\Roaming\vlc
2013-04-27 21:12 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-24 12:06 . 2013-04-24 12:06 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B70889D1-A75F-4B2A-9CCF-104BF59D36F5}\gapaengine.dll
2013-04-24 12:01 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-18 11:14 . 2013-04-18 11:14 -------- d-----w- C:\Fraps
2013-04-11 00:08 . 2013-02-21 10:30 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-04-11 00:08 . 2013-02-21 10:30 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-11 00:08 . 2013-02-21 10:15 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-04-11 00:08 . 2013-02-21 10:15 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-11 00:08 . 2013-02-21 10:14 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-04-11 00:08 . 2013-02-21 10:14 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-04-11 00:08 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-10 08:46 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 08:46 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 08:46 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 08:46 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 08:46 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 08:46 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 08:46 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 08:43 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 08:43 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 08:43 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 08:43 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 08:43 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 08:43 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 08:43 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-03 08:11 . 2013-04-12 13:03 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-01 03:10 . 2013-04-01 03:10 -------- d-----w- c:\users\Kecky\AppData\Local\Macromedia
2013-04-01 03:08 . 2013-04-01 03:08 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 00:09 . 2012-08-31 09:29 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-04-01 03:08 . 2011-11-02 13:48 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-22 02:01 . 2013-03-22 02:01 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 02:01 . 2013-03-22 02:01 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-22 02:01 . 2013-03-22 02:01 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-22 02:01 . 2013-03-22 02:01 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-22 02:01 . 2013-03-22 02:01 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-22 02:01 . 2013-03-22 02:01 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-22 02:01 . 2013-03-22 02:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-22 02:01 . 2013-03-22 02:01 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-22 02:01 . 2013-03-22 02:01 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-22 02:01 . 2013-03-22 02:01 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-22 02:01 . 2013-03-22 02:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 02:01 . 2013-03-22 02:01 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 02:01 . 2013-03-22 02:01 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 02:01 . 2013-03-22 02:01 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-22 02:01 . 2013-03-22 02:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-22 02:01 . 2013-03-22 02:01 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-22 02:01 . 2013-03-22 02:01 441856 ----a-w- c:\windows\system32\html.iec
2013-03-22 02:01 . 2013-03-22 02:01 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-22 02:01 . 2013-03-22 02:01 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-22 02:01 . 2013-03-22 02:01 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-22 02:01 . 2013-03-22 02:01 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-22 02:01 . 2013-03-22 02:01 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-22 02:01 . 2013-03-22 02:01 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-22 02:01 . 2013-03-22 02:01 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-22 02:01 . 2013-03-22 02:00 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-22 02:00 . 2013-03-22 02:00 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-22 02:00 . 2013-03-22 02:00 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-22 02:00 . 2013-03-22 02:00 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-22 02:00 . 2013-03-22 02:00 235008 ----a-w- c:\windows\system32\url.dll
2013-03-22 02:00 . 2013-03-22 02:00 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-22 02:00 . 2013-03-22 02:00 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-22 02:00 . 2013-03-22 02:00 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-22 02:00 . 2013-03-22 02:00 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-22 02:00 . 2013-03-22 02:00 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-22 02:00 . 2013-03-22 02:00 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-22 02:00 . 2013-03-22 02:00 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-22 02:00 . 2013-03-22 02:00 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-22 02:00 . 2013-03-22 02:00 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 02:00 . 2013-03-22 02:00 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-22 02:00 . 2013-03-22 02:00 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-22 02:00 . 2013-03-22 02:00 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-22 02:00 . 2013-03-22 02:00 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-22 02:00 . 2013-03-22 02:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-22 02:00 . 2013-03-22 02:00 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-22 02:00 . 2013-03-22 02:00 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-22 02:00 . 2013-03-22 02:00 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-22 02:00 . 2013-03-22 02:00 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-22 02:00 . 2013-03-22 02:00 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-22 02:00 . 2013-03-22 02:00 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-02-12 05:45 . 2013-03-13 23:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 23:06 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 23:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 23:06 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 23:06 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 23:06 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 21:03 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\the elder scrolls v skyrim\steam.exe" [2013-04-19 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
.
c:\users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
2YourFace_Updater.lnk - c:\users\Kecky\AppData\Roaming\2YourFace\Updater.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-6 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4C3.tmp [2010-05-26 6144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-15 29472]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-15 32544]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - fgtoqpoc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-01 03:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-TeamSpeak 3 Client - c:\program files (x86)\TeamSpeak 3 Client\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4C3.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1185823F-F22F-4027-80E5-4F68ACD5DE5E}"=hex:51,66,7a,6c,4c,1d,38,12,51,81,96,
15,1d,bc,49,05,ff,f3,0c,28,a9,8b,9a,4a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f4,8c,8b,34,ee,b5,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-29 21:23:02
ComboFix-quarantined-files.txt 2013-04-29 19:23
.
Vor Suchlauf: 2.437.259.264 Bytes frei
Nach Suchlauf: 3.148.525.568 Bytes frei
.
- - End Of File - - 84C5095AA87E434E2F250EE5D1386A26
Und lieben Dank nochmal an dieser Stelle das du mir weiterhilfst Wäre nett wenn du mir noch erklärst was Delta-Search so anstellt? oder gibts da schon n Thread zu  Mfg eastpak24 |
|
30.04.2013, 09:59
| #7 |
| /// TB-Ausbilder | Delta-Search bin ich nu "sauber"? Servus, du hast bzgl. JRT und ComboFix alles richtig gemacht. keine Sorge. DeltaSearch ist an sich nicht gefährlich, aber einfach nur lästig. Es ist ein Browser Hijacker, verändert Startseiten. Zudem tritt es oft zusammen mit anderer unerwünschter Software oder Adware auf.  Ich sehe noch ein paar Reste der Adware, die wir noch entfernen müssen. Schritt 1 Combofix-Skript
Schritt 2 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Gibt es noch Probleme mit Delta-Search? Wenn ja, in welchem Browser? Bitte poste mit deiner nächsten Antwort
|
|
02.05.2013, 03:10
| #8 | |
| | Delta-Search bin ich nu "sauber"? Sers Matthias, Ich bins nochmal  Sorry, konnte die letzn 2 Tage nicht, hoffe du bist mir nich böse  Bin auch erst seit 2 Std @Home (Nachtschicht) Hat aufjedenfall alles geklappt, einzigste Änderung ist das ich die Combofix.txt lieber auf den Desktop abgespeichert hab, denn ich hatte doch auf C:\ComboFix.txt schon dieselbe ? oder überpeichert das automatisch? Hier die Combofix.txt Code:
ATTFilter ComboFix 13-05-01.03 - Kecky 02.05.2013 3:41.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8173.6414 [GMT 2:00]
ausgeführt von:: c:\users\Kecky\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Kecky\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-02 bis 2013-05-02 ))))))))))))))))))))))))))))))
.
.
2013-05-02 01:45 . 2013-05-02 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-30 13:31 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{621A9238-1922-434E-A2AD-3450F2FFE2FE}\mpengine.dll
2013-04-29 19:27 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-29 19:08 . 2013-04-29 19:08 -------- d-----w- c:\windows\ERUNT
2013-04-29 19:08 . 2013-04-29 19:08 -------- d-----w- C:\JRT
2013-04-29 01:22 . 2013-04-29 01:22 98 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-29 00:19 . 2013-04-29 00:55 -------- d-----w- c:\users\Kecky\AppData\Roaming\DVDVideoSoft
2013-04-28 22:04 . 2013-04-29 19:23 -------- d---a-w- c:\users\Users
2013-04-28 16:37 . 2013-04-28 16:37 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-04-28 16:37 . 2013-04-29 00:55 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-04-28 16:25 . 2013-04-30 02:36 -------- d-----w- c:\users\Kecky\AppData\Roaming\gtk-2.0
2013-04-28 16:24 . 2013-04-28 16:24 -------- d-----w- c:\users\Kecky\.thumbnails
2013-04-28 16:23 . 2013-04-30 02:36 -------- d-----w- c:\users\Kecky\.gimp-2.6
2013-04-28 15:35 . 2013-04-29 00:33 -------- d-----w- c:\users\Kecky\AppData\Roaming\vlc
2013-04-24 12:06 . 2013-04-24 12:06 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B70889D1-A75F-4B2A-9CCF-104BF59D36F5}\gapaengine.dll
2013-04-24 12:01 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-18 11:14 . 2013-04-18 11:14 -------- d-----w- C:\Fraps
2013-04-11 00:08 . 2013-02-21 10:30 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-04-11 00:08 . 2013-02-21 10:30 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-11 00:08 . 2013-02-21 10:15 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-04-11 00:08 . 2013-02-21 10:15 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-11 00:08 . 2013-02-21 10:14 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-04-11 00:08 . 2013-02-21 10:14 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-04-11 00:08 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-10 08:46 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 08:46 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 08:46 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 08:46 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 08:46 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 08:46 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 08:46 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 08:43 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 08:43 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 08:43 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 08:43 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 08:43 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 08:43 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 08:43 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-03 08:11 . 2013-04-12 13:03 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 00:09 . 2012-08-31 09:29 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-04-01 03:08 . 2013-04-01 03:08 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-01 03:08 . 2011-11-02 13:48 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-22 02:01 . 2013-03-22 02:01 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 02:01 . 2013-03-22 02:01 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-22 02:01 . 2013-03-22 02:01 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-22 02:01 . 2013-03-22 02:01 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-22 02:01 . 2013-03-22 02:01 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-22 02:01 . 2013-03-22 02:01 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-22 02:01 . 2013-03-22 02:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-22 02:01 . 2013-03-22 02:01 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-22 02:01 . 2013-03-22 02:01 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-22 02:01 . 2013-03-22 02:01 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-22 02:01 . 2013-03-22 02:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 02:01 . 2013-03-22 02:01 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 02:01 . 2013-03-22 02:01 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 02:01 . 2013-03-22 02:01 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-22 02:01 . 2013-03-22 02:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-22 02:01 . 2013-03-22 02:01 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-22 02:01 . 2013-03-22 02:01 441856 ----a-w- c:\windows\system32\html.iec
2013-03-22 02:01 . 2013-03-22 02:01 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-22 02:01 . 2013-03-22 02:01 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-22 02:01 . 2013-03-22 02:01 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-22 02:01 . 2013-03-22 02:01 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-22 02:01 . 2013-03-22 02:01 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-22 02:01 . 2013-03-22 02:01 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-22 02:01 . 2013-03-22 02:01 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-22 02:01 . 2013-03-22 02:00 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-22 02:00 . 2013-03-22 02:00 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-22 02:00 . 2013-03-22 02:00 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-22 02:00 . 2013-03-22 02:00 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-22 02:00 . 2013-03-22 02:00 235008 ----a-w- c:\windows\system32\url.dll
2013-03-22 02:00 . 2013-03-22 02:00 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-22 02:00 . 2013-03-22 02:00 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-22 02:00 . 2013-03-22 02:00 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-22 02:00 . 2013-03-22 02:00 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-22 02:00 . 2013-03-22 02:00 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-22 02:00 . 2013-03-22 02:00 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-22 02:00 . 2013-03-22 02:00 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-22 02:00 . 2013-03-22 02:00 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-22 02:00 . 2013-03-22 02:00 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 02:00 . 2013-03-22 02:00 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-22 02:00 . 2013-03-22 02:00 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-22 02:00 . 2013-03-22 02:00 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-22 02:00 . 2013-03-22 02:00 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-22 02:00 . 2013-03-22 02:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-22 02:00 . 2013-03-22 02:00 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-22 02:00 . 2013-03-22 02:00 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-22 02:00 . 2013-03-22 02:00 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-22 02:00 . 2013-03-22 02:00 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-22 02:00 . 2013-03-22 02:00 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-22 02:00 . 2013-03-22 02:00 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-02-12 05:45 . 2013-03-13 23:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 23:06 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 23:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 23:06 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 23:06 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 23:06 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 21:03 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\the elder scrolls v skyrim\steam.exe" [2013-04-19 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
.
c:\users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
2YourFace_Updater.lnk - c:\users\Kecky\AppData\Roaming\2YourFace\Updater.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-6 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4C3.tmp [2010-05-26 6144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-15 29472]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-15 32544]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-01 03:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-Fraps - c:\fraps\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4C3.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1185823F-F22F-4027-80E5-4F68ACD5DE5E}"=hex:51,66,7a,6c,4c,1d,38,12,51,81,96,
15,1d,bc,49,05,ff,f3,0c,28,a9,8b,9a,4a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f4,8c,8b,34,ee,b5,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-02 03:46:35
ComboFix-quarantined-files.txt 2013-05-02 01:46
ComboFix2.txt 2013-04-29 19:23
.
Vor Suchlauf: 3.297.529.856 Bytes frei
Nach Suchlauf: 3.234.299.904 Bytes frei
.
- - End Of File - - 4BBF109CA078320F9FD66115CA890CFD
und die OTL.txt Code:
ATTFilter OTL logfile created on: 5/2/2013 3:51:28 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kecky\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.98 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.97% Memory free 15.96 Gb Paging File | 14.14 Gb Available in Paging File | 88.58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 45.44 Gb Total Space | 3.10 Gb Free Space | 6.81% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 492.17 Gb Free Space | 52.84% Space Free | Partition Type: NTFS Computer Name: KECKY-PC | User Name: Kecky | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/04/29 14:53:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe PRC - [2013/04/19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013/04/19 23:10:48 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\The Elder Scrolls V Skyrim\Steam.exe PRC - [2013/04/12 15:03:33 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013/04/01 05:08:19 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe PRC - [2010/12/02 04:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe PRC - [2010/11/27 07:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010/11/10 21:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2010/11/03 19:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010/10/21 11:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010/10/06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/10/06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/12/23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe PRC - [2009/07/23 15:16:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe ========== Modules (No Company Name) ========== MOD - [2013/04/19 23:10:50 | 001,114,024 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\chromehtml.dll MOD - [2013/04/12 15:03:27 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/04/01 05:08:19 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013/03/27 02:16:40 | 020,341,672 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\libcef.dll MOD - [2013/03/26 00:23:34 | 000,651,776 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\SDL2.dll MOD - [2012/12/11 19:51:10 | 001,100,800 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avcodec-53.dll MOD - [2012/12/11 19:51:10 | 000,192,000 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avformat-53.dll MOD - [2012/12/11 19:51:10 | 000,124,416 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avutil-51.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/09/17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/04/19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/04/12 15:03:33 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/01 05:08:20 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/11/28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010/12/02 04:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc) SRV - [2010/11/03 19:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010/10/21 11:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010/10/06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/10/06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service) SRV - [2009/07/23 15:16:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/04/19 09:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/03 17:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/02/24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/09/23 10:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010/09/17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010/09/17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010/09/17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2010/09/14 12:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/07/01 16:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2010/05/26 11:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\4C3.tmp -- (MEMSWEEP2) DRV:64bit: - [2010/01/15 14:27:46 | 000,032,544 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2010/01/15 14:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) DRV:64bit: - [2010/01/15 14:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) DRV:64bit: - [2010/01/15 14:27:18 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/01/04 23:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp) DRV - [2005/01/03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011/05/06 19:17:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 15:03:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 15:03:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/24 17:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kecky\AppData\Roaming\Mozilla\Extensions [2013/04/29 21:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\extensions [2012/10/27 15:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/04/12 15:03:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/22 19:00:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/30 08:15:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/22 19:00:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/22 19:00:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/22 19:00:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/22 19:00:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013/05/02 03:45:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.) O4 - HKCU..\Run: [Steam] D:\The Elder Scrolls V Skyrim\steam.exe (Valve Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E796B2B2-CDAD-49E1-AA14-79017D1E8F87}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/02 03:50:27 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\OTL&Registri&Extra [2013/05/02 03:46:36 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/05/02 03:35:59 | 005,064,153 | R--- | C] (Swearware) -- C:\Users\Kecky\Desktop\ComboFix.exe [2013/04/29 21:15:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/04/29 21:15:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/04/29 21:15:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/04/29 21:15:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/29 21:15:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/04/29 21:08:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/04/29 21:08:21 | 000,000,000 | ---D | C] -- C:\JRT [2013/04/29 21:05:44 | 000,545,302 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Kecky\Desktop\JRT.exe [2013/04/29 14:53:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe [2013/04/29 02:19:03 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\DVDVideoSoft [2013/04/28 20:52:06 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\Bilder [2013/04/28 18:53:18 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Plugins [2013/04/28 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\DVDVideoSoft [2013/04/28 18:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013/04/28 18:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013/04/28 18:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013/04/28 18:25:10 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\gtk-2.0 [2013/04/28 18:24:17 | 000,000,000 | ---D | C] -- C:\Users\Kecky\.thumbnails [2013/04/28 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\gegl-0.0 [2013/04/28 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\Kecky\.gimp-2.6 [2013/04/28 17:35:37 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\vlc [2013/04/28 17:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/04/18 13:14:33 | 000,000,000 | ---D | C] -- C:\Fraps [2013/04/15 19:29:32 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Movie [2013/04/15 19:19:33 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Ordner 2013 [2013/04/11 02:09:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/11 02:09:04 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/11 02:09:03 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/04/11 02:09:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/04/11 02:09:03 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/04/11 02:09:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/04/11 02:09:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/04/11 02:09:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/04/11 02:09:03 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/04/11 02:09:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/04/11 02:09:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/04/11 02:09:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/11 02:09:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/11 02:09:00 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/11 02:09:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/10 10:46:54 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/04/10 10:46:54 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/04/10 10:46:54 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013/04/10 10:46:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013/04/10 10:46:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013/04/10 10:46:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013/04/10 10:43:30 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/04/10 10:43:30 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/04/10 10:43:30 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/04/10 10:43:29 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/04/10 10:43:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/04/10 10:43:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/02 03:45:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/05/02 03:39:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/02 03:39:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/02 03:37:50 | 001,529,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/02 03:37:50 | 000,665,562 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/05/02 03:37:50 | 000,627,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/02 03:37:50 | 000,133,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/05/02 03:37:50 | 000,110,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/02 03:37:09 | 005,064,153 | R--- | M] (Swearware) -- C:\Users\Kecky\Desktop\ComboFix.exe [2013/05/02 03:33:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/02 03:33:04 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys [2013/05/01 04:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/30 04:36:16 | 000,013,497 | ---- | M] () -- C:\Users\Kecky\.recently-used.xbel [2013/04/30 04:36:11 | 000,111,262 | ---- | M] () -- C:\Users\Kecky\Desktop\CazziAmariBearbeitung.xcf [2013/04/30 04:06:50 | 000,032,620 | ---- | M] () -- C:\Users\Kecky\Desktop\CazziAmari.jpg [2013/04/29 21:05:54 | 000,545,302 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Kecky\Desktop\JRT.exe [2013/04/29 15:21:29 | 000,377,856 | ---- | M] () -- C:\Users\Kecky\Desktop\gmer_2.1.19163.exe [2013/04/29 15:19:58 | 000,000,000 | ---- | M] () -- C:\Users\Kecky\defogger_reenable [2013/04/29 14:53:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe [2013/04/29 04:28:13 | 000,050,477 | ---- | M] () -- C:\Users\Kecky\Desktop\Defogger.exe [2013/04/29 04:02:45 | 000,628,743 | ---- | M] () -- C:\Users\Kecky\Desktop\AdwCleaner.exe [2013/04/29 03:22:59 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/04/29 02:55:11 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013/04/29 02:19:12 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013/04/28 21:00:45 | 000,002,121 | ---- | M] () -- C:\Users\Kecky\Desktop\Microsoft Security Essentials.lnk [2013/04/28 18:59:09 | 000,001,040 | ---- | M] () -- C:\Users\Kecky\Desktop\IV_Player - Verknüpfung.lnk [2013/04/28 18:37:46 | 000,001,243 | ---- | M] () -- C:\Users\Kecky\Desktop\DVDVideoSoft Free Studio.lnk [2013/04/28 18:23:29 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2013/04/28 17:14:48 | 000,000,655 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/04/11 11:38:25 | 000,417,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/07 02:37:45 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/30 04:36:16 | 000,013,497 | ---- | C] () -- C:\Users\Kecky\.recently-used.xbel [2013/04/30 04:36:11 | 000,111,262 | ---- | C] () -- C:\Users\Kecky\Desktop\CazziAmariBearbeitung.xcf [2013/04/29 22:14:44 | 000,032,620 | ---- | C] () -- C:\Users\Kecky\Desktop\CazziAmari.jpg [2013/04/29 21:15:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/04/29 21:15:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/04/29 21:15:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/04/29 21:15:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/04/29 21:15:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/04/29 15:21:25 | 000,377,856 | ---- | C] () -- C:\Users\Kecky\Desktop\gmer_2.1.19163.exe [2013/04/29 15:19:58 | 000,000,000 | ---- | C] () -- C:\Users\Kecky\defogger_reenable [2013/04/29 04:28:13 | 000,050,477 | ---- | C] () -- C:\Users\Kecky\Desktop\Defogger.exe [2013/04/29 04:02:24 | 000,628,743 | ---- | C] () -- C:\Users\Kecky\Desktop\AdwCleaner.exe [2013/04/29 03:22:54 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/04/29 02:55:11 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk [2013/04/29 02:19:12 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013/04/28 21:00:45 | 000,002,121 | ---- | C] () -- C:\Users\Kecky\Desktop\Microsoft Security Essentials.lnk [2013/04/28 18:59:09 | 000,001,040 | ---- | C] () -- C:\Users\Kecky\Desktop\IV_Player - Verknüpfung.lnk [2013/04/28 18:37:42 | 000,001,243 | ---- | C] () -- C:\Users\Kecky\Desktop\DVDVideoSoft Free Studio.lnk [2013/04/28 18:23:29 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2013/04/28 17:14:48 | 000,000,655 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/11/22 05:52:27 | 000,004,096 | -H-- | C] () -- C:\Users\Kecky\AppData\Local\keyfile3.drm [2012/01/02 09:09:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011/10/25 00:22:38 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI [2011/10/23 22:49:33 | 000,000,166 | ---- | C] () -- C:\Windows\WLP.ini [2011/05/06 18:54:22 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2011/05/06 18:53:41 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011/05/06 18:53:34 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll [2011/05/06 18:53:34 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011/05/06 18:53:34 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011/05/06 18:52:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011/05/06 18:47:11 | 000,008,949 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011/05/06 18:47:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/05/06 18:47:04 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2011/05/06 18:47:04 | 000,005,557 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > und zu guter letzt noch die Extra.txt Code:
ATTFilter OTL Extras logfile created on: 5/2/2013 3:51:28 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kecky\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7.98 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.97% Memory free
15.96 Gb Paging File | 14.14 Gb Available in Paging File | 88.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 45.44 Gb Total Space | 3.10 Gb Free Space | 6.81% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 492.17 Gb Free Space | 52.84% Space Free | Partition Type: NTFS
Computer Name: KECKY-PC | User Name: Kecky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0386CD1F-D82F-46BB-BF6B-828B157E8B82}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C0BCDF3-2229-4A23-93BF-591621AA61FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FADF6B8-9176-4F25-AF1A-CEEA38E0909D}" = rport=139 | protocol=6 | dir=out | app=system |
"{1925B6B6-631F-4BCB-8185-0FC2C47466AD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{338E34AB-16BB-48AF-B22A-6F2B03FDF3BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37B154A3-5250-4AFE-AD9C-40FA5E228714}" = rport=445 | protocol=6 | dir=out | app=system |
"{3810DC4D-BAF5-41B4-AFF1-AF4BB2457A8E}" = lport=138 | protocol=17 | dir=in | app=system |
"{3B3B386E-4127-4A67-BAB7-54C1B0CACB0A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{463F4E2E-2BF7-44FD-9F87-CE3C475A6B72}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C330739-25C9-4CAF-BEC7-CE618B6EE12B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{634A59D9-7839-48BC-A52B-B9AB743297A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{81A39940-A3E9-46BE-8E0F-23FDCADBADE2}" = rport=137 | protocol=17 | dir=out | app=system |
"{850A67EA-F4C8-4DDD-8C89-8160A5D509C1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{934A89AD-B481-433E-A8FA-C93E27EE6671}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96AABC30-B7BC-47DF-A360-69A5A07F2872}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BCB96FE-B66F-439E-9491-946D8D5CD0B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BCCE45E-AB81-4DF8-92BA-9E774AF93090}" = lport=445 | protocol=6 | dir=in | app=system |
"{B6059378-474E-44C2-A8EE-6E0EAE3F8A8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B761A781-7CA9-4BA4-B999-D83E004AED5A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C9DD9E78-03DE-4E2F-ADC6-A9640DDD6C8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E33416E2-3B7A-4BD0-9C9C-67D4DEA4F689}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F387FDF3-BBDC-43AC-ABA3-E6988F162D40}" = lport=139 | protocol=6 | dir=in | app=system |
"{FC98107C-A4A0-4F6D-9B57-6FA1A69E56AB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088B353E-A8EF-4F37-8D30-8243A17B012D}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{0E835E25-94B5-46A9-AAD6-62AEA0FA923A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{0F916AAB-0146-45BB-9F90-E05353C71A4B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1043BE92-A1BA-4FFB-A593-EF1EF50A7B56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{112BFE27-B88A-499F-B96F-C261C8C908AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{134B205E-5619-4736-A33D-72384219ACF9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{169FE2E9-A1A9-4695-9B84-242911485369}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{1C4A6667-DAF6-42D0-807F-9F6D25BEC81F}" = protocol=6 | dir=in | app=d:\the elder scrolls v skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"{1D9408B3-F504-43F6-BA55-7AA4403E8F7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1EDC16A7-E855-4751-9808-44DA400AC877}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{29F23642-E484-47CD-8B88-A71FE23BD3F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{31150389-657D-4A3E-BA8F-4C91B277A077}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{3E10EC4D-D219-4989-B18F-472C8DE89024}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4124FB86-1452-4D86-8A7B-410F8768E573}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{46E948B5-A4FC-4421-86D9-B1821D98A7DE}" = protocol=6 | dir=out | app=system |
"{477E0412-50F9-44FB-900A-46100B5A7004}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{4BFA3BA1-90C0-4B00-B21A-61DEF722BA34}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{4C422458-A9BC-45BB-97C5-B1F978186BA0}" = protocol=17 | dir=in | app=c:\users\kecky\appdata\roaming\2yourface\updater.exe |
"{5302029D-ACED-44F1-B4D7-5CF82856B7BA}" = protocol=17 | dir=in | app=d:\the elder scrolls v skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"{55C1E1C1-9B91-4798-ADF9-07A28D8DCFF6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{62AD5D0D-A9AB-44F5-9DCA-0AA8BE6CEAD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{69703DAC-5167-4062-BEC6-F55B4E2C693D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73E1532B-C011-441E-9E7D-F5F598B08D35}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{7BA77C9F-21E5-4B65-B393-F21B8BAE74E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{854CC4BE-0E33-4606-8171-3E80E9494D0A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{884BA2FE-041B-4728-AAFA-00F3898BC968}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{8962DBE4-9D34-475A-9ACE-FDA8B53121CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9182A833-859F-47FE-BF66-985EC388C578}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{965D2F90-AB8D-46CD-B965-943D2DFF7A1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9A5FDC38-07B3-462F-9435-3AAB1FEFE7DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A21C6DEF-C86B-4530-87EC-252334FA3A54}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{AAD0A0EF-E86A-462D-9695-9939C99F0AD5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B030928E-333D-4C03-9E35-E1696C9FBD01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF55F325-3672-4A60-8E3E-A47FD921F9C6}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{C21ADCCF-9F10-42F4-8600-23F8961FC7AD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{C432E615-D21D-46A6-AA45-17EE7A900EE1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{C4BD0487-D506-4866-842F-58D874F66260}" = protocol=17 | dir=in | app=d:\the elder scrolls v skyrim\steam.exe |
"{C8B7065B-6312-4E3C-8280-83EC28C3FD0E}" = protocol=17 | dir=in | app=d:\diablooooo\diablo iii\diablo iii.exe |
"{C9C3F548-36B8-4306-8572-30E725A37314}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CAA92511-9FDB-484B-8079-351879910F1C}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{CD5AEEA6-14D9-4725-B27C-D7A1DD905E17}" = protocol=6 | dir=in | app=d:\the elder scrolls v skyrim\steam.exe |
"{D47BF837-FBEB-4918-9B01-2789FAA337B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DAE44E19-8FBC-4DA5-8982-01654AC5FDB2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{E0529AFC-2E7B-4EF3-9BA7-788EEB7D3340}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{E3A3D9D5-7D0D-4753-927C-0E5D2D2818B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEEF5903-16D5-4110-A306-7CA1E304E88D}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{F3D9C09C-B3D9-484C-BCDF-6B132DAC143B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F9DFFD89-72E5-46F4-B61C-22A4EABFD36F}" = protocol=6 | dir=in | app=c:\users\kecky\appdata\roaming\2yourface\updater.exe |
"{FAD4F571-059F-48BB-B8DC-1581D24523EE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{FB103DA0-F838-46FB-895D-01EB0E10C742}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB927191-9114-4A02-A186-34F93249F8AB}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{FDF8D6E5-1120-4E83-B983-0CDCB573C8DF}" = protocol=6 | dir=in | app=d:\diablooooo\diablo iii\diablo iii.exe |
"TCP Query User{123E810B-EC72-4EFA-9C14-309DB6768D7B}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{2B82CAEB-E199-4DDF-94F4-FDDD4F7E148D}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{6E4229DA-1AD6-4D77-A656-AA5DD4472E6E}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{7A993C27-A8C0-4E55-88C4-1D78DFBB8025}D:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"TCP Query User{8E2E4412-E7D1-4BEC-9E77-0884ED187F74}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{9852667B-A9B0-469B-AD39-F5A8011BBD24}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{9FA5C62E-CC7B-411D-9544-1F92A1C03EA8}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{AC2431E7-F6B2-4E10-B63E-54E81CB3B143}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{ACED9FD3-446F-41B6-8A56-FE10C808B886}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{B1927DB4-2CC6-4911-83ED-525550FA9A36}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{B6D1D6CE-1E2E-4746-B78D-1301D068E738}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{BBC66214-8793-4471-988B-65D71328220D}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{E23E6333-EDAF-4FFB-A44F-86FA5B3CE827}D:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{F6032BE0-5F1C-43EB-AFE1-00DC8E34F9AA}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{1E8BF838-1E97-4828-808A-4444DE19FF47}D:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"UDP Query User{221029D8-5F8D-42E5-8364-0320452D69D3}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{2F07FC19-BAC7-4C91-AB5C-8573B69CE476}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{45EDC978-9C18-403C-94B3-0E2ED8C3A573}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{54CC63C5-41E5-4A4D-BFB4-BF8CAEE87ED6}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{5F4C353D-7115-4007-B246-F1EB04B285DC}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"UDP Query User{77A1EDD2-8F12-4E08-B4F3-FFB5AB9F8E2E}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{8C541F62-295D-499B-9A0E-E7A9B96310AB}D:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{C7FB8A7F-7010-4276-A7F9-2999F7D84D67}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{CF5E2D36-D5C7-4A24-A723-EA766911A572}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{D2F8BDEB-9FFB-4C17-B227-49E2F9131CCC}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F7DB1FB6-1EF4-4247-B082-099B5F25C777}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{FB399FF7-2AA1-4053-9427-D3EB77E87E0A}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{FEFC9D8F-EC21-4E7F-A4D4-1CDFC90D481D}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.29
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.29
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard
"{12e3104b-7dc7-4ad5-9ea7-411d2955904b}" = Nero 9 Essentials
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40FDC018-23A6-4618-B30A-A8EFCAA22A3D}" = Wildlife Park
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"Audacity_is1" = Audacity 2.0.2
"AV Voice Changer Software 7.0" = AV Voice Changer Software 7.0
"Diablo III" = Diablo III
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.426
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.426
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"StarCraft II" = StarCraft II
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"World of Warcraft" = World of Warcraft
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/30/2013 9:21:59 AM | Computer Name = Kecky-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/1/2013 9:34:58 PM | Computer Name = Kecky-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 4/29/2013 3:18:15 PM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 4/29/2013 3:20:40 PM | Computer Name = Kecky-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 4/29/2013 3:21:20 PM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 5/1/2013 9:43:04 PM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 5/1/2013 9:43:35 PM | Computer Name = Kecky-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.907.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9402.0 Fehlercode:
0x8024402c Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 5/1/2013 9:44:59 PM | Computer Name = Kecky-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 5/1/2013 9:44:59 PM | Computer Name = Kecky-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 5/1/2013 9:45:22 PM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
Soweit alles in Ordnung? is mein PC nun clean? Was ich noch sagen wollte ... was liest du aus den logs den genau raus? Ich erkenn zwar meinen Speicher diverse Ordner & Zeitangaben aber dann is auch schon Schluss.Da merkt man erst wie unwissend man doch ist und in mir kommt son Gefühl hoch und das nervt mich abgrundtief, vllt besuch ich mal einen Kurs und eigne mir die wichtigsten Sachen an. Zitat:
) Startseite markiert war hab's ja dann per Systemsteuerung > Delta Search, deinstalliert gehabt und dann waren alle beschwerden weg aber wie heißt es so schön?- Wenn die Symptome weg sind bedeutet das noch lange nicht, dass es auch wirklich weg ist.Hab nur ein Problem, die Beiträge abschicken brauchen EWIGKEITEN fast 2min bis die Änderungen gespeichert sind der Rest Google aufmachen, downloadn, Vids angucken geht wie gewohnt schnell 2.) Ich benutze nur Firefox Achja ehm hab mal bei Microsoft Security Essentials geguckt und unter Verlauf was gefunden vllt ist das ja von Bedeutung? AdwareWin32/OpenCandy - Warnstufe: Mittel Hatte das Ding total vergessen, hoffe es ist nichts schädliches? mfg eastpak24 Geändert von eastpak24 (02.05.2013 um 03:51 Uhr) |
|
02.05.2013, 10:19
| #9 | |||||
| /// TB-Ausbilder | Delta-Search bin ich nu "sauber"? Servus, Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
O4 - Startup: C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk = File not found
:files
C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk
:Commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
02.05.2013, 14:55
| #10 |
| | Delta-Search bin ich nu "sauber"? Sers Matthias, ESET Online Scanner löschen? FRAGE wieso? vertrauste dem Zeug nicht? Ich denk mal das der Scanner von vielen GameGuard's als Bedrohung erkannt wird? und man Account bann verdonnert bekommt? Darauf hab ich natürlich noch eine Frage und zwar soll ich Adwcleaner, ComboFix, JRT, Defogger, OTL SecurityCheck & Malwarebyte komplett wieder löschen? oder wird das nicht als Bedrohung erkannt "nur" der Eset Scanner? (falls meine Theorie überhaupt stimmen sollte) ESET hat fast 2Std gebraucht  , liegt bestimmt an dem zu vollem Speicher? -kurz noch zu ESET weil ich da was nich gepeilt hab
??Wieso Explorer öffnen  versteh ich nicht , hab einfach die beiden Schritte übersprungen.Hier die OTL C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk moved successfully.
========== FILES ==========
File\Folder C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kecky
->Temp folder emptied: 483134 bytes
->Temporary Internet Files folder emptied: 5983458 bytes
->FireFox cache emptied: 75322252 bytes
->Flash cache emptied: 33973 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Users
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5336 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 78.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05022013_131018
Files\Folders moved on Reboot...
C:\Users\Kecky\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Also hab 1x txt und 1x Ordner mit dem selben Namen in dem Ordner hier C:\_OTL\MovedFiles\ (MovedFiles) Malewarebyte.txt Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.02.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Kecky :: KECKY-PC [Administrator] Schutz: Aktiviert 02.05.2013 13:26:01 mbam-log-2013-05-02 (13-26-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 224905 Laufzeit: 1 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET Online Scanner.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=06fc072cefb7ce42b061b317f239925f
# engine=13739
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-02 01:02:54
# local_time=2013-05-02 03:02:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 15896231 119129624 0 0
# scanned=239245
# found=0
# cleaned=0
# scan_time=4707
 Security-checkup.txt Code:
ATTFilter Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Trend Micro Titanium Internet Security Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Sophos Anti-Rootkit 1.5.4 Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.6.602.180 Mozilla Firefox (20.0.1) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Trend Micro Titanium TiMiniService.exe Trend Micro Titanium TiResumeSrv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` mfg eastpak24 |
|
02.05.2013, 17:20
| #11 | ||||
| /// TB-Ausbilder | Delta-Search bin ich nu "sauber"? Servus, Zitat:
Zitat:
 Zitat:
Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast: Code:
ATTFilter Trend Micro Titanium Internet Security
Microsoft Security Essentials
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Schritt 2
Schritt 3 Deine Version von Adobe Flash Player ist veraltet. Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
Schritt 4 Sofern verwendet, starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 5 Downloade dir bitte delfix auf deinen Desktop.
Schritt 6 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von Registry Cleanern. Diese Schaden deinem System mehr als dass sie helfen. Hier ein paar ( englische ) Links: Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
02.05.2013, 21:22
| #12 | |||
| | Delta-Search bin ich nu "sauber"? Sers Hab mich für Microsoft Security Essentials entschieden, Trend Micro Titanium Internet Security war zwar von anfang an auf dem Pc aber war nur eine Demo Version es sei den du empfiehlst mir bessere Anti-Virus-Programme, kenn mich mit dem Zeug ja wie schon öfter's erwähnt nicht aus, wäre nett wenn du was empfehlen könntest. Zitat:
War dauernd der Meinung umso mehr umso besser. Nehmen wir nochmal das beispiel mit dem Torwart, stell dir vor in einem Tor stehen 20 Torhüter, na? wie will da ein Ball durch, der prallt doch sauber ab die müssen sich noch nicht mal bewegen/konzentriern Jetz erkennst du vllt auch mein Problem und wieso mein Speicher so voll ist, kann mich einfach schlecht davon trennen war auch kurz vorm durchdrehn als ich die Tools die wir die letzen 2 Seiten benutzt haben entfernen musste, ich denk immer so OHA geiles Programm muss ich aufjedenfall behalten weil es mir weiterhilft, und schaden kann es ja nicht Hab 2 Sachen gefunden.
Hab die 2 Sachen aufjedenfall empfohlen bekommen und deshalb mir gezogen, vllt kannst du mir dazu ja mehr erzähln? Hab mir eben auch WOT gezogen aber nicht von dort wo ich's sollte, sondern von der offizielen Mozilla Seite wo auch die anderen beiden Addons zu finden waren. Die Seite die du mir empfohlen hast war mir..mir, wie soll ich sagen bissl komisch hab auf download gedrückt dann kam oben in der leiste Firefox blockiert bla und das ich es "Erlauben" soll > meine Reaktion erstmal das Face hier und dann sofort X gedrückt ich wurde auf die Seite www.mywot.com oder so hieß das umgeleitet Zitat:
Würde noch gern mehr schreiben aber diese Browser-Addons lassn mich gleich vor Wut explodiern kann nur 3 Smileys und nicht Fett schreiben wird alles geblockt  bevor ich mich verabschiede VIELEN VIELEN DANK für deine mühen + Geduld ich glaub bin jetz um einiges schlauer (nehm ich an )*Edit Zitat:
Hab dir PM geschrieben hoffe du hast die bekommen, ka bugt wegen den Addon's 5x abschicken gedrückt un nix hat sich getan mfg eastpak24 Geändert von eastpak24 (02.05.2013 um 22:17 Uhr) |
|
03.05.2013, 15:16
| #13 | |||||
| /// TB-Ausbilder | Delta-Search bin ich nu "sauber"? Servus, Zitat:
Eines muss dir nur klar sein: Kein AV Tool erkennt 100% der Malware. Zitat:
Zitat:
Sophos-Anti-Rootkit ist an sich nicht schlecht, nur was bringt es dir faktisch? Wenig. Kannst du entfernen. Zitat:
Zitat:
"Spiel" ein wenig mit den Erweiterungen und du wirst dahinter kommen, wie sie funktionieren. [QUOTE=eastpak24;1055493] verändert das nur meine eigene Startseite oder komplett alle Startseiten die im Web zu finden sind? z.b. facebook /QUOTE] deine eigene Startseite wird verändert. Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Delta-Search bin ich nu "sauber"? |
| appdata, browser, converter, datei, dateien, explorer, file, firefox, google, home, internet, internet browser, internet explorer, langsam, löschen, mozilla, neustart, ordner, programm, registrierungsdatenbank, rückgängig, security, seite, startseite, suche, systemsteuerung, windows, youtube |
Textbox.
Linear-Darstellung
