|
Plagegeister aller Art und deren Bekämpfung: Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.06.2013, 18:32 | #1 |
| Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 Guten Tag zusammen, Mein Norton Antivirus muss alle 9min mehrere Angriffe von Trojan.Zeroaccess.C blockieren, leider entfernt es ihn nicht. Nach einen vollständigen Systemscan wird der Trojan.Zeroaccess!inf4 angezeigt, der ein Entfernen von Hand erfordert. An dieser Stelle erhoffe ich mir Hilfe von euch. Ist mein Erster Post deshalb hoffe ich das alles richtig ist. OTL - Log Code:
ATTFilter OTL logfile created on: 29.06.2013 18:42:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 49,13% Memory free 6,00 Gb Paging File | 4,68 Gb Available in Paging File | 78,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 235,59 Gb Total Space | 60,48 Gb Free Space | 25,67% Space Free | Partition Type: NTFS Drive D: | 3,05 Gb Total Space | 2,96 Gb Free Space | 97,07% Space Free | Partition Type: NTFS Drive F: | 3,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive O: | 3,76 Gb Total Space | 1,44 Gb Free Space | 38,38% Space Free | Partition Type: FAT32 Drive P: | 203,76 Gb Total Space | 79,23 Gb Free Space | 38,88% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.29 18:40:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.25 14:24:08 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.12.25 14:23:40 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.19 19:27:22 | 000,017,408 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.05.25 06:16:43 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.24 21:17:04 | 000,234,096 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10) SRV - [2013.03.21 16:04:53 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.25 14:24:08 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.12.25 14:23:40 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.09.15 12:06:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.07.17 16:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV) SRV - [2012.01.05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.08 20:52:52 | 000,031,968 | -H-- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice) DRV:64bit: - [2012.09.12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.08.16 12:38:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.08.05 14:48:58 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.07.06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ccsetx64.sys -- (ccSet_NAV) DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.04.18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symnets.sys -- (SymNetS) DRV:64bit: - [2012.04.18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.17 16:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1) DRV:64bit: - [2011.08.16 00:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symds64.sys -- (SymDS) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 00:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 22:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2008.07.26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2008.07.26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) DRV:64bit: - [2008.07.26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV - [2013.06.25 21:52:16 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130628.024\ex64.sys -- (NAVEX15) DRV - [2013.06.25 21:52:16 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20130628.024\eng64.sys -- (NAVENG) DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20130620.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.03.15 21:42:49 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.12.29 17:59:26 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.09.14 20:22:46 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\CESG502.SYS -- (PVUSB) DRV - [2012.09.06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20130628.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.07.24 11:39:42 | 000,108,648 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1864.sys -- (SLEE_18_DRIVER) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366862460354&tguid=43169-3580-1366830858932-487644&st=chrome&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: false FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927" FF - prefs.js..extensions.enabledAddons: escamod%40gmx.net0002:2.0 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=2.9&ts=1368309633604&tguid=43169-3580-1368309633604-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPlgn\ [2012.08.05 14:49:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 18:52:16 | 000,000,000 | ---D | M] [2012.07.24 09:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.06.29 18:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\my4md3vw.default\extensions [2013.03.24 10:26:34 | 000,103,962 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\extensions\escamod@gmx.net0002.xpi [2013.05.24 11:06:43 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.07.26 00:05:18 | 000,002,558 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\searchplugins\aol-search.xml [2013.06.29 00:26:01 | 000,006,545 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\searchplugins\babylon.xml [2013.06.29 00:26:29 | 000,001,294 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\searchplugins\delta.xml [2013.05.12 00:01:13 | 000,003,320 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\my4md3vw.default\searchplugins\Web Search.xml [2013.06.29 00:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions [2013.05.25 06:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.05.25 06:16:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.08.05 14:49:05 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\IPSFFPLGN [2013.05.12 00:01:13 | 000,003,320 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml ========== Chrome ========== CHR - default_search_provider: Babylon (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=FAB406195B747D79&affID=119357&tt=250613_gr5&tsp=4927 CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Delta Toolbar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\ CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.10_0\crossrider CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.10_0\ CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.6_0\crossrider CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.6_0\ CHR - Extension: GoPhoto.it = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\ O1 HOSTS File: ([2012.11.30 11:55:27 | 000,000,937 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com O1 - Hosts: 127.0.0.1 oscount.techsmith.com O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Plus-HD-2.2) - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll (Plus HD) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [SAFE2012 File Redirection Starter] C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe (Steganos Software GmbH) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4345968-D09F-4ABA-83DC-AF265F95C9E6}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6B6DDD5-D6B1-494B-9CFA-4CDE2DC925C7}: DhcpNameServer = 192.168.1.1 192.168.123.254 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.28 10:00:55 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{41f615c1-f136-11e1-a701-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{41f615c1-f136-11e1-a701-806e6f6e6963}\Shell\AutoRun\command - "" = N:\setup.exe O33 - MountPoints2\{5732ed07-2b4c-11e2-9968-0019db80cb1b}\Shell - "" = AutoRun O33 - MountPoints2\{5732ed07-2b4c-11e2-9968-0019db80cb1b}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{5732ed14-2b4c-11e2-9968-0019db80cb1b}\Shell - "" = AutoRun O33 - MountPoints2\{5732ed14-2b4c-11e2-9968-0019db80cb1b}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{dbd08d87-d560-11e1-a522-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{dbd08d87-d560-11e1-a522-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2010.08.11 06:51:04 | 000,349,992 | R--- | M] (Valve Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.29 18:40:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.06.29 03:00:12 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2013.06.29 02:09:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\MinMaxGames [2013.06.29 01:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013.06.29 01:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.06.29 01:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.06.29 00:26:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.29 00:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.06.29 00:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.29 00:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.06.29 00:26:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Delta [2013.06.29 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon [2013.06.27 13:22:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LogMeIn Hamachi [2013.06.27 13:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.06.27 13:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.06.27 13:11:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.technic [2013.06.27 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.minecraft [2013.06.23 21:01:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\DownloadGuide [2013.06.17 20:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.06.17 18:58:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Wondershare [2013.06.09 19:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2 [2013.06.09 19:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2 [2013.06.09 06:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare [2013.06.09 06:38:32 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys [2013.06.09 06:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare [2013.06.09 06:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it [2013.06.07 00:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-2.2 [2013.06.03 09:23:10 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\TrackMania [2013.06.03 09:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania [2013.06.02 21:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0 [2013.06.02 21:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 2.0 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.29 18:40:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.06.29 18:33:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1120000741-3036561441-1105448708-1000UA.job [2013.06.29 18:29:32 | 000,001,828 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-firefoxinstaller.job [2013.06.29 18:27:47 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job [2013.06.29 18:27:02 | 000,001,902 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-chromeinstaller.job [2013.06.29 18:27:02 | 000,001,192 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-updater.job [2013.06.29 18:27:01 | 000,001,196 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-codedownloader.job [2013.06.29 18:27:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-enabler.job [2013.06.29 18:06:36 | 000,010,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.29 18:06:36 | 000,010,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.29 17:59:42 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.29 17:59:42 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.06.29 17:59:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.29 17:58:51 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2013.06.29 17:57:00 | 000,000,020 | ---- | M] () -- C:\Users\User\defogger_reenable [2013.06.29 17:56:28 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2013.06.29 17:52:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.29 08:38:40 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1120000741-3036561441-1105448708-1000Core.job [2013.06.29 03:00:12 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2013.06.29 02:08:54 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat [2013.06.29 02:04:08 | 000,000,222 | ---- | M] () -- C:\Users\User\Desktop\Space Pirates and Zombies.url [2013.06.29 01:49:24 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.06.29 00:27:45 | 000,002,001 | ---- | M] () -- C:\Users\User\Desktop\JDownloader.lnk [2013.06.27 13:20:17 | 000,000,886 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.06.27 13:12:52 | 001,686,712 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.27 13:12:52 | 000,725,766 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.27 13:12:52 | 000,675,080 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.27 13:12:52 | 000,160,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.27 13:12:52 | 000,129,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.27 09:43:13 | 000,007,605 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2013.06.21 16:19:12 | 003,020,770 | ---- | M] () -- C:\Users\User\Desktop\TechnicLauncher(1).exe [2013.06.11 16:17:58 | 000,001,003 | ---- | M] () -- C:\Users\User\Desktop\AdvanceMap.exe.lnk [2013.06.09 19:20:57 | 000,001,049 | ---- | M] () -- C:\Users\User\Desktop\Cheat Engine.lnk [2013.06.09 06:39:55 | 000,001,305 | ---- | M] () -- C:\Users\User\Desktop\Wondershare Streaming Audio Recorder.lnk [2013.06.09 06:23:15 | 005,662,891 | ---- | M] () -- C:\Users\User\Desktop\Wondershare Streaming Audio Recorder.rar [2013.06.07 16:38:46 | 000,412,357 | ---- | M] () -- C:\Users\User\Desktop\HalleBewerbung.xps [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.29 17:56:59 | 000,000,020 | ---- | C] () -- C:\Users\User\defogger_reenable [2013.06.29 17:56:26 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2013.06.29 02:08:54 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2013.06.29 02:04:08 | 000,000,222 | ---- | C] () -- C:\Users\User\Desktop\Space Pirates and Zombies.url [2013.06.29 01:49:24 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.06.29 00:27:45 | 000,002,001 | ---- | C] () -- C:\Users\User\Desktop\JDownloader.lnk [2013.06.29 00:27:33 | 000,001,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.06.29 00:27:32 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.06.29 00:27:31 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.06.27 13:20:15 | 000,000,886 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.06.27 12:54:23 | 003,020,770 | ---- | C] () -- C:\Users\User\Desktop\TechnicLauncher(1).exe [2013.06.27 09:43:13 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2013.06.17 20:47:36 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.17 20:47:35 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.11 16:17:58 | 000,001,003 | ---- | C] () -- C:\Users\User\Desktop\AdvanceMap.exe.lnk [2013.06.09 19:20:57 | 000,001,049 | ---- | C] () -- C:\Users\User\Desktop\Cheat Engine.lnk [2013.06.09 06:39:55 | 000,001,305 | ---- | C] () -- C:\Users\User\Desktop\Wondershare Streaming Audio Recorder.lnk [2013.06.07 16:38:41 | 000,412,357 | ---- | C] () -- C:\Users\User\Desktop\HalleBewerbung.xps [2013.06.07 00:27:48 | 000,001,192 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-updater.job [2013.06.07 00:27:43 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-enabler.job [2013.06.07 00:27:27 | 000,001,196 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-codedownloader.job [2013.06.07 00:27:11 | 000,001,828 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-firefoxinstaller.job [2013.06.07 00:27:05 | 000,001,902 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-chromeinstaller.job [2013.06.07 00:26:45 | 005,662,891 | ---- | C] () -- C:\Users\User\Desktop\Wondershare Streaming Audio Recorder.rar [2013.05.05 22:07:55 | 000,030,148 | ---- | C] () -- C:\Users\User\AppData\Local\3LB_Marketing-(eActivity)-4.xcp [2013.05.05 22:07:55 | 000,020,635 | ---- | C] () -- C:\Users\User\AppData\Local\InfDeKurs-(eActivity)-1.xcp [2013.05.05 22:07:55 | 000,014,817 | ---- | C] () -- C:\Users\User\AppData\Local\2LB_KTR_BAB-(eActivity)-4.xcp [2013.05.05 22:07:55 | 000,014,195 | ---- | C] () -- C:\Users\User\AppData\Local\AG-VBR-(eActivity)-1.xcp [2013.05.05 22:07:55 | 000,013,299 | ---- | C] () -- C:\Users\User\AppData\Local\5LV_VWLA-(eActivity)-3.xcp [2013.05.05 22:07:55 | 000,010,151 | ---- | C] () -- C:\Users\User\AppData\Local\1LB_PF-(eActivity)-3.xcp [2013.05.05 22:07:55 | 000,009,605 | ---- | C] () -- C:\Users\User\AppData\Local\Fremdfinanzierung-(eActivity)-1.xcp [2013.05.05 22:07:55 | 000,007,836 | ---- | C] () -- C:\Users\User\AppData\Local\X-tras-(eActivity)-4.xcp [2013.05.05 22:07:55 | 000,006,782 | ---- | C] () -- C:\Users\User\AppData\Local\Kanaly-(eActivity)-1.xcp [2013.05.05 22:07:55 | 000,005,731 | ---- | C] () -- C:\Users\User\AppData\Local\KG-VBR-(eActivity)-1.xcp [2013.05.05 22:07:55 | 000,005,153 | ---- | C] () -- C:\Users\User\AppData\Local\Kennz-(eActivity)-1.xcp [2013.05.05 16:57:07 | 000,027,045 | ---- | C] () -- C:\Users\User\AppData\Local\3LB_Marketing-(eActivity)-3.xcp [2013.05.05 16:57:07 | 000,020,635 | ---- | C] () -- C:\Users\User\AppData\Local\InfDeKurs-(eActivity).xcp [2013.05.05 16:57:07 | 000,014,195 | ---- | C] () -- C:\Users\User\AppData\Local\AG-VBR-(eActivity).xcp [2013.05.05 16:57:07 | 000,013,299 | ---- | C] () -- C:\Users\User\AppData\Local\5LV_VWLA-(eActivity)-2.xcp [2013.05.05 16:57:07 | 000,012,221 | ---- | C] () -- C:\Users\User\AppData\Local\2LB_KTR_BAB-(eActivity)-3.xcp [2013.05.05 16:57:07 | 000,009,605 | ---- | C] () -- C:\Users\User\AppData\Local\Fremdfinanzierung-(eActivity).xcp [2013.05.05 16:57:07 | 000,008,377 | ---- | C] () -- C:\Users\User\AppData\Local\1LB_PF-(eActivity)-2.xcp [2013.05.05 16:57:07 | 000,005,731 | ---- | C] () -- C:\Users\User\AppData\Local\KG-VBR-(eActivity).xcp [2013.05.05 16:57:07 | 000,005,667 | ---- | C] () -- C:\Users\User\AppData\Local\Kanaly-(eActivity).xcp [2013.05.05 16:57:07 | 000,005,153 | ---- | C] () -- C:\Users\User\AppData\Local\Kennz-(eActivity).xcp [2013.05.05 16:57:07 | 000,004,652 | ---- | C] () -- C:\Users\User\AppData\Local\VBRVP-(eActivity).xcp [2013.05.05 16:57:07 | 000,004,152 | ---- | C] () -- C:\Users\User\AppData\Local\X-tras-(eActivity)-3.xcp [2013.04.25 15:19:51 | 000,006,594 | ---- | C] () -- C:\Users\User\AppData\Local\X-Tras-(eActivity)-2.xcp [2013.04.25 15:16:19 | 000,001,907 | ---- | C] () -- C:\Users\User\AppData\Local\X-tras-(eActivity)-1.xcp [2013.04.25 06:35:56 | 000,014,431 | ---- | C] () -- C:\Users\User\AppData\Local\Verteilungen-(eActivity)-1.xcp [2013.04.25 06:34:33 | 000,002,259 | ---- | C] () -- C:\Users\User\AppData\Local\DifIntr-(eActivity).xcp [2013.04.25 06:34:28 | 000,014,297 | ---- | C] () -- C:\Users\User\AppData\Local\Verteilungen-(eActivity).xcp [2013.04.25 06:34:26 | 000,009,371 | ---- | C] () -- C:\Users\User\AppData\Local\MatrizenVektor-(eActivity).xcp [2013.04.24 21:14:36 | 000,017,408 | ---- | C] () -- C:\Windows\Launcher.exe [2013.04.14 19:39:54 | 000,877,747 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmusic.ogg [2013.04.13 17:51:37 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db [2013.03.23 17:42:33 | 000,098,304 | ---- | C] () -- C:\Windows\Lavish.dll [2013.03.15 14:52:44 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2013.03.14 22:14:55 | 000,012,221 | ---- | C] () -- C:\Users\User\AppData\Local\2LB_KTR_BAB-(eActivity)-2.xcp [2013.03.14 22:11:11 | 000,024,544 | ---- | C] () -- C:\Users\User\AppData\Local\3LB_Marketing-(eActivity)-2.xcp [2013.03.14 22:11:11 | 000,013,299 | ---- | C] () -- C:\Users\User\AppData\Local\5LV_VWLA-(eActivity)-1.xcp [2013.03.14 22:11:11 | 000,012,059 | ---- | C] () -- C:\Users\User\AppData\Local\2LB_KTR_BAB-(eActivity)-1.xcp [2013.03.14 22:11:11 | 000,008,377 | ---- | C] () -- C:\Users\User\AppData\Local\1LB_PF-(eActivity)-1.xcp [2013.03.14 22:11:11 | 000,001,907 | ---- | C] () -- C:\Users\User\AppData\Local\X-tras-(eActivity).xcp [2013.03.14 20:46:09 | 000,013,287 | ---- | C] () -- C:\Users\User\AppData\Local\5LV_VWLA-(eActivity).xcp [2013.03.14 17:45:24 | 000,024,535 | ---- | C] () -- C:\Users\User\AppData\Local\3LB_Marketing-(eActivity)-1.xcp [2013.03.14 17:44:58 | 000,024,535 | ---- | C] () -- C:\Users\User\AppData\Local\3LB_Marketing-(eActivity).xcp [2013.03.14 17:44:46 | 000,024,535 | ---- | C] () -- C:\Users\User\AppData\Local\LB3_Marketing-(eActivity).xcp [2013.03.10 22:00:53 | 000,000,879 | ---- | C] () -- C:\Users\User\AppData\Local\Mathhh-(eActivity)-1.xcp [2013.03.10 21:54:46 | 000,000,824 | ---- | C] () -- C:\Users\User\AppData\Local\Mathhh-(eActivity).xcp [2013.03.10 16:16:16 | 000,011,981 | ---- | C] () -- C:\Users\User\AppData\Local\2LB_KTR_BAB-(eActivity).xcp [2013.03.10 12:29:02 | 000,008,368 | ---- | C] () -- C:\Users\User\AppData\Local\1LB_PF-(eActivity).xcp [2013.02.28 22:36:26 | 000,010,779 | ---- | C] () -- C:\Users\User\AppData\Local\MatheLk-(eActivity).xcp [2013.01.25 19:47:36 | 000,151,040 | ---- | C] () -- C:\Windows\SysWow64\lua51_win32.dll [2013.01.25 19:45:00 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2013.01.25 19:31:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll [2013.01.22 08:36:41 | 000,000,527 | ---- | C] () -- C:\Users\User\AppData\Local\MatheStochastik-(eActivity)-1.xcp [2013.01.22 08:35:56 | 000,000,527 | ---- | C] () -- C:\Users\User\AppData\Local\MatheStochastik-(eActivity).xcp [2013.01.09 08:13:15 | 000,003,396 | ---- | C] () -- C:\Users\User\AppData\Local\Schnell-(eActivity).xcp [2013.01.02 19:36:52 | 000,018,240 | ---- | C] () -- C:\Users\User\AppData\Local\Kenz erweitert-(eActivity)-1.xcp [2013.01.02 19:36:52 | 000,002,832 | ---- | C] () -- C:\Users\User\AppData\Local\VBR 13 IIHJ-(eActivity)-1.xcp [2013.01.02 19:36:29 | 000,018,240 | ---- | C] () -- C:\Users\User\AppData\Local\Kenz erweitert-(eActivity).xcp [2013.01.02 19:36:29 | 000,017,572 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-7.xcp [2013.01.02 19:36:29 | 000,016,685 | ---- | C] () -- C:\Users\User\AppData\Local\VBR IHJ IIKl-(eActivity)-2.xcp [2013.01.02 19:36:29 | 000,002,832 | ---- | C] () -- C:\Users\User\AppData\Local\VBR 13 IIHJ-(eActivity).xcp [2012.12.25 14:27:31 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat [2012.12.25 14:23:57 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.25 14:23:40 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.12.25 14:23:40 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.25 14:22:35 | 001,564,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.16 10:59:37 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2012.12.05 07:26:19 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll [2012.12.02 23:37:23 | 000,017,051 | ---- | C] () -- C:\Users\User\AppData\Local\VBR IHJ IIKl-(eActivity)-1.xcp [2012.12.02 14:09:25 | 000,016,685 | ---- | C] () -- C:\Users\User\AppData\Local\VBR IHJ IIKl-(eActivity).xcp [2012.10.04 07:14:06 | 000,017,572 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-6.xcp [2012.09.24 07:15:36 | 000,017,585 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-5.xcp [2012.09.24 07:15:13 | 000,017,585 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-4.xcp [2012.09.24 07:14:26 | 000,017,585 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-3.xcp [2012.09.16 21:14:18 | 000,013,385 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-2.xcp [2012.09.16 21:14:07 | 000,013,385 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity)-1.xcp [2012.09.15 16:01:49 | 000,011,757 | ---- | C] () -- C:\Users\User\AppData\Local\VBR AG-(eActivity).xcp [2012.07.24 09:55:49 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2012.07.24 09:28:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{055f4c1c-872b-46b6-5346-27841acd03f3}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{055f4c1c-872b-46b6-5346-27841acd03f3}\L [2013.06.29 18:46:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{055f4c1c-872b-46b6-5346-27841acd03f3}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2013.06.29 17:59:02 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2013.06.29 17:59:02 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.27 13:11:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft [2013.06.27 13:12:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.technic [2012.12.05 07:26:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apowersoft [2013.06.09 07:00:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ashampoo [2013.06.29 00:25:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon [2012.08.28 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited [2013.06.29 00:26:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Delta [2013.03.15 13:55:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dwarfs [2013.02.07 14:21:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Firefly Studios [2012.12.02 13:38:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft [2012.12.24 10:48:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit [2013.01.10 01:19:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Langenscheidt [2012.11.29 12:04:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Load [2012.12.08 09:47:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX [2013.06.29 02:09:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MinMaxGames [2012.12.28 14:08:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PDF Experte 8 [2013.04.24 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SimplyTech [2013.06.29 01:51:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify [2013.01.21 17:05:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Steganos [2012.11.21 14:07:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\temp [2012.07.24 10:07:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2013.04.05 10:34:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft [2013.04.05 10:26:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wise Auto Shutdown [2013.06.29 18:00:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wise Care 365 [2013.05.07 00:14:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wise Game Booster [2013.04.05 11:34:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wise Uninstaller [2013.06.17 18:58:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wondershare [2012.12.20 16:19:01 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\wyUpdate AU ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013.04.01 18:29:08 | 000,030,109 | ---- | M] ()(C:\Users\User\Desktop\??? ?????.docx) -- C:\Users\User\Desktop\Моя Семья.docx [2013.03.28 23:01:00 | 000,030,109 | ---- | C] ()(C:\Users\User\Desktop\??? ?????.docx) -- C:\Users\User\Desktop\Моя Семья.docx < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.06.2013 18:42:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 49,13% Memory free 6,00 Gb Paging File | 4,68 Gb Available in Paging File | 78,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 235,59 Gb Total Space | 60,48 Gb Free Space | 25,67% Space Free | Partition Type: NTFS Drive D: | 3,05 Gb Total Space | 2,96 Gb Free Space | 97,07% Space Free | Partition Type: NTFS Drive F: | 3,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive O: | 3,76 Gb Total Space | 1,44 Gb Free Space | 38,38% Space Free | Partition Type: FAT32 Drive P: | 203,76 Gb Total Space | 79,23 Gb Free Space | 38,88% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE "{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "TeamSpeak 3 Client" = TeamSpeak 3 Client "VLC media player" = VLC media player 2.0.5 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2 "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU "{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries "{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3 "{5E6EC4DD-7B1F-4E10-82B9-EA1B90791031}" = Nero 8 "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6910C412-A523-493C-BC22-0213CD7F4F3A}" = IndustrieGigant 2 - Gold Edition "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6F1D4E2A-4F74-4BD7-97B0-72C5C7BECB00}" = S4 League_EU "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety "{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CB2B4C2B-0805-4E06-873D-CECB046A5BE8}" = Camtasia Studio 8 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D06737BC-9887-46E0-A203-29D7FE756019}" = ClassPad Manager v3 Professional "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{D922EF97-6657-3075-BC93-A6CF59444E84}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.13 "{EA561FC0-A965-11E2-94D3-B8AC6F98CCE3}" = Google Earth Plug-in "{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0 "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi "{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}" = Steganos Safe 2012 "{FC279721-37A6-4777-AFD8-7A56681EBA14}" = PDF Experte 8 Ultimate "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3 "Akamai" = Akamai NetSession Interface Service "Cheat Engine 6.2_is1" = Cheat Engine 6.2 "CINEMA 4D Release 11" = CINEMA 4D Release 11 "DAEMON Tools Lite" = DAEMON Tools Lite "delta" = Delta toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "FormatFactory" = FormatFactory 3.0.1 "Fraps" = Fraps (remove only) "Glary Utilities_is1" = Glary Utilities Pro 2.50.0.1632 "LogMeIn Hamachi" = LogMeIn Hamachi "MAGIX_{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library für Microsoft Visual Studio 2008 Express Editions "NAV" = Norton AntiVirus "Plus-HD-2.2" = Plus-HD-2.2 "Project 64_is1" = Project 64 version 2.0.0.14 "PunkBusterSvc" = PunkBuster Services "SoftwareUpdUtility" = Download Updater (AOL Inc.) "Steam App 107200" = Space Pirates and Zombies "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 2.0.2 "WinLems_is1" = WinLems 1.24 "WinLiveSuite" = Windows Live Essentials "Wise Auto Shutdown_is1" = Wise Auto Shutdown 1.13 "Wise Game Booster_is1" = Wise Game Booster 1.12 "Wise Program Uninstaller_is1" = Wise Program Uninstaller 1.24 "Wondershare Streaming Audio Recorder_is1" = Wondershare Streaming Audio Recorder(Build 2.0.2.3) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Google Chrome" = Google Chrome "SkyDriveSetup.exe" = Microsoft SkyDrive "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.06.2013 03:43:42 | Computer Name = User-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: S4Client.exe, Version: 0.8.32.2091, Zeitstempel: 0x51b69462 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011eeb ID des fehlerhaften Prozesses: 0x10e0 Startzeit der fehlerhaften Anwendung: 0x01ce730a0a78afb4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe Pfad des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Berichtskennung: 495d80b0-defd-11e2-bd0b-0019db80cb1b Error - 27.06.2013 03:50:20 | Computer Name = User-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: S4Client.exe, Version: 0.8.32.2091, Zeitstempel: 0x51b69462 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011eeb ID des fehlerhaften Prozesses: 0x135c Startzeit der fehlerhaften Anwendung: 0x01ce730af6c48ac2 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe Pfad des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Berichtskennung: 36f651cf-defe-11e2-bc90-0019db80cb1b Error - 27.06.2013 03:54:36 | Computer Name = User-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: S4Client.exe, Version: 0.8.32.2091, Zeitstempel: 0x51b69462 Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00011eeb ID des fehlerhaften Prozesses: 0xa3c Startzeit der fehlerhaften Anwendung: 0x01ce730b8fc86d5f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe Pfad des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll Berichtskennung: cf737707-defe-11e2-bc90-0019db80cb1b Error - 27.06.2013 07:33:14 | Computer Name = User-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften Prozesses: 0x940 Startzeit der fehlerhaften Anwendung: 0x01ce7329f7e37d4e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: 5a138d36-df1d-11e2-bc90-0019db80cb1b Error - 28.06.2013 19:48:40 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service BrowserDefendert since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error - 28.06.2013 20:13:41 | Computer Name = User-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec367 Name des fehlerhaften Moduls: mozalloc.dll, Version: 21.0.0.4879, Zeitstempel: 0x518eaa4a Ausnahmecode: 0x80000003 Fehleroffset: 0x00001988 ID des fehlerhaften Prozesses: 0x1694 Startzeit der fehlerhaften Anwendung: 0x01ce745a8893f476 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Berichtskennung: c0a10701-e050-11e2-bc90-0019db80cb1b Error - 28.06.2013 20:41:06 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service BrowserDefendert since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error - 28.06.2013 21:56:48 | Computer Name = User-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 28.06.2013 21:56:49 | Computer Name = User-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 28.06.2013 21:56:49 | Computer Name = User-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. [ OSession Events ] Error - 26.02.2013 15:24:36 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12888 seconds with 540 seconds of active time. This session ended with a crash. [ System Events ] Error - 29.06.2013 01:48:19 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 29.06.2013 01:48:19 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error - 29.06.2013 11:59:02 | Computer Name = User-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 29.06.2013 11:59:02 | Computer Name = User-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.06.2013 11:59:12 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 29.06.2013 11:59:14 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Error - 29.06.2013 11:59:24 | Computer Name = User-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 29.06.2013 11:59:26 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WebCake Desktop Updater" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 29.06.2013 11:59:50 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error - 29.06.2013 11:59:50 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 < End of report > |
29.06.2013, 18:33 | #2 |
| Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 Gmer - Log
__________________Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-29 19:19:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAJS-00TKA0 rev.12.01C01 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001b4000 7 bytes [80, 93, F3, FF, 01, 9D, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001b4008 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .reloc C:\Windows\system32\services.exe [668] section is executable [0x4A8, 0xA0000020] 0000000100052000 .text C:\Windows\SysWOW64\svchost.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760d1465 2 bytes [0D, 76] .text C:\Windows\SysWOW64\svchost.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760d14bb 2 bytes [0D, 76] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[1808] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073ba1a22 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1808] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073ba1ad0 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1808] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073ba1b08 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1808] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073ba1bba 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1808] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073ba1bda 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073ba1a22 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073ba1ad0 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073ba1b08 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073ba1bba 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073ba1bda 2 bytes [BA, 73] .text C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000760d1465 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrB.exe[2400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000760d14bb 2 bytes [0D, 76] .text ... * 2 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2504] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000760d1465 2 bytes [0D, 76] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2504] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000760d14bb 2 bytes [0D, 76] .text ... * 2 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760d1465 2 bytes [0D, 76] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760d14bb 2 bytes [0D, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1748] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000074ea549c 5 bytes JMP 00000001001f0800 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760d1465 2 bytes [0D, 76] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760d14bb 2 bytes [0D, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\services.exe [668:728] 0000000000b71e58 Thread C:\Windows\system32\svchost.exe [572:3092] 000007fef4e00ea8 Thread C:\Windows\system32\svchost.exe [572:3108] 000007fef4df9db0 Thread C:\Windows\system32\svchost.exe [572:3172] 000007fef4dfaa10 Thread C:\Windows\system32\svchost.exe [572:3176] 000007fef4e01c94 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2552] 0000000077433e45 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2572] 0000000077432e25 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2868] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2872] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2876] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2880] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2884] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2888] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2164] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2160] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:1864] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2216] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2076] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2072] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:1740] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2088] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2084] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2020] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2268] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:1384] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2280] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2284] 0000000077433e45 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2292] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2324] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:1372] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2420] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:2428] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:1956] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:3560] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:3428] 00000000745429e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2128:3324] 00000000745429e1 ---- Processes - GMER 2.1 ---- Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [560] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 000007fefc8d0000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [864] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 000007fefc8d0000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [112] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 000007fefc8d0000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [380] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 000007fefc8d0000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1252] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 000007fefc8d0000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1552] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 000007fefc8d0000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Windows\SysWOW64\svchost.exe [1704] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 00000000736f0000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Bonjour\mDNSResponder.exe [1788] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 00000000736f0000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1364] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 00000000736f0000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2220] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 00000000736f0000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Windows\SysWOW64\PnkBstrA.exe [1808] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 00000000736f0000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Windows\SysWOW64\PnkBstrB.exe [2400] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 00000000736f0000 Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2504] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 00000000736f0000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3040] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 000007fefc8d0000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3668] (Microsoft Windows Sockets 2.0-Dienstanbieter/Microsoft Corporation SIGNED)(2012-07-24 08:12:04) 000007fefc8d0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCF 0xAF 0x22 0x8F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9A 0x51 0x8F 0xF6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3A 0xB5 0x1D 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xC1 0x47 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0x80 0x98 0x49 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x09 0x05 0x19 0x47 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCF 0xAF 0x22 0x8F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9A 0x51 0x8F 0xF6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3A 0xB5 0x1D 0xC3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xC1 0x47 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0x80 0x98 0x49 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x09 0x05 0x19 0x47 ... ---- EOF - GMER 2.1 ---- |
29.06.2013, 18:46 | #3 |
/// TB-Ausbilder | Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. |
29.06.2013, 18:52 | #4 |
| Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 Das ging schnell. Danke Matthias. |
29.06.2013, 18:54 | #5 | |
/// TB-Ausbilder | Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 Servus, Aus deiner Logdatei: Zitat:
Supportstopp Lesestoff: Damit ist das Thema beendet. Cracks und Keygens Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen. Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum. |
29.06.2013, 19:09 | #6 |
| Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 Huch, das hab ich ja total vergessen... Danke trotzdem. |
29.06.2013, 19:11 | #7 |
/// TB-Ausbilder | Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 Vergessen zu editieren ode wie? Das ist echt unterstes Niveau. |
Themen zu Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4 |
adobe reader xi, antivirus, bho, bonjour, browserdefendert, entfernen, error, excel, failed, firefox, flash player, format, gmx.net, google, helper, iexplore.exe, install.exe, logfile, mozilla, msvcr80.dll, msvcrt, object, pirates, plug-in, registry, richtlinie, rundll, security, server, software, spotify web helper, symantec, system error, teamspeak, third party, trojan.zeroaccess!inf4, trojan.zeroaccess.c, version., visual studio, windows |