|
Log-Analyse und Auswertung: Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.06.2013, 20:42 | #1 |
| Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Hallo zusammen, ich habe wie gesagt nach dem Hochfahren einen weißen Bildschirm und im abgesicherten Modus fährt der Rechner gleich herunter. Habe OTL-Scan durchgeführt mit dem folgenden Ergebnis. Hoffe ihr könnt mir helfen. OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.06.2013 21:11:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = M:\ 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 3,41 Gb Available Physical Memory | 86,86% Memory free 7,85 Gb Paging File | 7,35 Gb Available in Paging File | 93,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 10,91 Gb Free Space | 9,37% Space Free | Partition Type: NTFS Drive D: | 334,67 Gb Total Space | 30,93 Gb Free Space | 9,24% Space Free | Partition Type: NTFS Drive E: | 4,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive M: | 3,73 Gb Total Space | 3,72 Gb Free Space | 99,73% Space Free | Partition Type: FAT32 Computer Name: ASUS_MALTE | User Name: Malte | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.03 21:03:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- M:\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2010.10.09 11:00:14 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV:64bit: - [2009.11.18 07:45:39 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.09.29 18:32:31 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV:64bit: - [2009.09.29 18:32:29 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV:64bit: - [2009.09.17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.08.07 00:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2013.05.26 22:50:12 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.19 13:22:55 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.05 17:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Stopped] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.16 15:04:30 | 000,201,576 | ---- | M] (Vertro Inc.) [Auto | Stopped] -- C:\Users\Malte\AppData\LocalLow\alotservice\alotservice.exe -- (AlotService) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2011.06.28 21:08:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 17:23:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.12.18 00:29:28 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Stopped] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2005.01.26 16:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2005.01.26 16:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2005.01.26 16:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2005.01.24 19:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.12 16:02:24 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012.06.20 22:53:05 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.12 12:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt) DRV:64bit: - [2011.07.12 12:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt) DRV:64bit: - [2011.07.12 12:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint) DRV:64bit: - [2011.06.28 21:08:14 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 21:08:14 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.20 17:15:54 | 000,058,880 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cdc_ecm.sys -- (vodafone_zte_cdc_ecm) DRV:64bit: - [2011.05.20 17:15:54 | 000,056,320 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_ecm_enum_filter.sys -- (vodafone_zte_ecm_enum_filter) DRV:64bit: - [2011.05.20 17:15:54 | 000,056,320 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_ecm_enum.sys -- (vodafone_zte_ecm_enum) DRV:64bit: - [2011.05.20 17:15:52 | 000,079,872 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cdc_acm.sys -- (vodafone_zte_cdc_acm) DRV:64bit: - [2011.05.20 17:15:52 | 000,014,336 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cpo.sys -- (vodafone_zte_cpo) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.22 16:08:50 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010.09.01 14:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.01.15 23:15:37 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.11.21 05:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.21 05:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.18 08:21:19 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.13 10:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.10.15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009.10.05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.30 03:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.29 18:33:17 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.08.20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.08.07 00:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.08.06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.08.06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.20 12:04:55 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.05.13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.07.24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2009.09.02 02:59:44 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/08 21:59:00] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=hp&exp=true IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\SearchScopes\{17623F8D-B5F8-4EAA-8F4E-591214C6E5F3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=cf53d0ce-2b1f-43bb-b629-0e84e715cdae&apn_sauid=6FCD0014-5858-4354-A221-420BA1314471 IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: appbar%40alot.com:1.0.17000 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.0.100010 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=ds&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Malte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.02.01 01:29:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.26 22:50:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.26 22:50:03 | 000,000,000 | ---D | M] [2010.04.18 13:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malte\AppData\Roaming\mozilla\Extensions [2012.12.11 13:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malte\AppData\Roaming\mozilla\Firefox\Profiles\rtjwuswc.default\extensions [2012.07.26 21:11:46 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Malte\AppData\Roaming\mozilla\Firefox\Profiles\rtjwuswc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.06 23:44:05 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\Malte\AppData\Roaming\mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com [2012.02.01 19:28:22 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Malte\AppData\Roaming\mozilla\Firefox\Profiles\rtjwuswc.default\extensions\toolbar@ask.com [2012.04.01 21:22:32 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Malte\AppData\Roaming\mozilla\Firefox\Profiles\rtjwuswc.default\extensions\vshare@toolbar [2012.12.11 13:19:29 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.04.01 19:04:23 | 000,002,404 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\askcom.xml [2013.05.26 20:46:54 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-1.xml [2012.02.15 22:24:12 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-10.xml [2011.05.09 21:55:51 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-2.xml [2011.07.16 12:46:04 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-3.xml [2011.08.18 19:16:18 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-4.xml [2011.09.03 10:17:54 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-5.xml [2011.09.10 18:37:36 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-6.xml [2011.10.03 20:21:57 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-7.xml [2011.11.18 00:14:50 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-8.xml [2011.12.23 16:31:54 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-9.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin.xml [2013.02.01 17:10:14 | 000,021,643 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\Web Search.xml [2013.05.26 22:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.26 22:50:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013.05.26 22:50:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.05.26 22:50:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013.05.26 22:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.26 22:50:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: CHR - homepage: CHR - Extension: No name found = C:\Users\Malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.2.4.1_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Vertro, Inc) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) O4 - HKLM..\Run: [SsAAD.exe] C:\PROGRA~2\Sony\SONICS~1\SsAAD.exe () O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Malte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Malte\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Malte\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22D95502-B91E-4DFF-90DA-1BF106E16695}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B52E503-6FE7-45D9-92FE-310FB23D15D1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BAA87F7-63AE-4665-8150-3F1034E11519}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0F92485-94A5-433C-871E-9BBB71EF735E}: NameServer = 139.7.30.125 139.7.30.126 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000 Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000 Winlogon: Shell - (C:\Users\Malte\AppData\Roaming\skype.dat) - C:\Users\Malte\AppData\Roaming\skype.dat () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.05.02 16:16:56 | 000,000,000 | ---D | M] - D:\Auto CD -- [ NTFS ] O33 - MountPoints2\{e7f92145-bf1e-11e2-ba32-ef72324b8894}\Shell - "" = AutoRun O33 - MountPoints2\{e7f92145-bf1e-11e2-ba32-ef72324b8894}\Shell\AutoRun\command - "" = J:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{e7f9214e-bf1e-11e2-ba32-ef72324b8894}\Shell - "" = AutoRun O33 - MountPoints2\{e7f9214e-bf1e-11e2-ba32-ef72324b8894}\Shell\AutoRun\command - "" = J:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{f3111bbe-bb17-11e1-8c51-96d3314c0a95}\Shell - "" = AutoRun O33 - MountPoints2\{f3111bbe-bb17-11e1-8c51-96d3314c0a95}\Shell\AutoRun\command - "" = J:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.02 01:32:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.05.27 15:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.05.27 15:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.05.26 22:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.26 20:36:37 | 000,000,000 | ---D | C] -- C:\Users\Malte\Desktop\Klarinette [2013.05.20 21:38:11 | 000,000,000 | ---D | C] -- C:\Users\Malte\Desktop\Neuer Ordner (3) [2013.05.17 21:41:02 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\FLEXnet [2013.05.17 21:32:50 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\Vodafone [2013.05.17 21:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone [2013.05.17 21:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone [2013.05.17 21:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone [2013.05.17 21:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2013.05.17 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\{EBB94E3B-3BF9-4353-8238-02E9637A682C} [2013.05.10 23:02:38 | 000,000,000 | ---D | C] -- C:\Users\Malte\Documents\Bachelor-Arbeit [2013.05.05 11:19:20 | 000,733,184 | ---- | C] (www.rene-zeidler.de) -- C:\Users\Malte\Desktop\Snipping Tool Plus.exe [2013.05.05 11:19:02 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\www.rene-zeidler.de [2013.05.05 11:18:52 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\www.rene-zeidler.de [2013.05.05 11:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\www.rene-zeidler.de ========== Files - Modified Within 30 Days ========== [2013.06.03 21:06:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.03 21:05:58 | 3161,874,432 | -HS- | M] () -- C:\hiberfil.sys [2013.06.03 20:53:22 | 000,000,004 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\skype.ini [2013.06.03 20:52:55 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.06.02 20:21:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.02 08:24:04 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 08:24:04 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 22:42:23 | 000,000,000 | ---- | M] () -- C:\END [2013.06.01 22:42:05 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.05.29 21:01:19 | 000,001,055 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.29 21:01:00 | 000,001,023 | ---- | M] () -- C:\Users\Malte\Desktop\Dropbox.lnk [2013.05.28 22:00:16 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.28 22:00:16 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.28 22:00:16 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.28 22:00:16 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.28 22:00:16 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.19 23:09:55 | 000,000,145 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\default.rss [2013.05.19 13:22:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.19 13:22:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.18 17:56:21 | 000,002,189 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.05.18 17:56:20 | 000,482,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.18 17:56:20 | 000,001,779 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.05.17 21:32:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_ecm_01009.Wdf [2013.05.17 21:32:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_acm_01009.Wdf [2013.05.17 21:32:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_ecm_enum_01009.Wdf [2013.05.17 21:31:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf [2013.05.17 21:30:46 | 000,002,198 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk [2013.05.05 11:18:22 | 000,437,645 | ---- | M] () -- C:\Users\Malte\Desktop\SnippingToolPlusv3-4-1-0.zip ========== Files Created - No Company Name ========== [2013.06.02 08:52:30 | 000,000,004 | ---- | C] () -- C:\Users\Malte\AppData\Roaming\skype.ini [2013.05.20 21:36:12 | 000,001,055 | ---- | C] () -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.17 21:32:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_ecm_01009.Wdf [2013.05.17 21:32:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_acm_01009.Wdf [2013.05.17 21:32:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_ecm_enum_01009.Wdf [2013.05.17 21:31:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf [2013.05.17 21:30:46 | 000,002,198 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk [2013.05.11 12:03:32 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\acovcnt.exe [2013.05.05 11:18:21 | 000,437,645 | ---- | C] () -- C:\Users\Malte\Desktop\SnippingToolPlusv3-4-1-0.zip [2012.12.17 09:13:23 | 000,006,656 | ---- | C] () -- C:\Users\Malte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.27 22:41:11 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.01.27 18:35:50 | 000,007,597 | ---- | C] () -- C:\Users\Malte\AppData\Local\Resmon.ResmonCfg [2012.01.11 18:03:27 | 000,151,552 | ---- | C] () -- C:\Users\Malte\AppData\Roaming\skype.dat [2012.01.10 10:37:37 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.07.12 14:02:16 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2010.01.19 17:33:09 | 000,000,145 | ---- | C] () -- C:\Users\Malte\AppData\Roaming\default.rss [2010.01.09 08:24:35 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Geändert von ms11 (03.06.2013 um 20:57 Uhr) |
03.06.2013, 20:44 | #2 | |
/// TB-Ausbilder | Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Hi,
__________________Zitat:
(Die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].)
__________________ |
03.06.2013, 20:58 | #3 |
| Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 03.06.2013 21:11:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = M:\ 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 3,41 Gb Available Physical Memory | 86,86% Memory free 7,85 Gb Paging File | 7,35 Gb Available in Paging File | 93,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 10,91 Gb Free Space | 9,37% Space Free | Partition Type: NTFS Drive D: | 334,67 Gb Total Space | 30,93 Gb Free Space | 9,24% Space Free | Partition Type: NTFS Drive E: | 4,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive M: | 3,73 Gb Total Space | 3,72 Gb Free Space | 99,73% Space Free | Partition Type: FAT32 Computer Name: ASUS_MALTE | User Name: Malte | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B676520-257C-4531-A810-91F9AA557B1F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0CE3C6A6-194E-457D-B030-C95097C6A6D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0E05BA9E-7C1E-4BC2-9B8C-F03327A45341}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{10D7A1E3-C153-4F2B-ACCB-BFDA19EDE1B3}" = lport=445 | protocol=6 | dir=in | app=system | "{1C299310-839C-4866-9A84-5E59233B5888}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{21CE9AA2-B84A-411F-AD66-E7B04A0A1EE9}" = lport=138 | protocol=17 | dir=in | app=system | "{2C45A184-EE62-471D-989E-609FAAA591E1}" = lport=10243 | protocol=6 | dir=in | app=system | "{329BB8DA-B7F0-4B10-BD04-57D798102DFF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3C24B6C4-6168-4F1A-9178-16992341BEB5}" = rport=10243 | protocol=6 | dir=out | app=system | "{464FB69E-51C5-4114-A6E4-DA9DB1F0E1E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4C4C5658-346A-4BDC-BA52-BB9D1DAF7014}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4D85DA8D-468F-4097-B410-303978A9696D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5A920BF9-1141-4315-AAAE-8AB3FED7217C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6BE160CD-2D8D-4257-8FF2-7AEA2EFAD95E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6D9D2C6D-1F76-40E9-A79F-D091EB60B7C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{72B9FDA6-A64E-4E8F-AEC6-CAE08A91A9D4}" = lport=2869 | protocol=6 | dir=in | app=system | "{733BC23A-86E3-4460-8236-19ED3FB9EFF2}" = lport=2869 | protocol=6 | dir=in | app=system | "{7391DAE1-10A6-4729-A131-7133DCB2CC7A}" = rport=138 | protocol=17 | dir=out | app=system | "{85AEC240-ECD0-4110-90AD-FD1B99B1943B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8B8A41D6-AE1A-4342-BC27-13C6D43C380E}" = rport=137 | protocol=17 | dir=out | app=system | "{9A64DF20-8A2C-4C5C-BE1B-465FCDA0E2B0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{9DFC5EDD-D9CA-45B7-BCB1-E35FA41BD3FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A27C4A17-05CB-4EF2-8ADC-D5E31D18E537}" = lport=139 | protocol=6 | dir=in | app=system | "{AB801825-FA3D-4A7B-87D5-BF85D7E38BEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B677FA17-E7DB-4915-BC6D-C4ED20DBD324}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BAFBD5F1-3D75-4D31-8EF6-362DF9D024E9}" = rport=139 | protocol=6 | dir=out | app=system | "{C1CB11DB-9748-4502-8A12-25815BC0177F}" = lport=137 | protocol=17 | dir=in | app=system | "{D2A4C56F-FF59-4A3F-832F-852922B12B29}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D919EA2D-14AA-4E4A-8010-410F7B15C82D}" = lport=445 | protocol=6 | dir=in | app=system | "{D99DA207-6C45-4125-B024-81FDBA930E74}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DE2DCFE7-0BA6-4DB7-916D-AC0E1BBB08DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E7F1817E-EAD1-4229-AC72-DDD001FEB55E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F090A3EE-0EB0-4F8F-9BD8-D1077F206921}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01159AB5-811F-4DCD-B900-7255FF75724E}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{1067A79B-0F07-43F3-A43A-704D39F17ED9}" = protocol=6 | dir=in | app=d:\spiele\sicherheitskopie 1.51\coduomp.exe | "{1166CD41-3A33-44B3-9F82-21D6F727D6F3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{153F79DA-7B26-4928-8C10-49823211B9EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{17A91A6B-38F0-4847-A916-92B3DC5C0B01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1971E2EC-4CDF-448F-9D3F-620A55206E3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1FA69F0E-A917-43E0-8AAD-D1F1429D5DBF}" = protocol=6 | dir=in | app=c:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\age2\empires2.exe | "{2D712F3F-00B3-497C-A313-304DDC3DF385}" = protocol=17 | dir=in | app=c:\program files (x86)\ccleaner\ccleaner.exe | "{31A539E9-2192-4F1C-B2D9-280E87068280}" = protocol=17 | dir=in | app=c:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\age2\empires2.exe | "{31B18BBC-9EDF-428F-856C-FE6C1C2FC35C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{32FDEB33-6830-4AC9-98E5-DE479231E168}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{359CF17F-6981-48A9-ACBB-C20D4E214B11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3668C809-1E99-4DF5-907B-62956EEF8A62}" = protocol=17 | dir=in | app=d:\spiele\sicherheitskopie 1.51\coduomp.exe | "{4254E44B-AA04-4DCF-90FC-6CEF02A2F6EC}" = protocol=6 | dir=in | app=c:\games\call of duty black ops\blackops.exe | "{47D024AE-43DF-42C4-B5E6-69F546E639BC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{4CD60090-2E82-469A-A9B0-8684832C588B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4E121060-C89A-4FB6-80DE-279E61630083}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5772A24F-9033-4993-ACDB-825E1C94000F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{68A604CA-226A-4538-AAF3-84E00C29BFB4}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | "{68C5CE34-90B1-489D-8B33-C32D8B7BA941}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | "{690B2BA1-D84D-46A7-8B61-5FB0B0001C6B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{69291F3C-76C5-4E47-A2FE-D9419569E0E6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{759CF04E-2FD0-4738-919F-8BB0E6E6DBC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7AB90437-8EF2-4C7B-B807-E421844C55D6}" = protocol=6 | dir=in | app=j:\sicherheitskopie 1.51\coduomp.exe | "{7C36F0A0-7E98-41B7-AA69-0F9E199D072E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{808FE7FE-9FE0-4678-84C2-E8A6615A53DE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{80F998AD-1D0D-4A3E-A573-3088987E5FC4}" = protocol=17 | dir=in | app=c:\program files (x86)\ck-skat testversion\ckskat.exe | "{838D92E2-3668-4DDF-80DC-7AEBAD270A1E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | "{83A833CA-29F4-43C0-83A2-F5784388E9C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{83E5B0DB-6A4A-4A9F-AA30-2F8DBB181BAB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | "{85BEC7A8-06C6-4227-A5B2-85C5D724C3AC}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{87FA29A2-4295-460E-96F2-BCF3AFC2EE9A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{8B0E6912-02F1-4DF2-9851-3641A7AD7405}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{8CF2D777-3282-4908-9965-966E8224C6BF}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{8FDABA91-D614-49F4-A067-491B7F62C387}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "{9BF33720-786C-4301-AFC6-98A85E0CB666}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | "{9F05E06E-01F4-4E23-9473-DD64D6971F71}" = protocol=6 | dir=in | app=c:\program files (x86)\ccleaner\ccleaner.exe | "{A14E12B2-C98F-42BA-B9FA-6FF854BF42CD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{A8C15DD1-5AAE-4579-9C2E-767FFBA7B552}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AB2B31DB-F99D-4D29-BB92-D12F53DD6599}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B0B5C796-6F65-464E-A8E5-D5F2963C5009}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{B1B8FA49-4A00-4FCB-B06D-420DD5AE2C81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B1BA7EF0-E90C-40EB-8253-864B6B72952E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{B6F8FD53-174B-4A13-B258-BB3685AD611D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | "{B8E9A10B-09A3-4498-BB2A-4F3EDC549DA7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{BABE25E2-60D8-47FE-95C5-0C4D3FF8FF97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BDF5BE82-1CEC-4F4D-842D-9C2ADC9B532E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{BF922F79-F277-4E6C-BBB7-4DD20C359476}" = protocol=6 | dir=out | app=system | "{C02B6B7D-88A9-4ED5-8290-ED989D1B3EFD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C140CE70-01C1-4DEE-8576-15C5AF569557}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "{C3A8D307-98EF-4294-B67B-152688C8530C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{CDF6E768-B216-452B-B8F1-3CB8626E0563}" = protocol=17 | dir=in | app=d:\spiele\sicherheitskopie 1.51\codmp.exe | "{D1876531-61DE-4DE3-8DA6-4321CBD71E25}" = protocol=17 | dir=in | app=j:\sicherheitskopie 1.51\coduomp.exe | "{DB7A3EC5-3113-4991-8F05-61988F1B4940}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DD0E3016-520F-44AC-9E26-FA29EF514013}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E608D0AC-D363-4238-9EF0-8813BB9B5933}" = protocol=6 | dir=in | app=d:\spiele\sicherheitskopie 1.51\codmp.exe | "{EEDAF9E3-36C3-4C46-99D1-5A8DC42C57B2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{F3E2428C-D2B8-4D99-8470-BF77A903FB63}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{F50FEA9D-DA3D-4F6F-817F-49745C255FE5}" = protocol=6 | dir=in | app=c:\program files (x86)\ck-skat testversion\ckskat.exe | "{F55F2AE5-A28D-4F28-BAA2-8AA5A4068BCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F6896D0F-1FA3-4B13-B1F4-BD286894810A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F6D8EB07-4DFA-459A-A503-3E59CDE90471}" = protocol=17 | dir=in | app=c:\games\call of duty black ops\blackops.exe | "{F98271FA-9736-46C1-8F73-E8793936900C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "TCP Query User{0B9BB8EE-D641-4A01-82CA-1F5ABFCED5C3}J:\sicherheitskopie 1.51\coduomp.exe" = protocol=6 | dir=in | app=j:\sicherheitskopie 1.51\coduomp.exe | "TCP Query User{2CF40B2F-BA97-47CF-8E40-AE59B77E01DA}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{486FAB56-9FDA-4F06-B9C2-DEE1694A785A}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "TCP Query User{5853702D-0F0D-4874-AB5B-9F6308FA713C}C:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\age2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\age2\age2_x1\age2_x1.exe | "TCP Query User{6188C9A2-55B0-4F92-A1BC-BF3053614F78}C:\program files (x86)\ck-skat testversion\ckskat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ck-skat testversion\ckskat.exe | "TCP Query User{730286D7-AE05-4A30-B351-A00C2D2ED2C4}D:\spiele\sicherheitskopie 1.51\coduomp.exe" = protocol=6 | dir=in | app=d:\spiele\sicherheitskopie 1.51\coduomp.exe | "TCP Query User{768C3B5A-7669-4507-8092-FD8BDD38B0A6}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "TCP Query User{7FEBAB4E-B561-4D3A-9A74-5FA0F6C3CA3E}C:\games\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\games\call of duty black ops\blackopsmp.exe | "TCP Query User{8696D218-4C8A-4B8F-94D5-2E40BCC5CB9D}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "TCP Query User{8751BDFD-7FF6-4A9B-BDCD-DD0701F541E5}D:\spiele\sicherheitskopie 1.51\codmp.exe" = protocol=6 | dir=in | app=d:\spiele\sicherheitskopie 1.51\codmp.exe | "TCP Query User{92076608-1685-4911-83A2-C65AEB07C3A1}C:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\age2\empires2.exe" = protocol=6 | dir=in | app=c:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\age2\empires2.exe | "TCP Query User{ADAE2071-1589-4102-B3C8-213A80BF3EC9}C:\games\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\games\call of duty black ops\blackops.exe | "TCP Query User{B0546659-0D90-4C9E-ACD6-CA55AC12EA84}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe | "TCP Query User{B521A677-56A8-4CE7-821F-AB9BA139B0A1}C:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\nintendo\snes9xw.exe" = protocol=6 | dir=in | app=c:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\nintendo\snes9xw.exe | "TCP Query User{B682361A-DD6D-4431-95BD-87E4FE985F23}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | "TCP Query User{B6E15019-A3B3-40AF-AD9F-5FAB3CCEE1EF}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe | "TCP Query User{BB506271-4095-4CB3-BE9C-B24C93585A74}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "TCP Query User{D15950F1-9315-4109-B463-AB8B33C06CFB}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | "TCP Query User{D23670C1-6266-4C54-BD16-F62D5E5531AA}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "TCP Query User{D2E644BC-2B74-4BAC-8E69-6B95F1E857EA}C:\program files (x86)\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\age of empires 2\age2_x1\age2_x1.exe | "TCP Query User{DEB4AA70-B14B-46F9-AF47-F64579672F38}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{0872C724-18C6-4187-8036-3B16B286E867}D:\spiele\sicherheitskopie 1.51\coduomp.exe" = protocol=17 | dir=in | app=d:\spiele\sicherheitskopie 1.51\coduomp.exe | "UDP Query User{12C426C4-94F1-49DC-B6A3-940766A70927}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "UDP Query User{32A9BFB9-DA15-432F-966E-23FC3C20EA25}C:\program files (x86)\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\age of empires 2\age2_x1\age2_x1.exe | "UDP Query User{3570A276-9E2E-4674-9167-E06EF8130150}J:\sicherheitskopie 1.51\coduomp.exe" = protocol=17 | dir=in | app=j:\sicherheitskopie 1.51\coduomp.exe | "UDP Query User{359ABD88-0F88-48B0-AF85-A62E87D63254}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "UDP Query User{398647FD-23DE-4084-87BC-5E09E85E8138}C:\program files (x86)\ck-skat testversion\ckskat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ck-skat testversion\ckskat.exe | "UDP Query User{3FF86CC4-B22F-4128-A7A8-3DA61A79FF99}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "UDP Query User{416FD058-533C-4C7A-B522-0D4261E8CC9D}C:\games\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\games\call of duty black ops\blackopsmp.exe | "UDP Query User{5B8D01E4-C93C-48D2-A691-90CB197CB45A}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe | "UDP Query User{5E8F2939-B290-4426-B455-CB533EB686FA}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "UDP Query User{88E773E3-A9E2-461F-8815-872C506CF7BA}C:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\nintendo\snes9xw.exe" = protocol=17 | dir=in | app=c:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\nintendo\snes9xw.exe | "UDP Query User{92651358-BC29-45D1-8F47-AAC232EB1953}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "UDP Query User{966B67DF-0F22-40A3-9653-26539BF9B15E}C:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\age2\empires2.exe" = protocol=17 | dir=in | app=c:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\age2\empires2.exe | "UDP Query User{A80635A7-C8F2-4D9F-914E-C0FC47C8D683}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | "UDP Query User{A9855621-7E46-42C0-AD16-A9E7D2B99F73}D:\spiele\sicherheitskopie 1.51\codmp.exe" = protocol=17 | dir=in | app=d:\spiele\sicherheitskopie 1.51\codmp.exe | "UDP Query User{B072063F-E77C-4E53-8A70-DFD55F03EFBB}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{C11DB4CA-27B5-47DC-9900-8ED96491978C}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe | "UDP Query User{C1934C16-AB14-43B6-913F-563584DD3A32}C:\games\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\games\call of duty black ops\blackops.exe | "UDP Query User{C980CEB5-3F65-4A13-AAE6-576A933FA3FE}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | "UDP Query User{CEA11D1C-DAE7-4AD4-B25B-616B09B39AA0}C:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\age2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\malte\documents\icq\317315106\receivedfiles\278372198 __n.o.c.k.e.__\age2\age2_x1\age2_x1.exe | "UDP Query User{EA28D664-B228-49F0-BD4C-DF8DDC27A1CD}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{2F168B0C-7EB1-D63A-18E2-B4BC362F54FD}" = ccc-utility64 "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{76B91A94-33F6-4E92-88DF-3325427F4F47}" = Oracle VM VirtualBox 4.0.0 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007 "{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007 "{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007 "{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007 "{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007 "{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security "{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FEC0590D-D4DE-DB7C-C625-657FC30CF927}" = ATI Catalyst Install Manager "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Recuva" = Recuva "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{03A92733-D26B-CBCD-52A1-56E31E612972}" = Catalyst Control Center Core Implementation "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0AC16091-C09E-462B-9AF7-A8605F4BF7CC}" = Langenscheidt Vokabeltrainer 6.0 Englisch "{0CEC2F82-AEB2-4C4B-B450-62C6CEF159FE}_is1" = Age of Empires 2 & The Conquerors v1.1 Userpatch AiO version 0.2 "{106E3037-BFFF-0B66-7BAE-15E16C9DAB7A}" = CCC Help Turkish "{124D0E28-CD55-490E-E551-7474F0965983}" = Catalyst Control Center Graphics Previews Common "{133B19CF-2FDA-492C-07AD-FAE04DB76C99}" = ccc-core-static "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{244F94E8-6801-3AEE-D5F8-8B0F66A323D6}" = CCC Help Chinese Standard "{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 39 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2A2C6E16-0399-F5AE-B3A8-0990B2464E97}" = Catalyst Control Center Graphics Full New "{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00 "{301A4A22-ACBD-993D-682E-4B35F22467B6}" = Catalyst Control Center Graphics Light "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{40A208DE-AE5A-F82C-962C-17050826751F}" = Catalyst Control Center Graphics Full Existing "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41F706DC-FE6D-90AC-6B9A-F175388EBFA6}" = CCC Help Finnish "{43CC74BB-CB4F-9DE7-5B86-0CB4E498DDAE}" = CCC Help Italian "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{49DCA97C-4D99-659C-AE2B-9CDCC227CEE3}" = CCC Help English "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E12BF0A-9A6B-B806-F589-1456DA35CFAA}" = CCC Help Spanish "{518F8DB2-65BA-40F7-B843-1F11F8F1B124}" = Vokabeltrainer-Update 6.0.16 "{5419A3D5-07EC-9C03-483F-41945F9F173C}" = CCC Help Swedish "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{5E0D2061-86AB-4B83-A671-A0BF3FF1537B}_is1" = Vokabel Trainer 5 "{5E5FF37B-81F4-FAE1-1BEB-2DCCB7D8AC21}" = CCC Help Chinese Traditional "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6717A421-DA2D-BC53-3C94-95235480B989}" = CCC Help Japanese "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6E6FD4E4-A2FB-2404-6E46-7606B0913FF1}" = CCC Help Greek "{6FEBE183-A517-770B-9BEC-E0AF07B2C0ED}" = Catalyst Control Center InstallProxy "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{729C7781-11C8-783B-CC05-1AC359088502}" = CCC Help Czech "{7492FE27-81F9-305D-44B8-7696ACBACA2A}" = CCC Help Russian "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{7CA835ED-752D-0AD3-3DD1-DAFCD81E8E6A}" = CCC Help Danish "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3 "{81C9B604-B3D0-82FB-E677-2D96CDFECEAB}" = CCC Help Polish "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8B1C8588-60C4-3650-D324-9404AEF01044}" = Catalyst Control Center Graphics Previews Vista "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007 "{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007 "{90120000-0015-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007 "{90120000-0015-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007 "{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007 "{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007 "{90120000-0015-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007 "{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007 "{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007 "{90120000-0016-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007 "{90120000-0016-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007 "{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007 "{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007 "{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007 "{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007 "{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007 "{90120000-0018-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007 "{90120000-0018-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007 "{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007 "{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007 "{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007 "{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007 "{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007 "{90120000-0019-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007 "{90120000-0019-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007 "{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007 "{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007 "{90120000-0019-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007 "{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007 "{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007 "{90120000-001A-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007 "{90120000-001A-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007 "{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007 "{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007 "{90120000-001A-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007 "{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007 "{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007 "{90120000-001B-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007 "{90120000-001B-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007 "{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007 "{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007 "{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007 "{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007 "{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007 "{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007 "{90120000-001F-0408-0000-0000000FF1CE}_PROHYBRIDR_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007 "{90120000-001F-040D-0000-0000000FF1CE}_PROHYBRIDR_{51590837-F141-43A8-B0EC-AEF16F1CBE78}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007 "{90120000-001F-0419-0000-0000000FF1CE}_PROHYBRIDR_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007 "{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007 "{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007 "{90120000-001F-0816-0000-0000000FF1CE}_PROHYBRIDR_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007 "{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0028-0404-1000-0000000FF1CE}_PROHYBRIDR_{490B52AE-965C-460C-9E0F-EE65C96F7AA1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0404-1000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0408-1000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-040D-1000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0413-1000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007 "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007 "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007 "{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007 "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007 "{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007 "{90120000-006E-0408-0000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007 "{90120000-006E-040D-0000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007 "{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007 "{90120000-006E-0816-0000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007 "{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90949E60-1E05-EAD9-A1B8-D0984F18224B}" = CCC Help Portuguese "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter "{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A9D317B-610F-5B74-E001-FFF98C3393D8}" = CCC Help Dutch "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.0 "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B15930BE-C329-0B26-CE1E-E1E6D4A3EB20}" = CCC Help German "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate "{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C143B1EA-688C-35CE-34BE-88DFDBA4D0E6}" = Catalyst Control Center Localization All "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{C6F8AFBD-C7D3-2934-DB48-1E2C92D7455B}" = CCC Help Hungarian "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D1543DF7-EF94-B6E7-643B-3543EA36F630}" = CCC Help French "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{D44EFA1A-5F04-DFB4-A3FF-A1A4D64556D0}" = CCC Help Korean "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{DE56B690-A4EE-F806-6DEF-942EF3FB2E20}" = CCC Help Thai "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{ED27DC1A-550A-5F48-9303-9C0D9C179D42}" = CCC Help Norwegian "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FC53C175-63F8-47CE-8337-EF1373D3E6FF}_is1" = CK-Skat Testversion "{fec08491-e5bf-46c0-ba42-40c0571c1bd3}" = Nero 9 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Age of Empires" = Microsoft Age of Empires "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "alotAppbar" = ALOT Appbar "Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12 "ASUS_N_Series_Screensaver" = ASUS_N_Series_Screensaver "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "DivX Setup.divx.com" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "FLV Player" = FLV Player 2.0 (build 25) "Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.6.715 "Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324 "Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1 "Frogger" = Frogger v3.0e "ICQToolbar" = ICQ Toolbar "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic "InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso "InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "LogMeIn Hamachi" = LogMeIn Hamachi "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01 "Pinball" = 3D Pinball from Plus! for Windows 95 "PROHYBRIDR" = 2007 Microsoft Office system "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "S2TNG" = Die Siedler II - Die nächste Generation "Theme Park World" = Theme Park World "Uninstall_is1" = Uninstall 1.0.0.1 "VirtualCloneDrive" = VirtualCloneDrive "Wajam" = Wajam "WBS" = WBS "WDS-Skat Shareware" = WDS-Skat Shareware "WinLiveSuite_Wave3" = Windows Live Essentials "xampp" = XAMPP 1.7.7 "XSManager" = XSManager ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Dropbox" = Dropbox "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Winamp Anwendungserkennung ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.06.2013 02:31:43 | Computer Name = ASUS_Malte | Source = Windows Search Service | ID = 3029 Description = Error - 01.06.2013 02:31:44 | Computer Name = ASUS_Malte | Source = Windows Search Service | ID = 3029 Description = Error - 01.06.2013 02:31:44 | Computer Name = ASUS_Malte | Source = Windows Search Service | ID = 3028 Description = Error - 01.06.2013 02:31:44 | Computer Name = ASUS_Malte | Source = Windows Search Service | ID = 3058 Description = Error - 01.06.2013 02:31:44 | Computer Name = ASUS_Malte | Source = Windows Search Service | ID = 7010 Description = Error - 01.06.2013 16:41:56 | Computer Name = ASUS_Malte | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 01.06.2013 18:36:51 | Computer Name = ASUS_Malte | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Dropbox.exe, Version: 2.0.22.0, Zeitstempel: 0x515f37bb Name des fehlerhaften Moduls: libcef.dll, Version: 1.1364.1123.0, Zeitstempel: 0x513530d7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005fba7 ID des fehlerhaften Prozesses: 0xe78 Startzeit der fehlerhaften Anwendung: 0x01ce5f0879b2eaa0 Pfad der fehlerhaften Anwendung: C:\Users\Malte\AppData\Roaming\Dropbox\bin\Dropbox.exe Pfad des fehlerhaften Moduls: C:\Users\Malte\AppData\Roaming\Dropbox\bin\libcef.dll Berichtskennung: c030f8a1-cb0b-11e2-bb8e-f8721c13ac96 Error - 02.06.2013 02:16:46 | Computer Name = ASUS_Malte | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 02.06.2013 02:54:11 | Computer Name = ASUS_Malte | Source = VmbService | ID = 0 Description = conflictManagerTypeValue Error - 02.06.2013 14:20:50 | Computer Name = ASUS_Malte | Source = VmbService | ID = 0 Description = conflictManagerTypeValue [ System Events ] Error - 03.06.2013 15:06:11 | Computer Name = ASUS_Malte | Source = Service Control Manager | ID = 7001 Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.06.2013 15:06:11 | Computer Name = ASUS_Malte | Source = Service Control Manager | ID = 7001 Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.06.2013 15:06:14 | Computer Name = ASUS_Malte | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD avipbb DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx tmtdi VBoxDrv VBoxUSBMon vwififlt Wanarpv6 WfpLwf Error - 03.06.2013 15:07:20 | Computer Name = ASUS_Malte | Source = DCOM | ID = 10005 Description = Error - 03.06.2013 15:07:22 | Computer Name = ASUS_Malte | Source = DCOM | ID = 10005 Description = Error - 03.06.2013 15:07:22 | Computer Name = ASUS_Malte | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.06.2013 15:07:22 | Computer Name = ASUS_Malte | Source = DCOM | ID = 10005 Description = Error - 03.06.2013 15:07:22 | Computer Name = ASUS_Malte | Source = DCOM | ID = 10005 Description = Error - 03.06.2013 15:08:14 | Computer Name = ASUS_Malte | Source = Service Control Manager | ID = 7001 Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.06.2013 15:09:26 | Computer Name = ASUS_Malte | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Logfile[/code] |
03.06.2013, 21:05 | #4 |
/// TB-Ausbilder | Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Hallo ms11 und Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg. Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind. Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist. Hinweise zum Ablauf
Los geht's: Kannst du nach folgendem Fix wieder normal starten ohne Sperrbildschirm? Schritt 1 Erstelle zuerst auf einem Zweitrechner das Fixskript:
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
03.06.2013, 21:15 | #5 |
| Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter bitteschön: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Malte\AppData\Roaming\skype.dat deleted successfully. C:\Users\Malte\AppData\Roaming\skype.dat moved successfully. C:\Users\Malte\AppData\Roaming\skype.ini moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Malte ->Temp folder emptied: 6280007 bytes ->Temporary Internet Files folder emptied: 1045394 bytes ->Java cache emptied: 5427682 bytes ->FireFox cache emptied: 66452306 bytes ->Flash cache emptied: 57055 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9768 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72003 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 76,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06032013_221240 Sorry mit FIXlog kann ich gerade nichts anfangen. Mein Rechner lässt sich normal starten und jetzt läuft antivir durch. Ist die Gefahr gebannt? Kann ich noch etwas, um deine Arbeit zu unterstützen? Bin schon echt begeistert, dass ich meinen Rechner normal starten kann. Will auf jeden Fall sicher sein, dass der Rechner gefahrlos wieder benutzt werden kann. N großes Danke schon mal! |
03.06.2013, 22:26 | #6 |
/// TB-Ausbilder | Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Hallo, der Sperrbildschirm ist erlegt. Machen wir weiter: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter |
04.06.2013, 19:55 | #7 |
| Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Schritt 1:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 04/06/2013 um 20:49:12 erstellt # Aktualisiert am 16/05/2013 von Xplode # Betriebssystem : Windows 7 Home Premium (64 bits) # Benutzer : Malte - ASUS_MALTE # Bootmodus : Normal # Ausgeführt unter : M:\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\END Datei Gelöscht : C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\searchplugins\Askcom.xml Datei Gelöscht : C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\searchplugins\icqplugin.xml Datei Gelöscht : C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\searchplugins\icqplugin-1.xml Datei Gelöscht : C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\searchplugins\icqplugin-2.xml Datei Gelöscht : C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\searchplugins\icqplugin-3.xml Datei Gelöscht : C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\searchplugins\Web Search.xml Ordner Gelöscht : C:\Program Files (x86)\Ask.com Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar Ordner Gelöscht : C:\Program Files (x86)\Wajam Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\Users\Malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl Ordner Gelöscht : C:\Users\Malte\AppData\Local\Wajam Ordner Gelöscht : C:\Users\Malte\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Malte\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Ordner Gelöscht : C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} Ordner Gelöscht : C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\toolbar@ask.com Ordner Gelöscht : C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\vshare@toolbar Ordner Gelöscht : C:\Users\Malte\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\Iminent Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Wajam Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DeviceVM Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Schlüssel Gelöscht : HKLM\Software\Wajam Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16476 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=hp&exp=true --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa4a839-2db2-4de6-9661-68ad19aebe35&searchtype=ds&q={searchTerms} --> hxxp://www.google.com -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\prefs.js Gelöscht : user_pref("browser.search.defaultengine", "Ask.com"); Gelöscht : user_pref("browser.search.order.1", "Ask.com"); Gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\"); Gelöscht : user_pref("extensions.asktb.abar-war-timeout", "4000"); Gelöscht : user_pref("extensions.asktb.autofill-competitor-query-enabled", true); Gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true); Gelöscht : user_pref("extensions.asktb.cbid", "^AAA"); Gelöscht : user_pref("extensions.asktb.config-updated", true); Gelöscht : user_pref("extensions.asktb.crumb", "2011.07.16+02.01.50-toolbar012iad-DE-SGFtYnVyZyxHZXJtYW55"); Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...] Gelöscht : user_pref("extensions.asktb.displaybehavior", ""); Gelöscht : user_pref("extensions.asktb.displaytext", ""); Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE"); Gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false); Gelöscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0049"); Gelöscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C"); Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.icq.com/search/afe_results.php?[...] Gelöscht : user_pref("extensions.asktb.fresh-install", false); Gelöscht : user_pref("extensions.asktb.guid", "cf53d0ce-2b1f-43bb-b629-0e84e715cdae"); Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] Gelöscht : user_pref("extensions.asktb.if", "first"); Gelöscht : user_pref("extensions.asktb.l", "dis"); Gelöscht : user_pref("extensions.asktb.last-config-req", "1333299863525"); Gelöscht : user_pref("extensions.asktb.last-v", "3.14.0.100009"); Gelöscht : user_pref("extensions.asktb.locale", "de_DE"); Gelöscht : user_pref("extensions.asktb.location", "Hamburg,Germany"); Gelöscht : user_pref("extensions.asktb.lstation", ""); Gelöscht : user_pref("extensions.asktb.news-native-on", true); Gelöscht : user_pref("extensions.asktb.o", "1586"); Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Gelöscht : user_pref("extensions.asktb.pstate", ""); Gelöscht : user_pref("extensions.asktb.qsrc", "2871"); Gelöscht : user_pref("extensions.asktb.r", "6"); Gelöscht : user_pref("extensions.asktb.sa", "YES"); Gelöscht : user_pref("extensions.asktb.saguid", "6FCD0014-5858-4354-A221-420BA1314471"); Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true); Gelöscht : user_pref("extensions.asktb.silent-upgrade", true); Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); Gelöscht : user_pref("extensions.asktb.socialmini-first", true); Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000"); Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33"); Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30"); Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true); Gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000"); Gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false); Gelöscht : user_pref("extensions.asktb.themeid", ""); Gelöscht : user_pref("extensions.asktb.to", ""); Gelöscht : user_pref("extensions.asktb.v", "3.14.0.100010"); Gelöscht : user_pref("extensions.asktb.volume", ""); Gelöscht : user_pref("extensions.vshare@toolbar.update.enabled", false); Gelöscht : user_pref("icqtoolbar.allowSendURL", false); Gelöscht : user_pref("icqtoolbar.engineVerified", false); Gelöscht : user_pref("icqtoolbar.geolastmodified", 1332705077); Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options"); Gelöscht : user_pref("icqtoolbar.history", "annika%20helm||jessica%20mora%20deutschland||mittelmeer||the%20spec[...] Gelöscht : user_pref("icqtoolbar.icqgeo", 49); Gelöscht : user_pref("icqtoolbar.installTime", "1299782644"); Gelöscht : user_pref("icqtoolbar.installsource", "1"); Gelöscht : user_pref("icqtoolbar.newtab_state", "1"); Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0); Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.26"); Gelöscht : user_pref("icqtoolbar.skip_default_search", "yes"); Gelöscht : user_pref("icqtoolbar.suggestions", false); Gelöscht : user_pref("icqtoolbar.uniqueID", "129969479512996945891299782644937"); Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1333299866); Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0); Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0); Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0); Gelöscht : user_pref("icqtoolbar.voucherWasShown", 1); Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false); Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de"); Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=efa[...] Gelöscht : user_pref("vshare.install.date", "1289606400000"); Gelöscht : user_pref("vshare.install.finished", "1.0.0"); Gelöscht : user_pref("vshare.install.guid", "{a366e9c5-e410-43b8-b3b4-f5ac4627e0d7}"); Gelöscht : user_pref("vshare.install.laststatreq", "1333238400000"); Gelöscht : user_pref("vshare.install.newtab", false); Gelöscht : user_pref("vshare.install.overlayVersion", 1); -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Malte\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [372 octets] - [04/06/2013 20:48:38] AdwCleaner[S2].txt - [26594 octets] - [04/06/2013 20:49:12] ########## EOF - C:\AdwCleaner[S2].txt - [26655 octets] ########## Schritt 2: Combofix Logfile: Code:
ATTFilter ComboFix 13-06-03.06 - Malte 04.06.2013 21:01:49.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4021.2076 [GMT 2:00] ausgeführt von:: c:\users\Malte\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\alotappbar c:\program files (x86)\alotappbar\alotUninst.exe c:\program files (x86)\alotappbar\bin\alotappbar.dll c:\program files (x86)\alotappbar\bin\alothelper.dll c:\program files (x86)\alotappbar\bin\ALOTSettings.exe c:\program files (x86)\alotappbar\bin\alotwidgets.exe c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll c:\programdata\FullRemove.exe c:\users\Malte\AppData\Roaming\.# c:\windows\IsUn0407.exe c:\windows\msvcr71.dll . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_AlotService . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-04 bis 2013-06-04 )))))))))))))))))))))))))))))) . . 2013-06-03 20:23 . 2013-06-03 20:23 -------- d-----w- c:\windows\system32\SPReview 2013-05-31 18:00 . 2013-05-13 23:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EE62BA2-427F-43D5-AB63-3A71E2A876AC}\mpengine.dll 2013-05-27 13:49 . 2013-05-27 13:49 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2013-05-17 19:41 . 2013-05-17 19:41 -------- d-----w- c:\users\Malte\AppData\Roaming\FLEXnet 2013-05-17 19:32 . 2013-05-17 19:32 -------- d-----w- c:\users\Malte\AppData\Roaming\Vodafone 2013-05-17 19:30 . 2013-05-17 19:31 -------- d-----w- c:\programdata\Vodafone 2013-05-17 19:30 . 2013-05-17 19:30 -------- d-----w- c:\programdata\FLEXnet 2013-05-17 19:30 . 2013-05-17 19:30 -------- d-----w- c:\program files (x86)\Vodafone 2013-05-17 19:28 . 2013-05-17 19:28 -------- d-----w- c:\users\Malte\AppData\Local\{EBB94E3B-3BF9-4353-8238-02E9637A682C} 2013-05-11 10:03 . 2013-06-01 20:42 45056 ----a-w- c:\windows\system32\acovcnt.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-19 11:22 . 2012-04-30 15:29 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-19 11:22 . 2011-12-12 15:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-02 00:06 . 2010-01-15 17:33 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-12 14:36 . 2013-04-23 21:16 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-03-25 21:32 . 2013-03-25 21:32 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-25 21:32 . 2012-11-07 12:51 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-25 21:32 . 2010-06-12 17:35 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-19 06:19 . 2013-04-11 10:29 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:54 . 2013-04-11 10:29 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:06 . 2013-04-11 10:29 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:06 . 2013-04-11 10:29 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:53 . 2013-04-11 10:29 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:19 . 2013-04-11 10:29 112640 ----a-w- c:\windows\system32\smss.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624] "Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-01-15 2429] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SsAAD.exe"="c:\progra~2\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920] "MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-07-14 279552] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184] . c:\users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Malte\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnsusbser.sys [x] R3 cpuz135;cpuz135;c:\users\Malte\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\Malte\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x] R3 GPU-Z;GPU-Z;c:\users\Malte\AppData\Local\Temp\GPU-Z.sys;c:\users\Malte\AppData\Local\Temp\GPU-Z.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 vodafone_zte_cdc_acm;Vodafone Vodafone ZTE CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_zte_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_zte_cdc_acm.sys [x] R3 vodafone_zte_cdc_ecm;vodafone_zte_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_zte_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_zte_cdc_ecm.sys [x] R3 vodafone_zte_cpo;Vodafone Vodafone ZTE Install;c:\windows\system32\DRIVERS\vodafone_zte_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_zte_cpo.sys [x] R3 vodafone_zte_ecm_enum;Vodafone Vodafone ZTE DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_zte_ecm_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_zte_ecm_enum.sys [x] R3 vodafone_zte_ecm_enum_filter;vodafone_zte_ecm_enum_filter;c:\windows\system32\DRIVERS\vodafone_zte_ecm_enum_filter.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_zte_ecm_enum_filter.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/08 21:59];c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl;c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl [x] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x] S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys;c:\windows\SYSNATIVE\DRIVERS\tmpreflt.sys [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x] S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe;c:\program files (x86)\XSManager\WTGService.exe [x] S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe;c:\windows\service4g.exe [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2013-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 11:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Malte\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe TCP: Interfaces\{C0F92485-94A5-433C-871E-9BBB71EF735E}: NameServer = 139.7.30.125 139.7.30.126 FF - ProfilePath - c:\users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll Toolbar-Locked - (no file) Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files (x86)\alotappbar\bin\ALOTHelper.dll Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-Locked - (no file) AddRemove-alotAppbar - c:\program files (x86)\alotappbar\alotUninst.exe AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr AddRemove-Theme Park World - c:\windows\IsUn0407.exe AddRemove-WBS - c:\windows\ISUN0407.EXE AddRemove-Winamp Detect - c:\program files (x86)\Winamp Detect\UninstWaDetect.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1292277551-2420784053-1220456319-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2c,d3,6a,b8,2d,05,9e,c1,bc,47,d6,45,aa,8d,b1,37,17,c7,a2,23,b6,d2,a4, 46,65,4a,38,c5,0d,1a,13,2a,43,c9,40,f1,2e,11,10,b3,74,88,5c,ce,dd,3c,5f,80,\ "??"=hex:7f,1e,ad,ae,ce,75,1b,49,87,e7,2c,21,2b,c3,84,90 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe c:\program files (x86)\Sony\SonicStage\SSAAD.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\windows\AsScrPro.exe c:\program files (x86)\Cyberlink\Shared Files\brs.exe c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe c:\program files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe c:\program files (x86)\Common Files\Java\Java Update\jusched.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-06-04 21:21:40 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-06-04 19:21 . Vor Suchlauf: 12 Verzeichnis(se), 10.260.307.968 Bytes frei Nach Suchlauf: 9.785.004.032 Bytes frei . - - End Of File - - DCC1CDE6BB5572DED637F36D51D5ED6D 3. Schritt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.06.2013 21:25:09 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = M:\ 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 61,63% Memory free 7,85 Gb Paging File | 6,15 Gb Available in Paging File | 78,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 9,25 Gb Free Space | 7,94% Space Free | Partition Type: NTFS Drive D: | 334,67 Gb Total Space | 30,93 Gb Free Space | 9,24% Space Free | Partition Type: NTFS Drive M: | 3,73 Gb Total Space | 3,71 Gb Free Space | 99,57% Space Free | Partition Type: FAT32 Computer Name: ASUS_MALTE | User Name: Malte | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.03 21:03:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- M:\OTL.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Malte\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe PRC - [2011.07.14 15:45:14 | 000,279,552 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe PRC - [2011.06.28 21:08:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 17:23:45 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.18 00:29:28 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.04.30 13:24:26 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe PRC - [2010.01.09 08:42:53 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009.11.21 05:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.10.27 06:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009.10.26 20:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009.09.01 11:00:09 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe PRC - [2009.08.20 06:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2009.08.12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009.07.07 00:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2009.05.19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008.12.05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2005.01.24 20:58:02 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SonicStage\SSAAD.exe PRC - [2005.01.24 19:36:52 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe ========== Modules (No Company Name) ========== MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.14 00:19:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bfceac53dda4bf7ba2f5020573f80163\System.ServiceProcess.ni.dll MOD - [2013.02.14 00:19:02 | 010,578,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\006a1cc96c69dcec01429459532153fb\System.Design.ni.dll MOD - [2013.02.14 00:18:58 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9e64c6dea847aec2685eec4da29ea9b0\System.Web.Services.ni.dll MOD - [2013.02.14 00:18:45 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013.01.10 11:36:23 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\7d3a95d2123d5a7982a451f1319fab8d\System.Core.ni.dll MOD - [2013.01.10 11:36:16 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll MOD - [2013.01.10 00:24:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 00:24:20 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\00038bb019bb7e4470d3962b58b1926f\System.Transactions.ni.dll MOD - [2013.01.10 00:24:19 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll MOD - [2013.01.10 00:23:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013.01.10 00:23:44 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\549690bfac66934b7c7fd5cf8b120b7c\PresentationCore.ni.dll MOD - [2013.01.10 00:23:44 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\612bad9f3a4f378c9c09cbb7460e3a93\Accessibility.ni.dll MOD - [2013.01.10 00:23:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll MOD - [2013.01.10 00:23:30 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\a412f0883db9c3276979d690a071dbfe\System.Security.ni.dll MOD - [2013.01.10 00:23:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll MOD - [2013.01.10 00:23:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll MOD - [2013.01.10 00:23:23 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013.01.10 00:23:16 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.07.14 15:43:08 | 000,381,952 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.09.24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe MOD - [2009.08.04 11:49:50 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2009.08.04 11:49:46 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.08.04 11:49:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2005.01.24 20:58:02 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SonicStage\SSAAD.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.10.09 11:00:14 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV:64bit: - [2009.11.18 07:45:39 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.09.29 18:32:31 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV:64bit: - [2009.09.29 18:32:29 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy) SRV:64bit: - [2009.09.17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.08.07 00:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2013.05.26 22:50:12 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.19 13:22:55 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService) SRV - [2011.06.28 21:08:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 17:23:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.18 00:29:28 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2005.01.26 16:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2005.01.26 16:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2005.01.26 16:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2005.01.24 19:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.12 16:02:24 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012.06.20 22:53:05 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.12 12:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt) DRV:64bit: - [2011.07.12 12:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt) DRV:64bit: - [2011.07.12 12:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint) DRV:64bit: - [2011.06.28 21:08:14 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 21:08:14 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.20 17:15:54 | 000,058,880 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cdc_ecm.sys -- (vodafone_zte_cdc_ecm) DRV:64bit: - [2011.05.20 17:15:54 | 000,056,320 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_ecm_enum_filter.sys -- (vodafone_zte_ecm_enum_filter) DRV:64bit: - [2011.05.20 17:15:54 | 000,056,320 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_ecm_enum.sys -- (vodafone_zte_ecm_enum) DRV:64bit: - [2011.05.20 17:15:52 | 000,079,872 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cdc_acm.sys -- (vodafone_zte_cdc_acm) DRV:64bit: - [2011.05.20 17:15:52 | 000,014,336 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cpo.sys -- (vodafone_zte_cpo) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.22 16:08:50 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010.09.01 14:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.01.15 23:15:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.11.21 05:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.21 05:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.18 08:21:19 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.13 10:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.10.15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009.10.05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.30 03:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.29 18:33:17 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.08.20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.08.07 00:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.08.06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.08.06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.20 12:04:55 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.05.13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.07.24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2009.09.02 02:59:44 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/08 21:59:00] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\SearchScopes\{17623F8D-B5F8-4EAA-8F4E-591214C6E5F3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=cf53d0ce-2b1f-43bb-b629-0e84e715cdae&apn_sauid=6FCD0014-5858-4354-A221-420BA1314471 IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: appbar%40alot.com:1.0.17000 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.0.100010 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Malte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.02.01 01:29:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.26 22:50:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.26 22:50:03 | 000,000,000 | ---D | M] [2010.04.18 13:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malte\AppData\Roaming\mozilla\Extensions [2013.06.04 20:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malte\AppData\Roaming\mozilla\Firefox\Profiles\rtjwuswc.default\extensions [2012.06.06 23:44:05 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\Malte\AppData\Roaming\mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com [2012.12.11 13:19:29 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.02.15 22:24:12 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-10.xml [2011.08.18 19:16:18 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-4.xml [2011.09.03 10:17:54 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-5.xml [2011.09.10 18:37:36 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-6.xml [2011.10.03 20:21:57 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-7.xml [2011.11.18 00:14:50 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-8.xml [2011.12.23 16:31:54 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-9.xml [2013.05.26 22:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.26 22:50:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013.05.26 22:50:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.05.26 22:50:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013.05.26 22:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.26 22:50:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: CHR - homepage: O1 HOSTS File: ([2013.06.04 21:13:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) O4 - HKLM..\Run: [SsAAD.exe] C:\PROGRA~2\Sony\SONICS~1\SsAAD.exe () O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - Startup: C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Malte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Malte\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Malte\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22D95502-B91E-4DFF-90DA-1BF106E16695}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B52E503-6FE7-45D9-92FE-310FB23D15D1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BAA87F7-63AE-4665-8150-3F1034E11519}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0F92485-94A5-433C-871E-9BBB71EF735E}: NameServer = 139.7.30.125 139.7.30.126 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.05.02 16:16:56 | 000,000,000 | ---D | M] - D:\Auto CD -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.04 21:21:42 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.04 21:13:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.06.04 20:58:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.04 20:58:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.04 20:58:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.04 20:58:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.04 20:57:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.04 20:56:03 | 005,077,441 | R--- | C] (Swearware) -- C:\Users\Malte\Desktop\ComboFix.exe [2013.06.03 22:23:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.05.27 15:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.05.27 15:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.05.26 22:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.26 20:36:37 | 000,000,000 | ---D | C] -- C:\Users\Malte\Desktop\Klarinette [2013.05.20 21:38:11 | 000,000,000 | ---D | C] -- C:\Users\Malte\Desktop\Neuer Ordner (3) [2013.05.17 21:41:02 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\FLEXnet [2013.05.17 21:32:50 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\Vodafone [2013.05.17 21:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone [2013.05.17 21:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone [2013.05.17 21:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone [2013.05.17 21:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2013.05.17 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\{EBB94E3B-3BF9-4353-8238-02E9637A682C} [2013.05.10 23:02:38 | 000,000,000 | ---D | C] -- C:\Users\Malte\Documents\Bachelor-Arbeit ========== Files - Modified Within 30 Days ========== [2013.06.04 21:22:52 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 21:22:52 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 21:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.04 21:13:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.04 21:12:48 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.06.04 21:12:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.04 21:12:35 | 3161,874,432 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 20:46:05 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.04 20:46:05 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.04 20:46:05 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.04 20:46:05 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.04 20:46:05 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.04 20:44:44 | 005,077,441 | R--- | M] (Swearware) -- C:\Users\Malte\Desktop\ComboFix.exe [2013.06.01 22:42:05 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.05.29 21:01:19 | 000,001,055 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.29 21:01:00 | 000,001,023 | ---- | M] () -- C:\Users\Malte\Desktop\Dropbox.lnk [2013.05.19 23:09:55 | 000,000,145 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\default.rss [2013.05.18 17:56:21 | 000,002,189 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.05.18 17:56:20 | 000,482,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.18 17:56:20 | 000,001,779 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.05.17 21:32:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_ecm_01009.Wdf [2013.05.17 21:32:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_acm_01009.Wdf [2013.05.17 21:32:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_ecm_enum_01009.Wdf [2013.05.17 21:31:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf [2013.05.17 21:30:46 | 000,002,198 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk ========== Files Created - No Company Name ========== [2013.06.04 20:58:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.04 20:58:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.04 20:58:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.04 20:58:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.04 20:58:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.20 21:36:12 | 000,001,055 | ---- | C] () -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.17 21:32:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_ecm_01009.Wdf [2013.05.17 21:32:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_acm_01009.Wdf [2013.05.17 21:32:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_ecm_enum_01009.Wdf [2013.05.17 21:31:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf [2013.05.17 21:30:46 | 000,002,198 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk [2013.05.11 12:03:32 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\acovcnt.exe [2012.12.17 09:13:23 | 000,006,656 | ---- | C] () -- C:\Users\Malte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.27 22:41:11 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.01.27 18:35:50 | 000,007,597 | ---- | C] () -- C:\Users\Malte\AppData\Local\Resmon.ResmonCfg [2012.01.10 10:37:37 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.07.12 14:02:16 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2010.01.19 17:33:09 | 000,000,145 | ---- | C] () -- C:\Users\Malte\AppData\Roaming\default.rss ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.12.12 19:56:00 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\click [2012.04.18 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\DAEMON Tools Lite [2012.05.14 21:50:42 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\DriverFinder [2013.06.04 21:24:30 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Dropbox [2011.07.16 11:02:54 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\DVDVideoSoft [2012.04.29 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\GetRightToGo [2010.01.15 21:26:06 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\GoBoingo [2011.05.28 13:55:46 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\HTC [2011.05.28 13:54:59 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2013.02.08 21:40:05 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\ICQ [2012.03.30 21:12:20 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Langenscheidt [2011.10.04 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Notepad++ [2013.02.21 20:05:07 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\OpenOffice.org [2011.05.28 13:55:46 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Outlook [2010.04.22 14:39:37 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\PlagiarismFinder [2012.04.28 23:02:50 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\ProtectDISC [2013.01.28 13:34:55 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Unity [2013.05.17 21:32:50 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Vodafone [2013.05.05 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\www.rene-zeidler.de [2012.07.20 20:35:56 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\XSManager ========== Purity Check ========== < End of report > |
04.06.2013, 21:30 | #8 |
/// TB-Ausbilder | Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Hallo, da laufen bei dir Komponenten von zwei verschiedenen Antivirenprogrammen (Trend Micro Internet Security und Avira), das sollte nicht sein. Aber Avira ist ja irgendwie nicht mehr richtig installiert, ist das korrekt? Führe in diesem Fall mal den Avira Registry Cleaner aus. Schritt 1 Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
04.06.2013, 22:03 | #9 |
| Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Anti Vir habe ich deaktiviert wie du es beschrieben hattest. Das andere Programm war vorinstalliert. Eig hatte ich das deinstalliert, aber es läuft ja anscheinen immernoch im Hintergrund. SystemLook 30.07.11 by jpshortstuff Log created at 23:07 on 04/06/2013 by Malte Administrator - Elevation successful ========== filefind ========== Searching for "*alot*" C:\Program Files (x86)\Age of Empires 2\AI\Chameleon\strategies\scripts\saracens\rml.fc.saracen-zealotry.per --a---- 230867 bytes [08:48 05/11/2012] [07:01 02/04/2011] 368A5CBEB259CFE002056A062833671E C:\Qoobox\Quarantine\C\Program Files (x86)\alotappbar\alotUninst.exe.vir --a---- 215328 bytes [21:42 06/06/2012] [21:42 06/06/2012] 5E5E933F8E50F3EC3C96D7216C395CA4 C:\Qoobox\Quarantine\C\Program Files (x86)\alotappbar\bin\alotappbar.dll.vir --a---- 1070952 bytes [13:04 16/04/2012] [13:04 16/04/2012] B0C2201BF2651CA7BBF5AF330E03E51E C:\Qoobox\Quarantine\C\Program Files (x86)\alotappbar\bin\alothelper.dll.vir --a---- 62312 bytes [13:04 16/04/2012] [13:04 16/04/2012] FE07E733B538ED4DE8B72460B524D65A C:\Qoobox\Quarantine\C\Program Files (x86)\alotappbar\bin\ALOTSettings.exe.vir --a---- 61288 bytes [13:04 16/04/2012] [13:04 16/04/2012] 0BFE0ACA4208E104AB60EA92AF24E62B C:\Qoobox\Quarantine\C\Program Files (x86)\alotappbar\bin\alotwidgets.exe.vir --a---- 637288 bytes [13:04 16/04/2012] [13:04 16/04/2012] 43FA2D1A49F72EB3A833175AC81CD504 C:\Qoobox\Quarantine\C\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll.vir --a---- 62312 bytes [21:42 06/06/2012] [13:04 16/04/2012] FE07E733B538ED4DE8B72460B524D65A C:\Qoobox\Quarantine\Registry_backups\Service_AlotService.reg.dat --a---- 1452 bytes [19:07 04/06/2013] [19:07 04/06/2013] 172C4865499FF246B889FE98E544E0D3 C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-100x51.png --a---- 9027 bytes [13:04 16/04/2012] [13:04 16/04/2012] 91019B4FB46C99B84589A5AD2F0FB567 C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-13x13.png --a---- 519 bytes [13:04 16/04/2012] [13:04 16/04/2012] 58415AF3DDA1196FDD8F6580E93BDE34 C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-16x16.png --a---- 643 bytes [13:04 16/04/2012] [13:04 16/04/2012] 23BE87901A2B36F105B74EED47CCF557 C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-65x34-hover.png --a---- 3467 bytes [13:04 16/04/2012] [13:04 16/04/2012] 2BBE6424C7AEC5FEA1040DA07537A17D C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-65x34.png --a---- 7523 bytes [13:04 16/04/2012] [13:04 16/04/2012] 759DC510428B0425F8B507AB3FEB70AE C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-95x55.png --a---- 6579 bytes [13:04 16/04/2012] [13:04 16/04/2012] F01731D799D9D0DEF70A47B2A42AB8D6 C:\Users\Malte\AppData\LocalLow\alotservice\alotservice.exe --a---- 201576 bytes [13:04 16/04/2012] [13:04 16/04/2012] 3D90C2C37EAD8F51F7A4ECB5CBB24FCE C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\chrome\alottb.jar --a---- 655863 bytes [21:43 06/06/2012] [21:43 06/06/2012] 267E0013D401BD7CCDC6B526D4615B26 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAboutAlotError.js --a---- 7079 bytes [21:43 06/06/2012] [21:43 06/06/2012] 40DF55D6347CAE5367B35C031E1FD100 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotCustom.js --a---- 886 bytes [21:43 06/06/2012] [21:43 06/06/2012] 9EAD0D7A8DCCA4E341345B5860AEAA5B C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotCustomButton.js --a---- 831 bytes [21:43 06/06/2012] [21:43 06/06/2012] B9F317C0B203922C5B3799F7FEC37281 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotSitepass.js --a---- 2731 bytes [21:43 06/06/2012] [21:43 06/06/2012] C811689C92FA0B19744AB67EC92CF926 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotToolbar.js --a---- 997 bytes [21:43 06/06/2012] [21:43 06/06/2012] EE9A213EDB324853037A54C8E587908E C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotWidget.js --a---- 974 bytes [21:43 06/06/2012] [21:43 06/06/2012] FEE839182AE5933C979164F05DC0593D C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotWidgetAppBand.js --a---- 905 bytes [21:43 06/06/2012] [21:43 06/06/2012] 5869CAD87F9423C2FDB1DA201EA3E736 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotWidgetBrowser.js --a---- 905 bytes [21:43 06/06/2012] [21:43 06/06/2012] 5A001899C89A13122D2F8DC893CE6F5D C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotWidgetButton.js --a---- 901 bytes [21:43 06/06/2012] [21:43 06/06/2012] 82FA5FB0B7ABC73997D7F13BEA6F6C8A C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotWidgetFileHelper.js --a---- 960 bytes [21:43 06/06/2012] [21:43 06/06/2012] 835D4B50E2DA59F760911F5995A90BE2 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotWidgetRegistryHelper.js --a---- 921 bytes [21:43 06/06/2012] [21:43 06/06/2012] 11CCAAB82A53B2AE9E1E73CD4B93A4B3 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotWidgetTabHelper.js --a---- 971 bytes [21:43 06/06/2012] [21:43 06/06/2012] E6C6D842D427F409F888E37776BA1C27 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotWidgetWebSnapshots.js --a---- 977 bytes [21:43 06/06/2012] [21:43 06/06/2012] 5F9A1656705B0B3D66F3326D33AD63CB C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aAlotWidgetWindow.js --a---- 832 bytes [21:43 06/06/2012] [21:43 06/06/2012] 24AB4ABDA5F290C7CE816392CF1C101A C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotCustom.xpt --a---- 451 bytes [21:43 06/06/2012] [21:43 06/06/2012] 9858512B3288B08AD2191B081AAE905C C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotCustomButton.xpt --a---- 328 bytes [21:43 06/06/2012] [21:43 06/06/2012] C65AEDB7BEBB0F42F901B73972F322C7 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotSitepass.xpt --a---- 435 bytes [21:43 06/06/2012] [21:43 06/06/2012] 01703A0EA43BA2FDC45C6ECF8AF173E7 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotWidget.xpt --a---- 1195 bytes [21:43 06/06/2012] [21:43 06/06/2012] E7D67BF95F4B3598C5E1A45FA4BA2B8B C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotWidgetAppBand.xpt --a---- 310 bytes [21:43 06/06/2012] [21:43 06/06/2012] 8D4EA6DA2740FF9F2B7069079E6C8D35 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotWidgetBrowser.xpt --a---- 428 bytes [21:43 06/06/2012] [21:43 06/06/2012] 32A4BF1A28703882C6EF6E85D5E68763 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotWidgetButton.xpt --a---- 537 bytes [21:43 06/06/2012] [21:43 06/06/2012] 947EDD2E27411D84E621822EE978C5A6 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotWidgetFileHelper.xpt --a---- 432 bytes [21:43 06/06/2012] [21:43 06/06/2012] BB74194DE83545ECFAEDE7214499A18A C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotWidgetRegistryHelper.xpt --a---- 351 bytes [21:43 06/06/2012] [21:43 06/06/2012] 1E98F66EA660C24073A2537392C78BF9 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotWidgetTabHelper.xpt --a---- 595 bytes [21:43 06/06/2012] [21:43 06/06/2012] 3210AF6C4D64751F3F8AA01F6F18E264 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotWidgetWebSnapshots.xpt --a---- 235 bytes [21:43 06/06/2012] [21:43 06/06/2012] 11AF508DAE5558727F7CDB4F3E0514F5 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components\aIAlotWidgetWindow.xpt --a---- 452 bytes [21:43 06/06/2012] [21:43 06/06/2012] D6B449D301FB02460733072F5022F1B0 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\defaults\preferences\alottb.js --a---- 1622 bytes [21:43 06/06/2012] [21:43 06/06/2012] D00F5E2917045508D8973EA3E772C563 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\gen\alottb-search-defend-dialog.xul --a---- 1572 bytes [21:44 06/06/2012] [21:41 25/03/2013] BD8F0C618C78FF62D451805D0C0560A6 C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\gen\alottb-widgetWin.xul --a---- 2617 bytes [21:44 06/06/2012] [21:44 06/06/2012] 8A0D759B6BAA4923D8CCB1B854DE1F7D C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\gen\alottb-widgetWinError.html --a---- 1892 bytes [21:44 06/06/2012] [21:44 06/06/2012] 7932C32D536A5ABD8F2BA1989DC691FB ========== folderfind ========== Searching for "*alot*" C:\Qoobox\Quarantine\C\Program Files (x86)\alotappbar d------ [19:10 04/06/2013] C:\Users\Malte\AppData\LocalLow\alotappbar d------ [21:42 06/06/2012] C:\Users\Malte\AppData\LocalLow\alotservice d------ [21:42 06/06/2012] C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\alot-appbar d------ [21:44 06/06/2012] C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com d------ [21:43 06/06/2012] ========== regfind ========== Searching for "alot" [HKEY_CURRENT_USER\Software\AppDataLow\Software\alotappbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] @="ALOT Appbar Helper" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\InprocServer32] @="C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}] @="ALOT Appbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\InprocServer32] @="C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}] "DllName"="alotBHO.dll;alotBHO.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] "DllName"="alot.dll;alot.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}] "DllName"="alotBHO.dll;alotBHO.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] "DllName"="alot.dll;alot.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}] "AppName"="alotwidgets.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}] "AppPath"="C:\Program Files (x86)\alotappbar\bin" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4cc9-B2B4-C546BCCF8706}] "AppName"="alotsettings.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4cc9-B2B4-C546BCCF8706}] "AppPath"="C:\Program Files (x86)\alotappbar\bin" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{A531D99C-5A22-449b-83DA-872725C6D0ED}"="ALOT Appbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\alotservice_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\alotservice_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] @="ALOT Appbar Helper" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar] "DisplayName"="ALOT Appbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar] "UninstallString"=""C:\Program Files (x86)\alotappbar\alotUninst.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar] "DisplayIcon"="C:\Program Files (x86)\alotappbar\alotUninst.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar] "HelpLink"="hxxp://www.alot.com/faq" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar] "Publisher"="ALOT" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] @="ALOT Appbar Helper" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\InprocServer32] @="C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}] @="ALOT Appbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\InprocServer32] @="C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AlotService] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AlotService] "ImagePath"="C:\Users\Malte\AppData\LocalLow\alotservice\alotservice.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AlotService] "DisplayName"="ALOT Update Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AlotService] "Description"="Periodically updates ALOT products" [HKEY_USERS\S-1-5-21-1292277551-2420784053-1220456319-1000\Software\AppDataLow\Software\alotappbar] Searching for " " [HKEY_CURRENT_USER\Software\VB and VBA Program Settings\CK-Skatsv\Settings] "ckName1"="Maltus " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\ASPEncoder] "Description"=" <h3>Das Kernstück Ihres HD-Videoerlebnisses</h3> <p>Der Codec, der die Videowelt revolutioniert hat, wurde weiter optimiert. Wir bezeichnen diese Version als „Pro“, da sie zudem fantastische fortschrittliche Encoding-Einstellungen bietet, mit denen Sie mit Drittanbietersoftware hochwertige DivX-Video generieren können, die auf jedem beliebigen DivX Certified®-Gerät wiedergegeben werden können.</p> <h3>Gute Gründe für den DivX Codec</h3> <ul> <li>Erstellen Sie mit Drittanbietersoftware oder mit dem DivX Converter hochwertige, stark komprimierte DivX-Videos.</li> <li>Wir garantieren, dass Ihre Videos abgesehen von Deinem PC auch auf DivX Certified-DVD-Playern, Mobiltelefonen, Spielekonsolen uvm. abgespielt werden können.</li> <li>Optimieren Sie Ihre Videos mit den fortschrittlichen Encoding-Einstellungen, um hochwertigere Dateien zu erhalten.</li> </ul>" [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter] "Description"=" <p>Der DivX Plus Converter nimmt gängige Videoformate und erstellt auf einfache Weise DivX- oder DivX Plus-Dateien für Ihre DivX Certified®-Geräte.</p> <ul> <li>Konvertieren Sie die Formate per Drag-&-Drop in .divx (DivX-Video) und .mkv (DivX Plus-Video)</li> <li>Erstellen Sie fortschrittliche DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf</li> <li>Steuern Sie Ihre Dateien mit den fortschrittlichen Encoding-Optionen</li> <li>Vereinen Sie mehrere Videos zu einer .divx- oder .mkv-Datei</li> <li>Konvertieren Sie Video-Batches - selbst mit Videos unterschiedlicher Formate - in einer einzigen Sitzung</li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player] "Description"=" <p>Der DivX Plus Player ist für das beste Wiedergabeerlebnis auf Deinem PC optimiert.</p> <ul> <li>Sehen Sie sich ruckelfreie High-Definition-Videos auf Deinem PC an (bis zu 1080 p)</li> <li>Einfacher Transfer von Videos an DivX-Geräte</li> <li>Erleben Sie die DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen</li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com] "BundleGroupDescription"=" <p>Die DivX Plus-Software enthält alles, was Du für ein kinoähnliches Erlebnis auf Deinem Computer, in Deinem Wohnzimmer und unterwegs benötigst. Für ein optimales Erlebnis mit DivX-Videos <b>empfehlen wir die Komplettinstallation aller Komponenten</b>.</p> <h3>Mit DivX Plus-Software kannst Du:</h3> <ul> <li>Ruckelfreie HD-Videos auf Deinem Computer ansehen</li> <li>Videos mühelos an DivX Certified®-Geräte übertragen</li> <li>Die fortschrittlichen DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen, genießen</li> <li>DivX-Videos auf Deiner Website oder in Deinen Blog integrieren</li> <li>Dateien platzsparend in ein DivX-Video umwandeln oder auf DivX-Geräten wiedergeben</li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\FiltersAndCodecs] "Description"=" <p>Mit dem DivX Plus Codec Pack können Sie sich DivX-Videos in Deiner bevorzugten Drittanbieteranwendung ansehen.</p> <ul> <li>Geben Sie die Formate .divx, .avi und .mkv (DivX- und DivX Plus-Video) auf gängigen Media-Playern (wie beispielsweise dem Windows Media Player, QuickTime, Media Player Classic) wieder</li> <li>Erstellen Sie mit Drittanbietersoftware (beispielsweise Virtual Dub) .avi-Dateien (DivX-Video) </li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\Player] "Description"=" <p>Der DivX Plus Player ist für das beste Wiedergabeerlebnis auf Deinem PC optimiert.</p> <ul> <li>Sehen Sie sich ruckelfreie High-Definition-Videos auf Deinem PC an (bis zu 1080 p)</li> <li>Einfacher Transfer von Videos an DivX-Geräte</li> <li>Erleben Sie die DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen</li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer] "Description"=" <p>Der DivX Plus Web Player ist die ideale Lösung zur Wiedergabe von Videos in Deinem Browser</p> <ul> <li>Geben Sie DivX- oder DivX Plus HD (.mkv)-Videos - mit bis zu 1080 p HD - in Deinem Browser wieder</li> <li>Fügen Sie DivX-Videos</u> auf einfache Weise Deiner Website oder Deinem Blog hinzu</li> <li>Sehen Sie sich hochwertige Videos von tausenden von Websites direkt in Deinem Browser an</li> <li>Laden Sie Videos herunter, um sie sich später anzusehen</li> <li>Genießen Sie mehrere Tonspuren und Untertitel</li> </ul> " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell] "ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32] "ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\SonicStage\GUI\InternalMS] "Sony MSC-U01 "="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\SonicStage\GUI\InternalMS] "Sony MSC-U02 "="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\SonicStage\GUI\InternalMS] "Sony MSC-U03 "="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sony Corporation\SonicStage\GUI\InternalMS] "Sony MSC-U04 "="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#0906239604100A&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#090623960A84FD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#0906239682A4DD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396BA05ED&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396E7F30E&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396F857AD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062452E071B0&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#1007039501176C&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_5.00#0202061159070072468702 &0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11032758006009&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001A135 FA8&0#] "DeviceDesc"="iPod " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EX&PROD_U3M16&REV_1.00#000000000000000 163&0#] "DeviceDesc"="U3M16 " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USBDISK&PROD_RUNDISK&REV_1.00#07072700 33082&0#] "DeviceDesc"="RunDisk " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USBMODEM&PROD_DISK&REV_2.31#8&EACC83&0 &1234567890ABCDEF&0#] "DeviceDesc"="Disk " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB_2.0&PROD_DISK&REV_1.00#6B0A2CBB022 CE962&0#] "DeviceDesc"="DISK " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_VERBATIM&PROD_&REV_#12052925003299&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#0906239604100A&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#090623960A84FD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#0906239682A4DD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396BA05ED&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396E7F30E&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396F857AD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062452E071B0&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#1007039501176C&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_5.00#0202061159070072468702 &0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11032758006009&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001A135 FA8&0#] "DeviceDesc"="iPod " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EX&PROD_U3M16&REV_1.00#000000000000000 163&0#] "DeviceDesc"="U3M16 " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USBDISK&PROD_RUNDISK&REV_1.00#07072700 33082&0#] "DeviceDesc"="RunDisk " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USBMODEM&PROD_DISK&REV_2.31#8&EACC83&0 &1234567890ABCDEF&0#] "DeviceDesc"="Disk " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB_2.0&PROD_DISK&REV_1.00#6B0A2CBB022 CE962&0#] "DeviceDesc"="DISK " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_VERBATIM&PROD_&REV_#12052925003299&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#0906239604100A&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#090623960A84FD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#0906239682A4DD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396BA05ED&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396E7F30E&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396F857AD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062452E071B0&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#1007039501176C&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_5.00#0202061159070072468702 &0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11032758006009&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001A135 FA8&0#] "DeviceDesc"="iPod " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EX&PROD_U3M16&REV_1.00#000000000000000 163&0#] "DeviceDesc"="U3M16 " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USBDISK&PROD_RUNDISK&REV_1.00#07072700 33082&0#] "DeviceDesc"="RunDisk " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USBMODEM&PROD_DISK&REV_2.31#8&EACC83&0 &1234567890ABCDEF&0#] "DeviceDesc"="Disk " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB_2.0&PROD_DISK&REV_1.00#6B0A2CBB022 CE962&0#] "DeviceDesc"="DISK " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_VERBATIM&PROD_&REV_#12052925003299&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#0906239604100A&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#090623960A84FD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#0906239682A4DD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396BA05ED&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396E7F30E&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062396F857AD&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09062452E071B0&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#1007039501176C&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_5.00#020206115907007246 8702&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11032758006009&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001 A135FA8&0#] "DeviceDesc"="iPod " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EX&PROD_U3M16&REV_1.00#00000000000 0000163&0#] "DeviceDesc"="U3M16 " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USBDISK&PROD_RUNDISK&REV_1.00#0707 270033082&0#] "DeviceDesc"="RunDisk " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USBMODEM&PROD_DISK&REV_2.31#8&EACC 83&0&1234567890ABCDEF&0#] "DeviceDesc"="Disk " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_USB_2.0&PROD_DISK&REV_1.00#6B0A2CB B022CE962&0#] "DeviceDesc"="DISK " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_VERBATIM&PROD_&REV_#12052925003299 &0#] "DeviceDesc"=" " [HKEY_USERS\S-1-5-21-1292277551-2420784053-1220456319-1000\Software\VB and VBA Program Settings\CK-Skatsv\Settings] "ckName1"="Maltus " -= EOF =- |
04.06.2013, 22:15 | #10 |
/// TB-Ausbilder | Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Ok, schauen wir später weiter. Führe bitte SystemLook aus wie beschrieben.
__________________ cheers, Leo |
04.06.2013, 22:21 | #11 |
| Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter ist angefügt in der vorherigen Antwort. |
04.06.2013, 23:13 | #12 |
/// TB-Ausbilder | Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Ah sorry, als ich das geschrieben hab, war es noch nicht dort. Wie läuft der Rechner jetzt? Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.0.100010 FF - prefs.js..extensions.enabledAddons: appbar%40alot.com:1.0.17000 IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\SearchScopes\{17623F8D-B5F8-4EAA-8F4E-591214C6E5F3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=cf53d0ce-2b1f-43bb-b629-0e84e715cdae&apn_sauid=6FCD0014-5858-4354-A221-420BA1314471 :files C:\Users\Malte\AppData\LocalLow\alotappbar C:\Users\Malte\AppData\LocalLow\alotservice C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\alot-appbar C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com :reg [-HKEY_CURRENT_USER\Software\AppDataLow\Software\alotappbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4cc9-B2B4-C546BCCF8706}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\alotservice_RASAPI32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\alotservice_RASMANCS] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{A531D99C-5A22-449b-83DA-872725C6D0ED}"=- :commands [emptytemp]
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck und:
Schritt 5 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
05.06.2013, 21:48 | #13 |
| Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter 1. Fixlog von OTL: All processes killed ========== OTL ========== Prefs.js: toolbar@ask.com:3.14.0.100010 removed from extensions.enabledItems Prefs.js: appbar%40alot.com:1.0.17000 removed from extensions.enabledAddons Registry key HKEY_USERS\S-1-5-21-1292277551-2420784053-1220456319-1000\Software\Microsoft\Internet Explorer\SearchScopes\{17623F8D-B5F8-4EAA-8F4E-591214C6E5F3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17623F8D-B5F8-4EAA-8F4E-591214C6E5F3}\ not found. ========== FILES ========== C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\widget folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\page\right folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\page\left folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7\page folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardWin7 folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\page\right folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\page\left folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic\page folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standardClassic folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\page\right folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\page\left folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard\page folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\standard folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\page\right folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\page\left folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink\page folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\pink folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\page\right folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\page\left folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange\page folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\orange folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\page\right folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\page\left folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\green\page folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\green folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\page\right folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\page\left folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue\page folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme\blue folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images\theme folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared\images folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\shared folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_5809\images folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_5809 folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_4629\images folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_4629 folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_3562\images folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_3562 folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_2254\images folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_2254 folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_1107\images folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_1107 folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_1007\images folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources\App_1007 folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar\resources folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotappbar folder moved successfully. C:\Users\Malte\AppData\LocalLow\alotservice folder moved successfully. C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\alot-appbar\cache folder moved successfully. C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\alot-appbar folder moved successfully. C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\META-INF folder moved successfully. C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\gen folder moved successfully. C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\defaults\preferences folder moved successfully. C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\defaults folder moved successfully. C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\components folder moved successfully. C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com\chrome folder moved successfully. C:\Users\Malte\AppData\Roaming\Mozilla\Firefox\Profiles\rtjwuswc.default\extensions\appbar@alot.com folder moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\alotappbar\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343263AB-D732-4066-A274-4A487A07F108}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4cc9-B2B4-C546BCCF8706}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C42103E4-7D10-4cc9-B2B4-C546BCCF8706}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\alotservice_RASAPI32\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\alotservice_RASMANCS\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Malte ->Temp folder emptied: 345304 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 13651353 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5300 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 13,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06052013_223146 Files\Folders moved on Reboot... C:\Users\Malte\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Schritt 2: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.05.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Malte :: ASUS_MALTE [Administrator] 05.06.2013 22:52:00 mbam-log-2013-06-05 (22-52-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228949 Laufzeit: 8 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 3. Schritt: ESET macht bei 17% nicht weiter. und verharrt dort auch nach ewigkeiten. |
06.06.2013, 11:22 | #14 |
/// TB-Ausbilder | Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Ist ESET mittlerweile durchgelaufen?
__________________ cheers, Leo |
06.06.2013, 21:25 | #15 |
| Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter ESET läuft jetzt 2.5 h und steht bei 30%. |
Themen zu Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter |
abgesicherte, abgesicherten, abgesicherten modus, abgesicherter, abgesicherter modus, bildschirm, bingbar, durchgeführt, folge, folgende, folgenden, hallo zusammen, herunter, hochfahren, modus, otl-scan, plug-in, rechner, virus, wajam, weiße, weißer, weißer bildschirm, zahlungsaufforderung, zusammen |