|
Plagegeister aller Art und deren Bekämpfung: Bundestrojaner Virus :-(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.05.2013, 16:56 | #1 |
| Bundestrojaner Virus :-( Hallo zusammen, jetzt bin ich auch infiziert^^ beim starten erscheint die Seite vom Bundesinformations Ministerium. Abgesicherter Modus funktioniert, habe dort mal bei c: nach *.exe gesucht um die neuste ausgeführte datei zu finden. es war eine rundll32.exe, hab sie gelöscht aber immer noch erscheint der Bildschirm beim starten :-( hier mal die OTL.txt und extras.txt Code:
ATTFilter OTL logfile created on: 15.05.2013 17:28:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dietrich Maier\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,44 Gb Available Physical Memory | 86,08% Memory free 7,99 Gb Paging File | 7,45 Gb Available in Paging File | 93,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,45 Gb Total Space | 53,38 Gb Free Space | 45,84% Space Free | Partition Type: NTFS Drive D: | 327,83 Gb Total Space | 156,47 Gb Free Space | 47,73% Space Free | Partition Type: NTFS Computer Name: LAPTOP_CHEF | User Name: Dietrich Maier | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.05 22:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dietrich Maier\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2010.03.30 16:12:23 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.12.08 02:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.04.12 16:54:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.30 11:01:58 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.30 10:59:22 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.15 13:21:12 | 000,075,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.03.13 19:57:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.26 23:08:58 | 000,109,064 | ---- | M] (Wajam) [Auto | Stopped] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.07.27 02:44:03 | 000,137,680 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.30 11:03:09 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.30 11:03:09 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.30 11:03:09 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.03.05 12:38:23 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.04.23 21:30:18 | 000,033,160 | ---- | M] (WeOnlyDo Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wod0205.sys -- (wod0205) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.21 07:33:49 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.04.08 10:11:59 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.30 16:46:01 | 006,657,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.03.30 15:23:33 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.04 11:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.02.09 12:19:13 | 001,586,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.12.28 08:16:45 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.12.22 12:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.12.07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.10.07 09:13:33 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 09:13:33 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.08.20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 19:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.05.05 04:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.12.08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3137782971-2541216231-2765892238-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-3137782971-2541216231-2765892238-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.apeha.ru IE - HKU\S-1-5-21-3137782971-2541216231-2765892238-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3137782971-2541216231-2765892238-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3137782971-2541216231-2765892238-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 16:54:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.02.14 17:41:10 | 000,037,909 | ---- | M] () [2013.03.05 12:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dietrich Maier\AppData\Roaming\mozilla\Extensions [2013.05.02 19:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dietrich Maier\AppData\Roaming\mozilla\Firefox\Profiles\12usuthg.default\extensions [2013.05.02 19:51:21 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Dietrich Maier\AppData\Roaming\mozilla\firefox\profiles\12usuthg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.04.12 16:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 16:54:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.05 12:43:19 | 000,000,976 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3137782971-2541216231-2765892238-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3137782971-2541216231-2765892238-1001..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-3137782971-2541216231-2765892238-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-3137782971-2541216231-2765892238-1001..\Run: [ctfmon.exe] C:\ProgramData\hlqe6z.dat () O4 - HKU\S-1-5-21-3137782971-2541216231-2765892238-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-3137782971-2541216231-2765892238-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16B86149-1BE4-4DEF-9566-390EF5F41EEA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{046f143e-8581-11e2-be87-485b399bb3da}\Shell - "" = AutoRun O33 - MountPoints2\{046f143e-8581-11e2-be87-485b399bb3da}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{1eaed68d-aa8f-11e2-9ecb-485b399bb3da}\Shell - "" = AutoRun O33 - MountPoints2\{1eaed68d-aa8f-11e2-9ecb-485b399bb3da}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{1eaed6a3-aa8f-11e2-9ecb-485b399bb3da}\Shell - "" = AutoRun O33 - MountPoints2\{1eaed6a3-aa8f-11e2-9ecb-485b399bb3da}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{1eaed6af-aa8f-11e2-9ecb-485b399bb3da}\Shell - "" = AutoRun O33 - MountPoints2\{1eaed6af-aa8f-11e2-9ecb-485b399bb3da}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.15 17:26:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dietrich Maier\Desktop\OTL.exe [2013.05.15 17:14:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.05.08 11:34:31 | 000,000,000 | ---D | C] -- C:\Users\Dietrich Maier\Desktop\Vanessas Geschenk [2013.05.06 11:58:24 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.02 03:01:28 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2013.04.30 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Dietrich Maier\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} [2013.04.30 17:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ [2013.04.30 17:47:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2013.04.30 17:47:35 | 000,000,000 | ---D | C] -- C:\Users\Dietrich Maier\AppData\Roaming\Canon [2013.04.29 18:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2013.04.29 18:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool [2013.04.29 18:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.04.29 18:47:32 | 000,315,392 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC410L.dll [2013.04.29 18:47:32 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC410U.dll [2013.04.29 18:47:32 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll [2013.04.29 18:47:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX [2013.04.29 18:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2013.04.29 18:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX410 series Benutzerregistrierung [2013.04.29 18:46:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.04.29 18:45:57 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2013.04.29 18:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX410 series [2013.04.29 18:45:26 | 000,374,784 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAL.DLL [2013.04.29 18:45:21 | 000,302,080 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNCALAL.DLL [2013.04.29 18:45:13 | 000,248,320 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMIUAL.DLL [2013.04.29 18:45:05 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.04.29 18:44:55 | 000,328,192 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6PPM.DLL [2013.04.29 18:44:55 | 000,037,376 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6UI.DLL [2013.04.29 18:44:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING [2013.04.29 18:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.04.21 16:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surf & E-Mail-Stick [2013.04.21 16:31:12 | 000,246,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys [2013.04.21 16:31:12 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013.04.21 16:31:12 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys [2013.04.21 16:31:12 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2013.04.21 16:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Surf & E-Mail-Stick [2013.04.17 15:05:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun ========== Files - Modified Within 30 Days ========== [2013.05.15 17:26:54 | 001,686,488 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.15 17:26:54 | 000,724,078 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.15 17:26:54 | 000,676,610 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.15 17:26:54 | 000,158,354 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.15 17:26:54 | 000,130,020 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.15 17:18:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.15 17:18:30 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys [2013.05.15 17:17:23 | 095,023,320 | ---- | M] () -- C:\ProgramData\z6eqlh.pad [2013.05.15 17:16:09 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.15 17:16:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.15 17:15:35 | 000,001,031 | ---- | M] () -- C:\Users\Dietrich Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013.05.15 17:14:50 | 000,000,152 | ---- | M] () -- C:\ProgramData\z6eqlh.reg [2013.05.15 17:14:50 | 000,000,056 | ---- | M] () -- C:\ProgramData\z6eqlh.bat [2013.05.15 17:14:20 | 000,126,976 | ---- | M] () -- C:\ProgramData\hlqe6z.dat [2013.05.15 17:14:20 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.05.15 17:14:05 | 000,126,976 | ---- | M] () -- C:\Users\Dietrich Maier\8685121.dll [2013.05.15 17:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.15 09:32:29 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.15 09:32:29 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.15 09:25:04 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.05.15 09:24:49 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2013.05.14 20:15:33 | 000,000,000 | ---- | M] () -- C:\END [2013.05.12 19:37:12 | 000,000,080 | ---- | M] () -- C:\Windows\wiso.ini [2013.05.10 11:33:19 | 000,031,211 | ---- | M] () -- C:\Users\Dietrich Maier\Desktop\Ueberweisung.png [2013.05.07 20:54:51 | 002,300,127 | ---- | M] () -- C:\Users\Dietrich Maier\Desktop\spende.jpg [2013.05.07 20:27:34 | 000,214,193 | ---- | M] () -- C:\Users\Dietrich Maier\Desktop\front.jpg [2013.05.07 20:27:20 | 000,263,252 | ---- | M] () -- C:\Users\Dietrich Maier\Desktop\back.jpg [2013.05.06 11:58:11 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 17:25:53 | 000,002,240 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.04.30 17:25:51 | 000,001,373 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.04.18 20:51:36 | 000,000,132 | ---- | M] () -- C:\Users\Dietrich Maier\AppData\Roaming\Adobe PNG Format CS5 Prefs ========== Files Created - No Company Name ========== [2013.05.15 17:15:35 | 000,001,031 | ---- | C] () -- C:\Users\Dietrich Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013.05.15 17:14:50 | 000,000,152 | ---- | C] () -- C:\ProgramData\z6eqlh.reg [2013.05.15 17:14:50 | 000,000,056 | ---- | C] () -- C:\ProgramData\z6eqlh.bat [2013.05.15 17:14:49 | 095,023,320 | ---- | C] () -- C:\ProgramData\z6eqlh.pad [2013.05.15 17:14:20 | 000,126,976 | ---- | C] () -- C:\ProgramData\hlqe6z.dat [2013.05.15 17:14:05 | 000,126,976 | ---- | C] () -- C:\Users\Dietrich Maier\8685121.dll [2013.05.10 11:33:19 | 000,031,211 | ---- | C] () -- C:\Users\Dietrich Maier\Desktop\Ueberweisung.png [2013.05.07 20:51:37 | 002,300,127 | ---- | C] () -- C:\Users\Dietrich Maier\Desktop\spende.jpg [2013.05.07 20:27:32 | 000,214,193 | ---- | C] () -- C:\Users\Dietrich Maier\Desktop\front.jpg [2013.05.07 20:27:19 | 000,263,252 | ---- | C] () -- C:\Users\Dietrich Maier\Desktop\back.jpg [2013.04.29 18:47:32 | 000,015,104 | ---- | C] () -- C:\Windows\SysWow64\CNC174ED.TBL [2013.04.15 18:36:43 | 000,000,132 | ---- | C] () -- C:\Users\Dietrich Maier\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013.03.29 21:49:56 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2013.03.29 21:49:56 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2013.03.29 21:49:56 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\vp6install.exe [2013.03.15 13:21:36 | 000,233,960 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.15 13:21:12 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.06 18:08:52 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini [2013.03.05 13:14:15 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat [2013.03.05 13:06:33 | 001,713,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.26 21:14:25 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.05.2013 17:28:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dietrich Maier\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,44 Gb Available Physical Memory | 86,08% Memory free 7,99 Gb Paging File | 7,45 Gb Available in Paging File | 93,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,45 Gb Total Space | 53,38 Gb Free Space | 45,84% Space Free | Partition Type: NTFS Drive D: | 327,83 Gb Total Space | 156,47 Gb Free Space | 47,73% Space Free | Partition Type: NTFS Computer Name: LAPTOP_CHEF | User Name: Dietrich Maier | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3137782971-2541216231-2765892238-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0936C7B2-32E2-4253-B6AD-3020519000DE}" = rport=139 | protocol=6 | dir=out | app=system | "{0DA56ECA-97A5-492F-BAC8-FDB9EA149CFB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{14F439F5-D5B3-4DEE-AF49-23B41F064759}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{151E90A2-EEB3-4851-8836-EF4CDC7E84C5}" = lport=137 | protocol=17 | dir=in | app=system | "{17C75DE2-4B4C-4127-A0F7-4BF41235EA1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{31197B44-E268-4095-B9DB-02811C73351C}" = lport=10243 | protocol=6 | dir=in | app=system | "{381F7A06-A17B-4A50-B73D-83D21E8A4C3E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5B8B6BD1-025D-45B5-936B-8682CFFED84E}" = rport=138 | protocol=17 | dir=out | app=system | "{5C7A23D6-3D4C-4436-B31E-D36BA9795D00}" = lport=2869 | protocol=6 | dir=in | app=system | "{66957098-9EDA-4501-A551-5C52604C60CF}" = rport=10243 | protocol=6 | dir=out | app=system | "{70F58A66-9861-473E-B95E-0082A68B210D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7AC1E5AB-43B3-4D35-8DAC-77406507031E}" = lport=139 | protocol=6 | dir=in | app=system | "{7FC49017-0954-445E-9951-16858BA143A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{844B6A48-944F-40ED-8F50-10FDB68A6CE9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{90BF099A-744E-423C-8B61-35008BB753AA}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{9C30D298-E369-4E4D-8CF4-22F83C1F47E7}" = lport=2869 | protocol=6 | dir=in | app=system | "{BEC6593B-EB80-4074-AB03-D2CA7B73B852}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF699A0F-DA1C-4A90-975F-ABFBFEB9A88A}" = rport=445 | protocol=6 | dir=out | app=system | "{D15B7DA5-649F-4004-928C-0B2993289508}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DA84A9CC-1536-4DD5-99EE-09381C7C35EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E6E09B9A-6F7E-4333-8958-0F15F04EA378}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{EA1C063B-54DE-4E7D-ACDF-731B27AE8564}" = lport=445 | protocol=6 | dir=in | app=system | "{EB177380-F342-48BB-97B8-EC8CEF366147}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EE530825-48C5-4DF7-982C-AD230974AF92}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{F732E46E-5BC9-454D-A787-172BA4ADFB16}" = lport=138 | protocol=17 | dir=in | app=system | "{FE78D8C6-86E3-40A6-9578-9A1AE5F50A66}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{024FBB30-DBE1-4CC4-9BF0-CB70B55320C3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{08472460-7475-40D1-A4C6-0D89365BFD7F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{0CF7FEE3-CAC4-4EDB-80A7-351673ACCFC2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{175B87C4-7FB2-4279-9D69-F315F15D8032}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1867E0C1-4777-470D-B883-6416A0CBB891}" = protocol=6 | dir=in | app=c:\program files\wippien\wippien.exe | "{19E16409-8C35-4838-9C75-382BFF7D3141}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{26B0AD89-0665-4C24-91C2-C8DCC38A085A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2B8F3CFB-4DA4-42C4-9135-AD50FDE87FCC}" = protocol=6 | dir=in | app=c:\program files\wippien\wippien.exe | "{2DCF5CBB-7EDE-4F42-953A-CAFE50AA7C19}" = protocol=17 | dir=in | app=c:\program files\wippien\wippien.exe | "{30721A66-F685-4FC7-8B55-17405B13D0C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{49A5C878-910C-46A7-9920-CC200CF08A64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{574DA83A-8108-4DAB-A9D3-E57D410D43BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5BD98F47-8B67-4228-9A62-F024E5B96D48}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{60F91258-A504-4128-8C16-4B9EAF795263}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{646D69B4-26DB-4B4C-A84B-EDD383D1F325}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{655C417B-428A-47F8-8D41-65C56C23453F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{72C6E0B2-F2C0-460B-A4BA-92ADBFAF4A7F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{848F395E-73A4-46E4-A15F-91A99DFA6CD5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{84BFF60D-F53F-47C7-832F-6A925E5FFC3A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{851CD882-6594-4852-AC2A-B9A465578332}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8A748C5F-EF73-426C-9E30-8E18C394A7DA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{95BC4B3E-AE9C-485F-A449-600D1D4AA9C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9772DAE1-E3C5-4D18-BE52-F2503305A4FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{980A57FD-C53B-4F6C-932A-90EAA482ACDB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9CF635BE-4FE0-41EE-890C-86971DE562BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AD22A316-CA70-4C13-A428-E84018DA439D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE5BD370-C1E8-4FD7-9CFC-90D96A3C8A46}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{AF39F535-3A2D-48EF-8B60-6A5E8A34917A}" = protocol=6 | dir=out | app=system | "{B2BFC91B-645C-4C89-AF4A-F66F2335A1A6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{B7FA1FA2-6DFE-44DA-8BD0-5B7334FFB95F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{C1C39C02-CEA0-4310-A242-6C647BA29989}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C4B34397-A212-46B8-888D-AC514B7020D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C57C8CBC-8FA2-499D-A0D8-3CAC3E424CB8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{C8AB3EFB-C3D2-49A3-90B1-185D1D0CAF36}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C8E73557-77C6-497D-9DE9-836F7BAFCEBB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C8F98228-0C59-4A93-A5E3-95B00E56568B}" = protocol=17 | dir=in | app=c:\program files\wippien\wippien.exe | "{D92E5F1E-88DD-4DED-86A3-9F4A6466A369}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D9D34B55-B19E-49BD-A120-695E37D4177A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{DA5E6FB5-0375-433D-93A0-8CE714C88620}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E4A7CD36-B448-4C75-8FD9-273204D51843}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{E8B2D46F-02A0-4BE1-9E0E-9467D0F11A6B}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{EDBCFAEC-20A0-478D-9F73-ECC0D58737D1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{EE1E112A-A2A8-4126-A811-949CE2D53FAE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{EFF4DA88-DF01-473D-A233-F520265E14AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{F0A649EF-9156-4D99-8F34-F9148EEC4B9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F867F728-CFDB-4107-907F-B00912B59BA8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "TCP Query User{1EDC95E7-D18D-4253-8ABE-6610BE4B121B}C:\games\cs 1.6 navi\cs 1.6\navi cs 1.6\hl.exe" = protocol=6 | dir=in | app=c:\games\cs 1.6 navi\cs 1.6\navi cs 1.6\hl.exe | "TCP Query User{2CA17178-43CD-4AA6-ACDA-B917B99F95FE}D:\cod\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\cod\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{2DD23BF1-6169-42D6-A1F9-1D9C2E9C4A86}C:\games\cs\hltv.exe" = protocol=6 | dir=in | app=c:\games\cs\hltv.exe | "TCP Query User{5E2BB0C1-59EB-4923-B7D4-DE5AB5767617}C:\program files (x86)\command and conquer generals\game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\command and conquer generals\game.dat | "TCP Query User{662CAEDC-D91E-4173-BE46-02E5E25FB4D5}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "TCP Query User{7C97014B-E020-47D5-9E08-034B77E6D508}D:\cod\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\cod\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{99AB0D6B-C644-40D4-B30E-2FD329918B3B}C:\program files (x86)\command and conquer generals\game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\command and conquer generals\game.dat | "TCP Query User{BBBC4BFC-658E-412A-9C4C-9BE4838CDE20}C:\games\xtcs counter-strike 1.6 final release\cstrike.exe" = protocol=6 | dir=in | app=c:\games\xtcs counter-strike 1.6 final release\cstrike.exe | "TCP Query User{DA79C732-2D44-4C72-B725-38D19C4E51EB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{F852B024-4C1A-42E0-858F-99F28F6BA65F}C:\games\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\games\counter-strike\hl.exe | "TCP Query User{FC6CFC24-0789-4CD0-939F-BCB1B8B031DD}C:\games\cs\hl.exe" = protocol=6 | dir=in | app=c:\games\cs\hl.exe | "UDP Query User{09139ADB-DD33-4CC0-9CB3-E5786A698DB5}C:\program files (x86)\command and conquer generals\game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\command and conquer generals\game.dat | "UDP Query User{3E0331D6-99BC-409E-B336-67DC9504C91C}C:\games\cs 1.6 navi\cs 1.6\navi cs 1.6\hl.exe" = protocol=17 | dir=in | app=c:\games\cs 1.6 navi\cs 1.6\navi cs 1.6\hl.exe | "UDP Query User{551A246F-5B65-4A0C-97E9-BBE322EE5831}D:\cod\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\cod\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{68B83412-8948-4019-BD9A-36045A8F75E9}C:\program files (x86)\command and conquer generals\game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\command and conquer generals\game.dat | "UDP Query User{8231BF3A-2615-4594-9CF8-2E6D2F661A04}C:\games\cs\hltv.exe" = protocol=17 | dir=in | app=c:\games\cs\hltv.exe | "UDP Query User{8BDEF1CB-3747-488E-95DB-4F27D59032CC}C:\games\xtcs counter-strike 1.6 final release\cstrike.exe" = protocol=17 | dir=in | app=c:\games\xtcs counter-strike 1.6 final release\cstrike.exe | "UDP Query User{A7E366CB-D845-4946-89C5-9E81A1CACEEB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "UDP Query User{AB07CF6A-377E-4C9F-916A-EFD872D571F7}D:\cod\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\cod\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{B0A566B5-180B-40AF-9390-8402FB85AD04}C:\games\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\games\counter-strike\hl.exe | "UDP Query User{B667EE7F-5732-49C4-A5EB-B0D71F10D23A}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{CD520E8B-E6A3-419F-9230-10D038B28BB2}C:\games\cs\hl.exe" = protocol=17 | dir=in | app=c:\games\cs\hl.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{266058E0-8FB1-8487-C833-3697A3484E01}" = ccc-utility64 "{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{47E960B1-A285-4D31-87BA-4D2936FC8FF1}" = MAGIX Video deluxe 2013 Premium "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C42CA929-C55C-4435-F6B2-160C10FD301E}" = ATI Catalyst Install Manager "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel "{F30AE017-6791-43F1-8591-D31EDDDDFF1A}" = MAGIX Speed burnR (MSI) "A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1" = Wippien 2.4 "Elantech" = ETDWare PS/2-x64 7.0.5.13_WHQL "USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam "VLC media player" = VLC media player 2.0.5 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1BAAF2F6-C688-ACB4-89C3-3D0D074CE59F}" = CCC Help Russian "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2CA575D0-4A39-13B7-C3F6-C12DCECB5BE4}" = CCC Help Finnish "{2D12DFC6-4C5E-2734-5979-2D94798738F1}" = CCC Help Italian "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{33A51566-5216-B590-472F-D626C407E332}" = CCC Help Hungarian "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{38E5F2CE-F3B8-95C8-E2D2-E668ECF12FB3}" = CCC Help Greek "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41B4578A-520D-375F-0702-51608CFDDA0F}" = CCC Help Norwegian "{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1 "{43233BDA-5837-0AA5-1624-4746516BCB01}" = CCC Help Dutch "{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1 "{44FAF589-DA07-039F-A7BF-09A846640A43}" = Catalyst Control Center Graphics Full Existing "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{47CB9C66-D023-34D2-98EB-541D05F89968}" = CCC Help Chinese Standard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4D409740-7A1C-52B4-D7E6-BB6C4F343140}" = CCC Help Spanish "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2 "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{5EFDCD2E-1218-5101-747C-C9AA9443CB85}" = CCC Help Japanese "{619D83DC-710E-203E-29EA-8318FB27C5E4}" = CCC Help Thai "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{6703F18D-12B3-7936-2DCA-5D50FD0E3235}" = CCC Help Polish "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6E08F573-FCF7-C933-5BC5-7B14FD5564E3}" = CCC Help Korean "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7AC9FA44-609F-8D70-5CC3-9C6A1E59CA4D}" = Catalyst Control Center Graphics Light "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{840E2658-DBA1-9A75-7C36-6C6E3F67FAC0}" = ccc-core-static "{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1 "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3 "{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BDD86A7-B184-BB3F-222C-BD24871C0021}" = CCC Help Turkish "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{A1ABB2D1-3A6C-8598-CCCC-684625F4D451}" = CCC Help Swedish "{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA854C0B-ED3D-40FF-AB4C-816F027AAA9B}_is1" = Company of Heroes "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack "{B30B1C24-863A-B8D3-DB04-7037EE242486}" = CCC Help French "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B89F53E2-4461-16D4-66B5-285593D1BE07}" = CCC Help Chinese Traditional "{BC3F09E3-E113-1856-855D-E90B073190D1}" = CCC Help Danish "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE79D33C-6C74-2F72-2160-F0DB4C897B3D}" = Catalyst Control Center InstallProxy "{C0A0FA0B-9C4C-1653-0A8D-5F1D92F38D16}" = CCC Help English "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C8D107AB-4AFB-4BA5-8E07-87B3BFF55DB1}" = CS 1.6 NaVi "{C9A00809-0A5A-39DD-C70F-B2CBDD4EA35A}" = Catalyst Control Center Graphics Previews Vista "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D21D5B3B-0BCB-1809-5701-E59EFB4358E8}" = Catalyst Control Center Core Implementation "{D619679A-64A9-4677-F2D9-BF2EB2746D61}" = CCC Help Portuguese "{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3 "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2 "{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EEC9A274-AD86-3A16-4F17-22490EF597B4}" = CCC Help German "{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1 "{EF6ADCD6-C463-24C9-EEE0-6E07F5CC5182}" = CCC Help Czech "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F99BB4A4-5C73-0E3B-59E4-41960860A26E}" = Catalyst Control Center Localization All "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FF783F26-3A11-FD83-4B2E-7A7C423323C7}" = Catalyst Control Center Graphics Full New "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASUS AP Bank_is1" = ASUS AP Bank "ASUS WebStorage" = ASUS WebStorage "Avira AntiVir Desktop" = Avira Free Antivirus "Bookworm Deluxe" = Bookworm Deluxe "Canon MX410 series Benutzerregistrierung" = Canon MX410 series Benutzerregistrierung "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cooking Dash" = Cooking Dash "Counter-Strike 1.6 v17 Full " = Counter-Strike 1.6 v17 Full "Google Chrome" = Google Chrome "Governor of Poker" = Governor of Poker "Hotel Dash Suite Success" = Hotel Dash Suite Success "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{A7B8A5E9-CA44-44A0-9393-9EA0FFE4C3FB}" = Alcor Micro USB Card Reader "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "Jewel Quest 3" = Jewel Quest 3 "K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN "Luxor 3" = Luxor 3 "MAGIX_{47E960B1-A285-4D31-87BA-4D2936FC8FF1}" = MAGIX Video deluxe 2013 Premium "MAGIX_{F30AE017-6791-43F1-8591-D31EDDDDFF1A}" = MAGIX Speed burnR (MSI) "Mahjongg dimensions" = Mahjongg dimensions "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.1" = Canon MP Navigator EX 4.1 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Plants vs Zombies" = Plants vs Zombies "Surf & E-Mail-Stick" = Surf & E-Mail-Stick "SWAT 4 - The Stetchkov Syndicate" = SWAT 4 - The Stetchkov Syndicate "TeamViewer 8" = TeamViewer 8 "Wajam" = Wajam "WinLiveSuite_Wave3" = Windows Live Essentials "World of Goo" = World of Goo ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.04.2013 14:35:48 | Computer Name = Laptop_Chef | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 25.04.2013 14:35:48 | Computer Name = Laptop_Chef | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST" in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: NScCoreComponents,type="win32",version="5.3.2.0". Definition: NScCoreComponents,type="win32",version="5.3.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 27.04.2013 12:13:51 | Computer Name = Laptop_Chef | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 27.04.2013 12:13:51 | Computer Name = Laptop_Chef | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST" in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: NScCoreComponents,type="win32",version="5.3.2.0". Definition: NScCoreComponents,type="win32",version="5.3.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 28.04.2013 04:37:58 | Computer Name = Laptop_Chef | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 28.04.2013 04:37:58 | Computer Name = Laptop_Chef | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST" in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: NScCoreComponents,type="win32",version="5.3.2.0". Definition: NScCoreComponents,type="win32",version="5.3.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 01.05.2013 06:54:18 | Computer Name = Laptop_Chef | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 01.05.2013 06:54:18 | Computer Name = Laptop_Chef | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST" in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: NScCoreComponents,type="win32",version="5.3.2.0". Definition: NScCoreComponents,type="win32",version="5.3.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 01.05.2013 18:31:09 | Computer Name = Laptop_Chef | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 01.05.2013 18:31:09 | Computer Name = Laptop_Chef | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST" in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: NScCoreComponents,type="win32",version="5.3.2.0". Definition: NScCoreComponents,type="win32",version="5.3.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. [ System Events ] Error - 11.05.2013 15:16:32 | Computer Name = Laptop_Chef | Source = bowser | ID = 8003 Description = Error - 11.05.2013 17:07:42 | Computer Name = Laptop_Chef | Source = bowser | ID = 8003 Description = Error - 12.05.2013 02:05:24 | Computer Name = Laptop_Chef | Source = bowser | ID = 8003 Description = Error - 12.05.2013 02:11:25 | Computer Name = Laptop_Chef | Source = bowser | ID = 8003 Description = Error - 12.05.2013 02:41:28 | Computer Name = Laptop_Chef | Source = bowser | ID = 8003 Description = Error - 12.05.2013 08:36:01 | Computer Name = Laptop_Chef | Source = bowser | ID = 8003 Description = Error - 12.05.2013 09:03:04 | Computer Name = Laptop_Chef | Source = bowser | ID = 8003 Description = Error - 12.05.2013 09:45:08 | Computer Name = Laptop_Chef | Source = bowser | ID = 8003 Description = Error - 12.05.2013 12:57:27 | Computer Name = Laptop_Chef | Source = bowser | ID = 8003 Description = Error - 12.05.2013 13:33:30 | Computer Name = Laptop_Chef | Source = bowser | ID = 8003 Description = < End of report > Gruß Dietrich |
15.05.2013, 17:08 | #2 | |
/// TB-Ausbilder | Bundestrojaner Virus :-(Zitat:
Supportstopp Lesestoff: Damit ist das Thema beendet. Cracks und Keygens Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen. Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
__________________ |
Themen zu Bundestrojaner Virus :-( |
adobe reader xi, antivir, avira, bho, bildschirm, bingbar, bonjour, canon, error, fehler, firefox, flash player, helper, home, logfile, mozilla, plug-in, programm, realtek, registry, richtlinie, rundll, scan, security, software, starten, svchost.exe, virus, wajam, windows |