|
Log-Analyse und Auswertung: Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.07.2013, 11:32 | #1 |
| Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! OTL logfile created on: 24.07.2013 12:14:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andy\Desktop\Neuer Ordner 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,19% Memory free 16,05 Gb Paging File | 13,65 Gb Available in Paging File | 85,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,46 Gb Total Space | 211,18 Gb Free Space | 46,06% Space Free | Partition Type: NTFS Drive D: | 458,41 Gb Total Space | 410,10 Gb Free Space | 89,46% Space Free | Partition Type: NTFS Drive E: | 18,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDY-PC | User Name: andy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.24 12:13:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andy\Desktop\Neuer Ordner\OTL.exe PRC - [2013.07.16 19:54:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.06.26 21:40:15 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2013.06.26 21:40:14 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe PRC - [2013.06.26 21:40:13 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe PRC - [2013.06.26 13:21:22 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.26 13:21:14 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.26 13:21:14 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\andy\AppData\Local\Akamai\netsession_win.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.10.13 17:05:42 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe PRC - [2012.10.04 16:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012.08.15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.02.19 19:14:14 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\java.exe PRC - [2011.05.17 09:27:48 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) -- C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010.11.18 05:07:22 | 000,569,344 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe PRC - [2010.11.18 05:07:04 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2010.10.29 15:43:54 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe PRC - [2010.05.28 17:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe PRC - [2009.01.12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2008.10.27 03:27:16 | 001,794,048 | ---- | M] (Edimax Technology Co.) -- C:\Program Files (x86)\EDIMAX\Common\RaUI.exe PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.12 23:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe ========== Modules (No Company Name) ========== MOD - [2013.07.16 19:54:48 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.06.26 21:40:16 | 000,521,392 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll MOD - [2013.06.26 21:40:16 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll MOD - [2013.06.26 21:40:15 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.10.13 17:05:42 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe MOD - [2008.12.22 09:50:28 | 000,135,168 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL MOD - [2008.11.21 13:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.07.16 19:54:48 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.26 21:40:14 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0) SRV - [2013.06.26 13:21:22 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.26 13:21:14 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.12 15:21:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.07 15:54:17 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.08.23 15:40:04 | 000,188,760 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.01.24 12:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service) SRV - [2011.08.01 18:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011.06.14 14:57:29 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2011.05.17 09:27:48 | 000,366,872 | ---- | M] (Tanuki Software, Ltd.) [Auto | Running] -- C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.28 17:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.01 12:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.05.12 23:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.26 21:40:16 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.29 23:27:18 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.29 23:27:18 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.29 23:27:18 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.08.21 12:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.07.30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2012.01.04 16:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtkdrv.sys -- (TrojanKillerDriver) DRV:64bit: - [2011.05.23 02:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2011.04.05 21:00:03 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2010.11.05 11:13:08 | 000,628,840 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.10 23:16:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.04.10 22:43:08 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2008.07.30 21:27:14 | 000,792,576 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux) DRV:64bit: - [2008.07.29 18:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk) DRV:64bit: - [2008.07.29 18:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ) DRV:64bit: - [2008.07.29 18:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter) DRV:64bit: - [2008.07.22 05:11:18 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys -- (nvamacpi) DRV:64bit: - [2008.01.30 11:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2008.01.30 11:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.01.21 04:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam) DRV:64bit: - [2008.01.21 04:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2007.06.29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64) DRV:64bit: - [2006.09.18 23:27:33 | 000,055,640 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys -- (RTL8023x64) DRV - [2010.07.15 19:37:06 | 000,203,864 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv) DRV - [2008.09.30 10:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) DRV - [2005.01.01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://isearch.avg.com/?cid=&mid=& [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_gin2g&mntrId=4406000E2EB7C6AB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss_gin2g&mntrId=4406000E2EB7C6AB IE - HKCU\..\SearchScopes\{480895A8-4E1F-46BA-B874-676ECAEBF0AA}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE426 IE - HKCU\..\SearchScopes\{6C8252B8-767D-4525-9222-039C5FFDE6D0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=dbd9583e-4199-4dcf-8b1a-9ca10cad4d52&apn_sauid=7F56338C-2D7E-4469-9A40-138FC4BA9D34 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={4504E953-4B99-4BD8-83B3-9C3BE5D7DC4F}&mid=193e01731d4f47d0ad83d16b2edc337c-9a17b43a29ba30b5145348a65b47eabb4e5f0f45&lang=de&ds=tt014&pr=sa&d=2012-11-10 13:47:33&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyFw6p1KD&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.goggle.de/" FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0 FF - prefs.js..extensions.enabledAddons: %7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3 FF - prefs.js..extensions.enabledAddons: 0001.amztoolbar%40minimalarts.de:1.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7B5786d022-540e-4699-b350-b4be0ae94b79%7D:3.19.0.3 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( ) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.04 18:32:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2013.02.03 21:26:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2013.02.03 21:26:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.16 19:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.16 19:54:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\andy\AppData\Roaming\5025 [2013.07.24 11:54:38 | 000,000,000 | ---D | M] [2011.12.13 12:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\Extensions [2013.07.16 16:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Ashampoo DE Community Toolbar) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79} [2013.07.24 11:54:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Toolbar für amazon.de) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\0001.amztoolbar@minimalarts.de [2013.07.21 21:49:30 | 000,000,000 | ---D | M] (Lyrics-Monkey) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\122 [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\avg@toolbar [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\ffxtlbr@babylon.com [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\ffxtlbr@delta.com [2013.07.24 11:54:39 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\andy\AppData\Roaming\mozilla\Firefox\Profiles\qd2dfnji.default\extensions\ffxtlbr@incredibar.com [2012.08.23 18:30:44 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\extensions\ciuvo-extension@icq.de.xpi [2012.12.11 15:00:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.08 20:03:22 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.02.20 18:59:55 | 000,002,413 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\askcom.xml [2013.07.21 21:48:10 | 000,006,513 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\babylon.xml [2013.05.28 19:00:33 | 000,006,503 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\BrowserProtect.xml [2013.07.16 15:47:03 | 000,000,925 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\conduit.xml [2013.05.28 19:00:41 | 000,001,294 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\delta.xml [2012.11.01 11:30:22 | 000,001,632 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\firefox-add-ons.xml [2013.07.23 19:44:46 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-1.xml [2013.03.09 15:48:59 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-10.xml [2013.03.10 20:40:35 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-11.xml [2013.04.09 21:16:38 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-12.xml [2013.04.12 15:49:20 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-13.xml [2013.04.23 15:52:25 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-14.xml [2013.05.28 18:57:01 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-15.xml [2013.05.28 19:00:25 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-16.xml [2013.05.28 19:00:43 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-17.xml [2013.06.26 21:40:48 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-18.xml [2013.07.21 21:48:16 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-19.xml [2012.12.09 23:07:20 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-2.xml [2013.07.21 21:50:15 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-20.xml [2013.07.21 21:53:05 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-21.xml [2013.07.21 21:59:50 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-22.xml [2013.07.23 11:54:40 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-23.xml [2013.07.23 11:58:18 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-24.xml [2013.07.24 12:10:28 | 000,000,656 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-25.xml [2012.09.17 18:14:40 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-3.xml [2012.10.29 08:57:22 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-4.xml [2012.11.01 10:53:02 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-5.xml [2013.01.11 15:31:20 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-6.xml [2013.01.23 17:10:49 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-7.xml [2013.02.06 17:25:37 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-8.xml [2013.02.18 16:44:38 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin-9.xml [2012.07.19 15:49:19 | 000,000,950 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\icqplugin.xml [2013.07.21 21:48:21 | 000,001,305 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\mixidj.xml [2012.10.23 18:18:45 | 000,003,915 | ---- | M] () -- C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\qd2dfnji.default\searchplugins\sweetim.xml [2013.07.16 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.07.16 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2013.07.16 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.16 19:54:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.10.24 00:49:22 | 001,826,192 | ---- | M] (Caminova, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll [2013.05.21 16:29:34 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011.04.05 20:59:31 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\andy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - plugin: Error reading preferences file CHR - Extension: TV = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\ CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Uhr = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0\ CHR - Extension: avast! WebRep = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: SweetIM for Facebook = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.122\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.125\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0\ CHR - Extension: Sprocket Rocket = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0\ CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\ CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: TV = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\ CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Uhr = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0\ CHR - Extension: avast! WebRep = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: SweetIM for Facebook = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.122\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.125\ CHR - Extension: No name found = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0\ CHR - Extension: Sprocket Rocket = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0\ CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\ CHR - Extension: AVG Secure Search = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\andy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Epson Stylus Photo PX710W(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_SC574.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [HydraVisionMDEngine] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD) O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\andy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{182A12D2-15A4-4214-A1C6-6E1119F957E7}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4898D81A-7189-4D10-8282-6631EE88EF62}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3BFD8EA-C7EB-4EBF-8B27-9F763C2CD10F}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.07.24 11:54:17 | 000,000,000 | ---D | M] - C:\AutoCAD Plant 3D 2011 Content -- [ NTFS ] O33 - MountPoints2\{87924176-839d-11e0-8df8-00226838da8f}\Shell - "" = AutoRun O33 - MountPoints2\{87924176-839d-11e0-8df8-00226838da8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LANLauncher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.24 11:01:04 | 000,000,000 | ---D | C] -- C:\FRST [2013.07.23 11:24:53 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\YVwAvuyo [2013.07.23 11:24:52 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\QOzRNmaj [2013.07.23 11:24:51 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\Dirty [2013.07.21 21:51:52 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Roaming\FSC [2013.07.21 21:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent [2013.07.21 13:00:34 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Neuer Ordner (2) [2013.07.20 18:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(37) [2013.07.20 18:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.07.20 18:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update(0) [2013.07.20 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(36) [2013.07.20 18:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour(17) [2013.07.20 13:35:19 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Roaming\WindSolutions [2013.07.20 13:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2013.07.20 12:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT [2013.07.20 12:26:41 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Neuer Ordner [2013.07.20 12:07:35 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Spartacus [2013.07.20 12:03:46 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Programme [2013.07.20 12:03:37 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Spiele [2013.07.20 12:03:31 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Filme [2013.07.20 12:03:25 | 000,000,000 | ---D | C] -- C:\Users\andy\Desktop\Musik [2013.07.17 12:56:04 | 000,000,000 | R--D | C] -- C:\Users\andy\Favorites [2013.07.16 19:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.25 20:21:31 | 000,000,000 | ---D | C] -- C:\Users\andy\AppData\Local\{BA8BAA2F-142E-4166-85C0-6D80F8DA2338} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.24 12:11:09 | 001,452,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.24 12:11:09 | 000,631,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.24 12:11:09 | 000,598,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.24 12:11:09 | 000,127,462 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.24 12:11:09 | 000,105,086 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.24 12:03:36 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.24 12:03:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.24 12:03:35 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.24 12:03:35 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013.07.24 12:03:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.24 11:22:39 | 000,001,356 | ---- | M] () -- C:\Users\andy\AppData\Local\d3d9caps.dat [2013.07.20 14:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.20 14:03:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.20 13:33:44 | 008,249,273 | R--- | M] () -- C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip [2013.07.20 13:20:59 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.20 12:44:18 | 000,000,186 | ---- | M] () -- C:\Users\andy\AppData\Roaming\wklnhst.dat [2013.07.20 12:27:55 | 000,001,700 | ---- | M] () -- C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk [2013.07.16 16:02:04 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job [2013.07.10 21:32:57 | 652,037,851 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.07.01 14:54:50 | 003,041,315 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2527.JPG [2013.07.01 14:54:32 | 002,344,541 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2525.JPG [2013.07.01 14:40:38 | 002,756,746 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2524.JPG [2013.07.01 14:40:22 | 002,152,937 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2523.JPG [2013.07.01 14:33:58 | 002,344,318 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2521.JPG [2013.07.01 14:30:26 | 001,934,462 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2519.JPG [2013.07.01 14:30:02 | 002,105,307 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2518.JPG [2013.07.01 14:29:58 | 002,124,730 | R--- | M] () -- C:\Users\andy\Desktop\CIMG2517.JPG [2013.06.26 21:40:46 | 000,003,718 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml [2013.06.26 21:40:16 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.21 13:39:33 | 003,041,315 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2527.JPG [2013.07.21 13:39:31 | 002,344,541 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2525.JPG [2013.07.21 13:39:24 | 002,756,746 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2524.JPG [2013.07.21 13:39:21 | 002,152,937 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2523.JPG [2013.07.21 13:39:19 | 002,344,318 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2521.JPG [2013.07.21 13:38:52 | 001,934,462 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2519.JPG [2013.07.21 13:38:50 | 002,105,307 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2518.JPG [2013.07.21 13:38:48 | 002,124,730 | R--- | C] () -- C:\Users\andy\Desktop\CIMG2517.JPG [2013.07.20 13:33:39 | 008,249,273 | R--- | C] () -- C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip [2013.07.20 13:20:59 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.20 12:27:55 | 000,001,700 | ---- | C] () -- C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk [2013.06.26 21:40:03 | 000,003,718 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml [2012.09.25 20:40:22 | 000,000,797 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{71E7C1C8-2DC8-46A7-97BA-5ECE92DC7AED}_sta [2012.09.25 20:40:22 | 000,000,794 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{71E7C1C8-2DC8-46A7-97BA-5ECE92DC7AED}_prof [2012.09.25 20:38:35 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\rt2870.bin [2012.09.25 20:38:34 | 000,014,640 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.09.25 20:38:19 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\RAEXTUI.dll [2012.09.25 20:31:51 | 000,000,808 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{D6E232D7-E90E-47CB-AAD2-C8AA3DD43AA8}_prof [2012.09.25 20:31:51 | 000,000,797 | ---- | C] () -- C:\Users\andy\AppData\Local\RT3070_{D6E232D7-E90E-47CB-AAD2-C8AA3DD43AA8}_sta [2012.09.04 16:13:04 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.02.22 16:34:25 | 000,000,186 | ---- | C] () -- C:\Users\andy\AppData\Roaming\wklnhst.dat [2012.01.25 01:15:30 | 000,000,904 | ---- | C] () -- C:\Users\andy\PokerStars.lnk [2012.01.12 20:20:53 | 017,153,049 | ---- | C] () -- C:\Users\andy\Als Doorgunner in Mazar-e Sharif[1].mp4 [2012.01.12 15:33:21 | 000,077,190 | ---- | C] () -- C:\Users\andy\lustig.jpg [2012.01.06 22:29:09 | 000,393,897 | R--- | C] () -- C:\Users\andy\reparaturauftrag.pdf [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.28 13:02:18 | 000,001,356 | ---- | C] () -- C:\Users\andy\AppData\Local\d3d9caps.dat [2011.09.27 09:37:31 | 000,011,536 | ---- | C] () -- C:\Users\andy\319547_235679213147029_222573687790915_621351_891860537_n.jpg [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.28 14:25:59 | 000,000,340 | ---- | C] () -- C:\Windows\wininit.ini [2011.07.10 21:29:45 | 000,000,058 | ---- | C] () -- C:\Users\andy\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2011.04.09 21:49:46 | 000,104,448 | ---- | C] () -- C:\Users\andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.04 23:17:24 | 000,000,732 | ---- | C] () -- C:\Users\andy\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2012.10.18 16:06:10 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2012.10.18 16:06:10 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\$Recycle.Bin\S-1-5-18\$e208ff6f672c650c04e7a8e5c9943106\n. "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4D066AD2 < End of report > OTL Extras logfile created on: 24.07.2013 12:14:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andy\Desktop\Neuer Ordner 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,19% Memory free 16,05 Gb Paging File | 13,65 Gb Available in Paging File | 85,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,46 Gb Total Space | 211,18 Gb Free Space | 46,06% Space Free | Partition Type: NTFS Drive D: | 458,41 Gb Total Space | 410,10 Gb Free Space | 89,46% Space Free | Partition Type: NTFS Drive E: | 18,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDY-PC | User Name: andy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 67 BD A5 90 0C F3 CB 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5783F2D7-9017-0407-1102-0060B0CE6BBA}" = AutoCAD Plant 3D 2011 Language Pack - Deutsch "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A109BCE-6CC8-7AF4-EF13-E5EC6BACFFA5}" = ATI AVIVO64 Codecs "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{ADE357A9-1514-A3CB-2053-EFAC5B6698C0}" = ATI Problem Report Wizard "{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64 "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON PX710W Series" = EPSON PX710W Series Printer Uninstall "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.00 (64-Bit) "WNLT" = IB Updater Service [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1" = Kalenderchen 5 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1" = FINAL FANTASY VII "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{186688D8-B50B-41d9-B036-CAE52CCB86AE}_is1" = Ashampoo 3D CAD Professional 3 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = EDIMAX Edimax Wireless LAN "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{37D290AF-6602-4C22-9AF8-66CB7231C729}" = minimal arts - Toolbar für amazon.de "{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German "{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69F3E292-7DB2-4FC1-A270-DFDD77448EA2}" = WinFunktion Mathematik plus 19 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6CA671A5-954C-4B75-8104-7B085246A8B5}" = dolp_demo "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files (x86)\Acer GameZone\GameConsole "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7FF30785-278C-4D1C-858B-349F7373A991}" = Free-Jahreskalender 2013 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French "{9B0AC7ED-E425-4BD9-8196-D4D5D31FFD37}" = Activision(R) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7 "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian "{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader "{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0 "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{D82F4E66-B3F6-4482-879E-AAC745CCFE0F}" = DraftSight "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DB90B88C-DDA6-4831-B73D-58B4B8F3D349}" = Document Express DjVu Plug-in "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010 "{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{ED83D14F-8100-63D0-9329-77A92380EB92}" = HydraVision "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{EE79A8D3-6676-41FF-967C-242017CEC0F2}" = MAGIX Screenshare "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG Secure Search" = AVG Security Toolbar "Avira AntiVir Desktop" = Avira Free Antivirus "BewerbungsGenie 7_is1" = DATA BECKER BewerbungsGenie 7 "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "delta" = Delta toolbar "Dishonored German (c) Bethesda_is1" = Dishonored German (c) Bethesda version 1 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Epson Printer Software Downloader" = Epson Printer Software Downloader "EPSON Scanner" = EPSON Scan "Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Benutzerhandbuch" = Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Handbuch "FluidSIM 4.2n Pneumatik Demoversion" = FluidSIM 4.2n Pneumatik Demoversion "Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.24.430 "Goldfieber III - Der Schatz des Schwarzen Ordens SA - Deutsch 1.0" = Goldfieber III - Der Schatz des Schwarzen Ordens SA - Deutsch 1.0 "Google Chrome" = Google Chrome "GridinSoft Trojan Killer" = Trojan Killer "iLivid" = iLivid "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{9B0AC7ED-E425-4BD9-8196-D4D5D31FFD37}" = Ice Age 3 Die Dinosaurier sind los(TM) "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "MAGIX_{EE79A8D3-6676-41FF-967C-242017CEC0F2}" = MAGIX Screenshare "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.7 "PokerStars.eu" = PokerStars.eu "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PS3 Media Server" = PS3 Media Server "Rockstar Games Social Club" = Rockstar Games Social Club "ScreenshotCaptor_is1" = Screenshot Captor 2.88.01 "StarCraft II" = StarCraft II "Streamripper" = Streamripper (Remove only) "Sweet Home 3D_is1" = Sweet Home 3D version 4.0 "UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft "VLC media player" = VLC media player 0.9.9 "WhiteCap" = WhiteCap "WinLiveSuite" = Windows Live Essentials "WinX Free MP4 to WMV Converter_is1" = WinX Free MP4 to WMV Converter 4.1.3 "XP Codec Pack" = XP Codec Pack ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "FoxTab Media Player" = FoxTab Media Player "PassportPhoto" = PassportPhoto (remove) "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.09.2012 11:08:01 | Computer Name = andy-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 Description = Error - 11.09.2012 11:13:17 | Computer Name = andy-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung TuneUpUtilitiesService64.exe, Version 10.0.4000.60, Zeitstempel 0x4d80a995, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel 0x49f05e53, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000059360, Prozess-ID 0xa58, Anwendungsstartzeit 01cd902daafa0a07. Error - 12.09.2012 10:05:30 | Computer Name = andy-PC | Source = FSecure-FSecure-F-Secure Management Agent | ID = 103 Description = Error - 12.09.2012 10:06:38 | Computer Name = andy-PC | Source = WinMgmt | ID = 10 Description = Error - 12.09.2012 10:09:02 | Computer Name = andy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 12.09.2012 10:09:28 | Computer Name = andy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 12.09.2012 10:29:22 | Computer Name = andy-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung TuneUpUtilitiesService64.exe, Version 10.0.4000.60, Zeitstempel 0x4d80a995, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel 0x49f05e53, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000059360, Prozess-ID 0xa44, Anwendungsstartzeit 01cd90ef9b10d517. Error - 12.09.2012 10:48:25 | Computer Name = andy-PC | Source = FSecure-FSecure-F-Secure Management Agent | ID = 103 Description = Error - 12.09.2012 10:49:30 | Computer Name = andy-PC | Source = WinMgmt | ID = 10 Description = Error - 12.09.2012 10:50:00 | Computer Name = andy-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung TuneUpUtilitiesService64.exe, Version 10.0.4000.60, Zeitstempel 0x4d80a995, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel 0x49f05e53, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000059360, Prozess-ID 0xa70, Anwendungsstartzeit 01cd90f599be9497. [ System Events ] Error - 24.07.2013 06:04:43 | Computer Name = andy-PC | Source = DCOM | ID = 10016 Description = Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7023 Description = Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7000 Description = Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7000 Description = Error - 24.07.2013 06:05:08 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7026 Description = Error - 24.07.2013 06:06:52 | Computer Name = andy-PC | Source = Service Control Manager | ID = 7001 Description = Error - 24.07.2013 06:14:35 | Computer Name = andy-PC | Source = DCOM | ID = 10016 Description = Error - 24.07.2013 06:14:43 | Computer Name = andy-PC | Source = DCOM | ID = 10016 Description = Error - 24.07.2013 06:24:35 | Computer Name = andy-PC | Source = DCOM | ID = 10016 Description = Error - 24.07.2013 06:24:43 | Computer Name = andy-PC | Source = DCOM | ID = 10016 Description = < End of report > |
24.07.2013, 11:39 | #2 |
/// the machine /// TB-Ausbilder | Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
24.07.2013, 11:45 | #3 |
| Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! ok
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013 Ran by andy (administrator) on 24-07-2013 12:42:21 Running from C:\Users\andy\Desktop\Neuer Ordner Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Tanuki Software, Ltd.) C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe (Ralink Technology, Corp.) C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Microsoft Corporation) C:\Windows\system32\locator.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Oracle Corporation) C:\Windows\SysWOW64\java.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Realtek Semiconductor) C:\Windows\RAVCpl64.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (Akamai Technologies, Inc.) C:\Users\andy\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Edimax Technology Co.) C:\Program Files (x86)\EDIMAX\Common\RaUI.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Akamai Technologies, Inc.) C:\Users\andy\AppData\Local\Akamai\netsession_win.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - RAVCpl64.exe [x] HKLM\...\Run: [Skytel] - Skytel.exe [x] HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e208ff6f672c650c04e7a8e5c9943106\n. ATTENTION! ====> ZeroAccess? HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd) HKCU\...\Run: [HydraVisionMDEngine] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe [569344 2010-11-18] (AMD) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\andy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [Epson Stylus Photo PX710W(Netzwerk)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_SC574.tmp" /EF "HKCU" [x] HKCU\...\Run: [phonostar-PlayerTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2012-10-13] () HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-18] (AMD) HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106\n. ATTENTION! ====> ZeroAccess? MountPoints2: L - L:\LANLauncher.exe MountPoints2: {87924176-839d-11e0-8df8-00226838da8f} - F:\LaunchU3.exe -a HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-06-26] () HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG) HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation) HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer) HKU\Default\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation) HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer) HKU\Default User\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\EDIMAX\Common\RaUI.exe (Edimax Technology Co.) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Search iGoogle Redirect Acer | explore beyond limits HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect URLSearchHook: (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss_gin2g&mntrId=4406000E2EB7C6AB SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss_gin2g&mntrId=4406000E2EB7C6AB SearchScopes: HKCU - {480895A8-4E1F-46BA-B874-676ECAEBF0AA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {6C8252B8-767D-4525-9222-039C5FFDE6D0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=dbd9583e-4199-4dcf-8b1a-9ca10cad4d52&apn_sauid=7F56338C-2D7E-4469-9A40-138FC4BA9D34 SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={4504E953-4B99-4BD8-83B3-9C3BE5D7DC4F}&mid=193e01731d4f47d0ad83d16b2edc337c-9a17b43a29ba30b5145348a65b47eabb4e5f0f45&lang=de&ds=tt014&pr=sa&d=2012-11-10 13:47:33&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms} SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyFw6p1KD&i=26 BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll () BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO-x32: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: MimalaAmazonToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM-x32 - Mimala Amazon Toolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default FF user.js: detected! => C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\user.js FF NewTab: hxxp://www.delta-search.com/?affID=121562&tt=gc_&babsrc=NT_ss&mntrId=4406000E2EB7C6AB FF Homepage: hxxp://www.goggle.de/ FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( ) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\BrowserProtect.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\firefox-add-ons.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-1.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-10.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-11.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-12.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-13.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-14.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-15.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-16.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-17.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-18.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-19.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-2.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-20.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-21.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-22.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-23.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-24.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-25.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-3.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-4.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-5.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-6.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-7.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-8.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-9.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\mixidj.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\sweetim.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src FF Extension: Toolbar für amazon.de - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\0001.amztoolbar@minimalarts.de FF Extension: Lyrics-Monkey - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\122 FF Extension: AVG Security Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\avg@toolbar FF Extension: Babylon - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@babylon.com FF Extension: Delta Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@delta.com FF Extension: incredibar.com - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@incredibar.com FF Extension: Ashampoo DE Community Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{5786d022-540e-4699-b350-b4be0ae94b79} FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF Extension: ciuvo-extension - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ciuvo-extension@icq.de.xpi FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\andy\AppData\Roaming\5025 FF Extension: Java String Helper - C:\Users\andy\AppData\Roaming\5025 Chrome: ======= CHR HomePage: "homepage": "", CHR RestoreOnStartup: "hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_gin2g&mntrId=4406000E2EB7C6AB", "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=4406000E2EB7C6AB" CHR Plugin: ( "name": "Remoting Viewer",) - "path": "internal-remoting-viewer", CHR Plugin: ( "name": "Native Client",) - "path": "C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll", No File CHR Plugin: ( "name": "Chrome PDF Viewer",) - "path": "C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll", No File CHR Plugin: ( "name": "Shockwave Flash",) - "path": "C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll", No File CHR Plugin: ( "name": "Shockwave Flash",) - "path": "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll", No File CHR Plugin: ( "name": "Adobe Acrobat",) - "path": "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll", No File CHR Plugin: ( "name": "Java Deployment Toolkit 6.0.260.3",) - "path": "C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll", No File CHR Plugin: ( "name": "Java(TM) Platform SE 6 U26",) - "path": "C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll", No File CHR Plugin: ( "name": "Microsoft® Windows Media Player Firefox Plugin",) - "path": "C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll", No File CHR Plugin: ( "name": "DjVu Plugin Viewer",) - "path": "C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll", No File CHR Plugin: ( "name": "2007 Microsoft Office system",) - "path": "C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll", No File CHR Plugin: ( "name": "fluxDVD Browser Plugin",) - "path": "C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll", No File CHR Plugin: ( "name": "Google Update",) - "path": "C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll", No File CHR Plugin: ( "name": "Windows Live® Photo Gallery",) - "path": "C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll", No File CHR Plugin: ( "name": "iTunes Application Detector",) - "path": "C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll", No File CHR Plugin: ( "name": "Protect Disc License Acquisition Plugin",) - "path": "C:\Users\andy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll", No File CHR Plugin: ( "name": "Windows Presentation Foundation",) - "path": "c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll", No File CHR Plugin: ( "name": "Default Plug-in",) - "path": "default_plugin", No File CHR Extension: (TV) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0 CHR Extension: (YouTube) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Digital Clock) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0 CHR Extension: (avast! WebRep) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0 CHR Extension: (SweetIM for Facebook) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0 CHR Extension: () - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19 CHR Extension: (Lyrics-Monkey) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.122 CHR Extension: (MixiDj Chrome Toolbar) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0 CHR Extension: (Sprocket Rocket) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0 CHR Extension: (AVG Secure Search) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0 CHR Extension: (Gmail) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.3.0.11\avg.crx ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG) R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) S3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-01-24] (Dassault Systèmes) R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated) R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-10-01] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3889424 2011-08-01] (INCA Internet Co., Ltd.) R2 PS3 Media Server; C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe [366872 2011-05-17] (Tanuki Software, Ltd.) R2 RalinkRegistryWriter; C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe [69632 2008-05-12] (Ralink Technology, Corp.) R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-26] (AVG Secure Search) S4 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-08-23] () S2 IBUpdaterService; %SystemRoot%\system32\dmwu.exe [x] S2 WebOptimizer; %SystemRoot%\system32\dmwu.exe [x] ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-05] (DT Soft Ltd) R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.) R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28192 2008-07-22] (NVIDIA Corporation) R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation) R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated) R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated) R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated) R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [55640 2006-09-18] (Realtek Semiconductor Corporation ) S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2012-01-04] (Windows (R) Win 7 DDK provider) R2 VBoxDrv; C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys [203864 2010-07-15] (Oracle Corporation) S3 dump_wmimmc; \??\C:\AeriaGames\WolfTeam-DE\GameGuard\dump_wmimmc.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S1 ntiomin; No ImagePath S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 USBAAPL64; System32\Drivers\usbaapl64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-24 12:41 - 2013-07-24 12:41 - 00000955 _____ C:\Users\andy\Desktop\Continue Zip Opener Installation.lnk 2013-07-24 11:01 - 2013-07-24 11:01 - 00000000 ____D C:\FRST 2013-07-23 11:24 - 2013-07-23 11:25 - 00000000 ____D C:\Users\andy\AppData\Local\Dirty 2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\YVwAvuyo 2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\QOzRNmaj 2013-07-21 21:51 - 2013-07-21 21:51 - 00000000 ____D C:\Users\andy\AppData\Roaming\FSC 2013-07-21 21:48 - 2013-07-23 12:09 - 00000000 ____D C:\Program Files (x86)\Iminent 2013-07-21 13:00 - 2013-07-21 15:44 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner (2) 2013-07-20 18:24 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files\iPod(37) 2013-07-20 18:24 - 2013-07-20 18:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-07-20 18:23 - 2013-07-20 18:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update(0) 2013-07-20 18:21 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files\Bonjour(36) 2013-07-20 18:21 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files (x86)\Bonjour(17) 2013-07-20 13:35 - 2013-07-20 13:35 - 00000000 ____D C:\Users\andy\AppData\Roaming\WindSolutions 2013-07-20 13:34 - 2013-07-20 18:03 - 00000000 ____D C:\ProgramData\WindSolutions 2013-07-20 13:33 - 2013-07-20 13:33 - 08249273 ____R C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip 2013-07-20 13:20 - 2013-07-20 13:20 - 00000952 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-20 12:27 - 2013-07-20 12:27 - 00001700 _____ C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk 2013-07-20 12:26 - 2013-07-24 12:42 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner 2013-07-20 12:07 - 2013-07-20 19:10 - 00000000 ____D C:\Users\andy\Desktop\Spartacus 2013-07-20 12:03 - 2013-07-23 12:11 - 00000000 ____D C:\Users\andy\Desktop\Filme 2013-07-20 12:03 - 2013-07-20 12:41 - 00000000 ____D C:\Users\andy\Desktop\Musik 2013-07-20 12:03 - 2013-07-20 12:40 - 00000000 ____D C:\Users\andy\Desktop\Programme 2013-07-20 12:03 - 2013-07-20 12:10 - 00000000 ____D C:\Users\andy\Desktop\Spiele 2013-07-16 19:54 - 2013-07-16 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-10 21:33 - 2013-07-10 21:33 - 00262144 _____ C:\Windows\Minidump\Mini071013-01.dmp 2013-06-26 21:40 - 2013-06-26 21:40 - 00003718 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2013-06-25 20:21 - 2013-06-25 20:21 - 00000000 ____D C:\Users\andy\AppData\Local\{BA8BAA2F-142E-4166-85C0-6D80F8DA2338} ==================== One Month Modified Files and Folders ======= 2013-07-24 12:42 - 2013-07-20 12:26 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner 2013-07-24 12:41 - 2013-07-24 12:41 - 00000955 _____ C:\Users\andy\Desktop\Continue Zip Opener Installation.lnk 2013-07-24 12:21 - 2012-07-01 20:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-24 12:11 - 2008-01-21 13:10 - 01452956 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-24 12:11 - 2008-01-21 13:09 - 00631120 _____ C:\Windows\system32\perfh007.dat 2013-07-24 12:11 - 2008-01-21 13:09 - 00127462 _____ C:\Windows\system32\perfc007.dat 2013-07-24 12:06 - 2012-07-02 16:34 - 00101414 _____ C:\Users\andy\Sti_Trace.log 2013-07-24 12:03 - 2013-07-20 18:24 - 00000000 ____D C:\Program Files\iPod(37) 2013-07-24 12:03 - 2013-07-20 18:21 - 00000000 ____D C:\Program Files\Bonjour(36) 2013-07-24 12:03 - 2013-07-20 18:21 - 00000000 ____D C:\Program Files (x86)\Bonjour(17) 2013-07-24 12:03 - 2013-06-03 18:47 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-07-24 12:03 - 2012-02-19 19:13 - 00000000 ____D C:\Users\andy\Desktop\PS3 Media Server 2013-07-24 12:03 - 2012-01-08 18:30 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-24 12:03 - 2011-04-04 23:17 - 00000000 ____D C:\Users\andy 2013-07-24 12:03 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-24 12:03 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-24 12:03 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-24 12:03 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\Msdtc 2013-07-24 12:02 - 2006-11-02 14:33 - 90439680 _____ C:\Windows\system32\config\software_previous 2013-07-24 12:02 - 2006-11-02 14:33 - 45088768 _____ C:\Windows\system32\config\components_previous 2013-07-24 12:02 - 2006-11-02 14:33 - 31457280 _____ C:\Windows\system32\config\system_previous 2013-07-24 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\default_previous 2013-07-24 12:02 - 2006-11-02 14:33 - 00057344 _____ C:\Windows\system32\config\sam_previous 2013-07-24 12:02 - 2006-11-02 14:33 - 00020480 _____ C:\Windows\system32\config\security_previous 2013-07-24 11:54 - 2013-05-28 18:56 - 00000000 ____D C:\Users\andy\AppData\Roaming\Delta 2013-07-24 11:54 - 2013-03-11 20:47 - 00000000 ____D C:\Users\andy\AppData\Roaming\Kalenderchen 2013-07-24 11:54 - 2013-02-19 20:45 - 00000000 ____D C:\Users\andy\AppData\Local\iLivid 2013-07-24 11:54 - 2013-02-01 18:06 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-07-24 11:54 - 2013-02-01 18:03 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-07-24 11:54 - 2013-01-23 19:27 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSTATIK 2013-07-24 11:54 - 2012-12-30 18:49 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II 2013-07-24 11:54 - 2012-12-30 18:20 - 00000000 ____D C:\Users\andy\Documents\StarCraft II 2013-07-24 11:54 - 2012-07-21 13:08 - 00000000 ____D C:\Users\andy\AppData\Local\MicrosoftStore 2013-07-24 11:54 - 2012-07-01 20:44 - 00000000 ____D C:\Users\andy\AppData\Roaming\mp3DirectCut 2013-07-24 11:54 - 2012-05-14 22:03 - 00000000 ____D C:\Users\andy\AppData\Roaming\ICQ Search 2013-07-24 11:54 - 2012-02-17 19:08 - 00000000 ____D C:\Users\andy\AppData\Roaming\DVDVideoSoft 2013-07-24 11:54 - 2012-01-30 00:15 - 00000000 ____D C:\Users\andy\AppData\Local\Akamai 2013-07-24 11:54 - 2012-01-08 18:31 - 00000000 ____D C:\Users\andy\AppData\Roaming\PhotoScape 2013-07-24 11:54 - 2011-11-10 23:02 - 00000000 ____D C:\Users\andy\AppData\Local\PokerStars.EU 2013-07-24 11:54 - 2011-10-30 18:53 - 00000000 ____D C:\Users\andy\AppData\Roaming\gtk-2.0 2013-07-24 11:54 - 2011-10-30 18:39 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouWave_Android 2013-07-24 11:54 - 2011-09-08 22:20 - 00000000 ____D C:\Users\andy\AppData\Roaming\5025 2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files\iTunes 2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files\iPod 2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-07-24 11:54 - 2011-06-14 17:48 - 00000000 ____D C:\ProgramData\Apple Computer 2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\ProgramData\Apple 2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\Program Files\Bonjour 2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-07-24 11:54 - 2011-06-14 15:03 - 00000000 ____D C:\AutoCAD Plant 3D 2011 Content 2013-07-24 11:54 - 2011-06-13 10:46 - 00000000 ____D C:\AiO-Files 2013-07-24 11:54 - 2011-05-26 22:38 - 00000000 ____D C:\Users\andy\AppData\Local\Microsoft Help 2013-07-24 11:54 - 2011-05-23 17:31 - 00000000 ____D C:\Users\andy\AppData\Local\PokerStars.NET 2013-07-24 11:54 - 2011-04-23 23:26 - 00000000 ____D C:\Users\andy\AppData\Roaming\ProtectDISC 2013-07-24 11:54 - 2011-04-21 07:24 - 00000000 ____D C:\Users\andy\AppData\Roaming\dvdcss 2013-07-24 11:54 - 2011-04-20 20:38 - 00000000 ____D C:\Users\andy\AppData\Roaming\vlc 2013-07-24 11:54 - 2011-04-08 15:22 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-07-24 11:54 - 2011-04-05 20:59 - 00000000 ____D C:\Users\andy\AppData\Roaming\Gutscheinmieze 2013-07-24 11:54 - 2011-04-05 19:25 - 00000000 ____D C:\Users\andy\Documents\UseNeXT 2013-07-24 11:54 - 2011-04-04 23:21 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-07-24 11:54 - 2011-04-04 23:17 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-07-24 11:54 - 2011-04-04 23:17 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-07-24 11:54 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool 2013-07-24 11:53 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration 2013-07-24 11:41 - 2011-04-04 23:08 - 01509939 _____ C:\Windows\WindowsUpdate.log 2013-07-24 11:22 - 2011-09-28 13:02 - 00001356 _____ C:\Users\andy\AppData\Local\d3d9caps.dat 2013-07-24 11:10 - 2008-01-21 05:26 - 07011402 _____ C:\Windows\PFRO.log 2013-07-24 11:01 - 2013-07-24 11:01 - 00000000 ____D C:\FRST 2013-07-23 12:11 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Filme 2013-07-23 12:09 - 2013-07-21 21:48 - 00000000 ____D C:\Program Files (x86)\Iminent 2013-07-23 11:57 - 2013-02-16 14:03 - 00000000 ____D C:\Users\andy\AppData\Roaming\UseNeXT 2013-07-23 11:37 - 2009-01-23 12:39 - 00000000 ____D C:\Program Files (x86)\Acer Arcade Live 2013-07-23 11:25 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\Dirty 2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\YVwAvuyo 2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\QOzRNmaj 2013-07-23 11:24 - 2012-07-30 08:49 - 00000000 ____D C:\Users\andy\AppData\Local\{34E010AB-4EBA-4C22-80AA-8510855D73D4} 2013-07-21 21:51 - 2013-07-21 21:51 - 00000000 ____D C:\Users\andy\AppData\Roaming\FSC 2013-07-21 21:49 - 2006-11-02 15:34 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2013-07-21 21:49 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2013-07-21 15:44 - 2013-07-21 13:00 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner (2) 2013-07-20 19:10 - 2013-07-20 12:07 - 00000000 ____D C:\Users\andy\Desktop\Spartacus 2013-07-20 19:10 - 2011-08-18 21:22 - 00025473 _____ C:\Windows\setupact.log 2013-07-20 18:24 - 2013-07-20 18:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-07-20 18:23 - 2013-07-20 18:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update(0) 2013-07-20 18:03 - 2013-07-20 13:34 - 00000000 ____D C:\ProgramData\WindSolutions 2013-07-20 14:03 - 2012-01-08 18:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-20 13:35 - 2013-07-20 13:35 - 00000000 ____D C:\Users\andy\AppData\Roaming\WindSolutions 2013-07-20 13:33 - 2013-07-20 13:33 - 08249273 ____R C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip 2013-07-20 13:21 - 2012-10-18 16:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-20 13:20 - 2013-07-20 13:20 - 00000952 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-20 13:07 - 2012-07-19 15:16 - 00000000 ____D C:\Users\andy\Desktop\Fotos 2013-07-20 12:44 - 2012-02-22 16:34 - 00000186 _____ C:\Users\andy\AppData\Roaming\wklnhst.dat 2013-07-20 12:41 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Musik 2013-07-20 12:40 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Programme 2013-07-20 12:27 - 2013-07-20 12:27 - 00001700 _____ C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk 2013-07-20 12:27 - 2013-02-16 14:03 - 00000000 ____D C:\Program Files (x86)\UseNeXT 2013-07-20 12:17 - 2006-11-02 17:42 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-20 12:10 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Spiele 2013-07-17 12:55 - 2012-04-26 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-16 21:55 - 2013-07-16 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-16 21:53 - 2012-11-17 23:59 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU 2013-07-16 16:02 - 2012-08-06 16:02 - 00000250 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job 2013-07-16 15:58 - 2012-01-08 18:30 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-16 15:58 - 2012-01-08 18:30 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-10 21:33 - 2013-07-10 21:33 - 00262144 _____ C:\Windows\Minidump\Mini071013-01.dmp 2013-07-10 21:33 - 2013-02-20 19:47 - 00000000 ____D C:\Windows\Minidump 2013-07-10 21:32 - 2013-02-20 19:47 - 652037851 _____ C:\Windows\MEMORY.DMP 2013-06-26 21:40 - 2013-06-26 21:40 - 00003718 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2013-06-26 21:40 - 2012-11-20 19:39 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-06-26 21:40 - 2012-11-19 18:14 - 00000000 ____D C:\ProgramData\AVG Secure Search 2013-06-26 21:40 - 2012-11-10 14:47 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2013-06-25 20:26 - 2013-06-18 21:15 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013-06-25 20:21 - 2013-06-25 20:21 - 00000000 ____D C:\Users\andy\AppData\Local\{BA8BAA2F-142E-4166-85C0-6D80F8DA2338} ZeroAccess: C:\Windows\assembly\tmp C:\Windows\assembly\tmp\U C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$e208ff6f672c650c04e7a8e5c9943106 ZeroAccess: C:\Users\andy\AppData\Local\649deb8e C:\Users\andy\AppData\Local\649deb8e\@ C:\Users\andy\AppData\Local\649deb8e\U ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-24 12:25 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2013 Ran by andy at 2013-07-24 12:44:59 Running from C:\Users\andy\Desktop\Neuer Ordner Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Acer eDataSecurity Management (x32 Version: 3.0.3065) Acer Empowering Technology (x32 Version: 3.0.3011) Acer Product Registration (x32 Version: 3.0.0.10) Acer ScreenSaver (x32 Version: 4.01.0718) Activision(R) (x32 Version: 1.00.0000) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Akamai NetSession Interface (HKCU) AMD APP SDK Runtime (Version: 10.0.1084.4) AMD Catalyst Install Manager (Version: 8.0.903.0) Apple Application Support (x32 Version: 2.3) Apple Software Update (x32 Version: 2.1.3.127) Ashampoo 3D CAD Professional 3 (x32 Version: 3.0.2) ATI AVIVO64 Codecs (Version: 11.6.0.51118) ATI Catalyst Registration (x32 Version: 3.00.0000) ATI Problem Report Wizard (Version: 3.0.800.0) AutoCAD Plant 3D 2011 Language Pack - Deutsch (Version: 2.0.37.00) AVG Security Toolbar (x32 Version: 15.3.0.11) Avira Free Antivirus (x32 Version: 13.0.0.3737) Bing Bar (x32 Version: 6.3.2348.0) Bing Bar Platform (x32 Version: 6.3.2348.0) Bonjour (Version: 2.0.5.0) C:\Program Files (x86)\Acer GameZone\GameConsole (x32 Version: 2.0.1.4) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2012.1219.1521.27485) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0214.2218.39913) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485) Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485) Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485) CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485) CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485) CCC Help Czech (x32 Version: 2012.0214.2217.39913) CCC Help Czech (x32 Version: 2012.1219.1520.27485) CCC Help Danish (x32 Version: 2012.0214.2217.39913) CCC Help Danish (x32 Version: 2012.1219.1520.27485) CCC Help Dutch (x32 Version: 2012.1219.1520.27485) CCC Help English (x32 Version: 2012.0214.2217.39913) CCC Help English (x32 Version: 2012.1219.1520.27485) CCC Help Finnish (x32 Version: 2012.0214.2217.39913) CCC Help Finnish (x32 Version: 2012.1219.1520.27485) CCC Help French (x32 Version: 2012.0214.2217.39913) CCC Help French (x32 Version: 2012.1219.1520.27485) CCC Help German (x32 Version: 2012.0214.2217.39913) CCC Help German (x32 Version: 2012.1219.1520.27485) CCC Help Greek (x32 Version: 2012.0214.2217.39913) CCC Help Greek (x32 Version: 2012.1219.1520.27485) CCC Help Hungarian (x32 Version: 2012.0214.2217.39913) CCC Help Hungarian (x32 Version: 2012.1219.1520.27485) CCC Help Italian (x32 Version: 2012.0214.2217.39913) CCC Help Italian (x32 Version: 2012.1219.1520.27485) CCC Help Japanese (x32 Version: 2012.0214.2217.39913) CCC Help Japanese (x32 Version: 2012.1219.1520.27485) CCC Help Korean (x32 Version: 2012.0214.2217.39913) CCC Help Korean (x32 Version: 2012.1219.1520.27485) CCC Help Norwegian (x32 Version: 2012.1219.1520.27485) CCC Help Polish (x32 Version: 2012.1219.1520.27485) CCC Help Portuguese (x32 Version: 2012.1219.1520.27485) CCC Help Russian (x32 Version: 2012.1219.1520.27485) CCC Help Spanish (x32 Version: 2012.0214.2217.39913) CCC Help Spanish (x32 Version: 2012.1219.1520.27485) CCC Help Swedish (x32 Version: 2012.1219.1520.27485) CCC Help Thai (x32 Version: 2012.1219.1520.27485) CCC Help Turkish (x32 Version: 2012.1219.1520.27485) ccc-utility64 (Version: 2012.0214.2218.39913) ccc-utility64 (Version: 2012.1219.1521.27485) Cisco EAP-FAST Module (x32 Version: 2.2.14) Cisco LEAP Module (x32 Version: 1.0.19) Cisco PEAP Module (x32 Version: 1.1.6) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.40.2.0131) DAEMON Tools Toolbar (x32 Version: 1.1.4.0024) DATA BECKER BewerbungsGenie 7 (x32 Version: 6.0.10.49) Delta toolbar (x32 Version: 1.8.21.5) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904) Dishonored German (c) Bethesda version 1 (x32 Version: 1) Document Express DjVu Plug-in (x32 Version: 6.1.27549) Dolby Control Center (Version: 1.1.0601) dolp_demo (x32 Version: 1.0.0.0) DraftSight (x32 Version: 8.4.274) Dual-Core Optimizer (x32 Version: 1.1.4.0169) EDIMAX Edimax Wireless LAN (x32 Version: 1.0.3.0) Epson Easy Photo Print 2 (x32 Version: 2.3.2.0) Epson Event Manager (x32 Version: 2.30.00) Epson Print CD (x32 Version: 2.00.00) Epson Printer Software Downloader (x32 Version: 2.0.0) Epson Printer Software Downloader (x32) EPSON Scan (x32) Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Handbuch (x32) EpsonNet Print (x32 Version: 2.4i) EpsonNet Setup (x32 Version: 3.1a) eSobi v2 (x32 Version: 2.0.3.000201) FINAL FANTASY VII (x32 Version: 1.0) FluidSIM 4.2n Pneumatik Demoversion (x32) FoxTab Media Player (HKCU) Free MP4 Video Converter version 5.0.24.430 (x32 Version: 5.0.24.430) Free-Jahreskalender 2013 (x32 Version: 9.00.2013) Geeks3D.com FurMark 1.9.0 (x32) Goldfieber III - Der Schatz des Schwarzen Ordens SA - Deutsch 1.0 (x32 Version: 1.0) Google Chrome (x32 Version: 28.0.1500.72) Google Earth Plug-in (x32 Version: 7.0.3.8542) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Update Helper (x32 Version: 1.3.21.153) HydraVision (x32 Version: 4.2.184.0) IB Updater Service (Version: 3.0.5.4) Ice Age 3 Die Dinosaurier sind los(TM) (x32 Version: 1.00.0000) iLivid (x32 Version: 4.0.0.2466) Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004) iTunes (Version: 10.3.1.55) Java Auto Updater (x32 Version: 2.1.5.3) Java(TM) 6 Update 26 (x32 Version: 6.0.260) Java(TM) 7 Update 2 (x32 Version: 7.0.20) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kalenderchen 5 (x32) LEGO® Star Wars™: Die Komplette Saga (x32 Version: 1.00.0000) LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000) MAGIX Screenshare (x32 Version: 4.3.6.1987) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Messenger Companion (x32 Version: 15.4.3502.0922) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.0.0) Microsoft Default Manager (x32 Version: 2.2.114.0) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access database engine 2007 (English) (x32 Version: 12.0.6612.1000) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0) Microsoft Silverlight (x32 Version: 4.1.10329.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Works (x32 Version: 08.05.0822) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) minimal arts - Toolbar für amazon.de (x32 Version: 1.0.0) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) NTI Backup Now 5 (x32 Version: 5.1.2.616) NTI Backup Now Standard (x32 Version: 5.1.2.616) NTI Media Maker 8 (x32 Version: 8.0.2.6509) NVIDIA Drivers NVIDIA PhysX (x32 Version: 9.09.1112) ON PX710W Series Printer Uninstall PassportPhoto (remove) (HKCU) phonostar-Player Version 3.02.7 (x32) PokerStars.eu (x32) ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14) PS3 Media Server (x32 Version: 1.52.1) QuickTime (x32 Version: 7.73.80.64) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5704) REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0175) Rockstar Games Social Club (x32 Version: 1.0.9.5) Screenshot Captor 2.88.01 (x32) Segoe UI (x32 Version: 15.4.2271.0615) StarCraft II (x32 Version: 2.0.8.25604) Streamripper (Remove only) (x32) Sweet Home 3D version 4.0 (x32) SweetIM for Messenger 3.7 (x32 Version: 3.7.0007) SweetPacks bundle uninstaller (x32 Version: 1.0.0000) The Lord of the Rings FREE Trial (x32 Version: 1.00.0000) The War Z version 1.0 (x32 Version: 1.0) Trojan Killer (x32 Version: 2.1.5.4) Uniblue RegistryBooster 2010 (x32) Unity Web Player (HKCU Version: ) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (x32) Update für Microsoft Office Excel 2007 Help (KB963678) (x32) Update für Microsoft Office Outlook 2007 Help (KB963677) (x32) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update für Microsoft Office Word 2007 Help (KB963665) (x32) Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008) UseNeXT by Tangysoft (x32) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 0.9.9 (x32 Version: 0.9.9) Web Assistant 2.0.0.478 (Version: 2.0.0.478) WhiteCap (x32 Version: 5.7.1) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live Sync (x32 Version: 14.0.8050.1202) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) WinFunktion Mathematik plus 19 (x32 Version: 1.00.0000) WinRAR 4.00 (64-Bit) (Version: 4.00.0) WinX Free MP4 to WMV Converter 4.1.3 (x32) World of Tanks v.0.7.1 (x32) XP Codec Pack (x32) ==================== Restore Points ========================= 21-06-2013 12:10:17 Geplanter Prüfpunkt 20-07-2013 12:34:51 Geplanter Prüfpunkt 20-07-2013 16:06:49 Removed Apple Application Support 20-07-2013 16:07:37 Removed Apple Software Update 20-07-2013 16:08:02 Removed Bonjour 20-07-2013 16:09:05 Removed iTunes 20-07-2013 16:12:02 Removed QuickTime 20-07-2013 16:22:08 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller 20-07-2013 16:22:42 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter 20-07-2013 16:23:22 Installed iTunes 21-07-2013 12:06:56 Geplanter Prüfpunkt 21-07-2013 19:49:57 Installed Free MKV to MP4 Converter 24-07-2013 09:46:12 Wiederherstellungsvorgang ==================== Hosts content: ========================== 2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {0FAB4149-C18F-4330-8DB0-14FA898BB2FD} - System32\Tasks\EPUpdater => C:\Users\andy\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-05-09] () Task: {1407D4DE-8E14-45FC-9B72-87E1ADB83CB7} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-24] (Microsoft Corporation) Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {1ADF0A84-9505-405C-AF6E-85C18D440FFF} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23] (SEIKO EPSON CORPORATION) Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {37819B81-B5B6-4DA8-8C61-22CFE4F665A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe No File Task: {4E7BD2E8-BBC9-4AB5-AEE2-DE6057348886} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.) Task: {5AD377E2-BAC0-4C22-B9A1-CD0808331AC6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-09-30] (Sun Microsystems, Inc.) Task: {6C5F1E5E-DA7F-4D02-908D-132AE0B63619} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation) Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {8B743BA1-1E7F-4EC2-95C4-9BBEE1892D96} - System32\Tasks\DSite => C:\Users\andy\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File Task: {922531D1-EC78-477B-8E1E-3D87ECAEDF43} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {A10CCCD9-C249-43D9-ADFE-40C3791823B8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {B937F521-5611-4ECF-AC58-C1FAFCDE78B0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {BCB5E6E2-48A5-42EE-92BD-668EBB00F6CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08] (Google Inc.) Task: {D0EDC67A-3F36-4AFB-B73E-6936137AFC1B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {DF71AB72-180F-4664-9D6C-2B78E1413FA1} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{1BEE157C-8355-4D7B-B940-5B5F742ACEEE}.exe No File Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {F40A7189-5D64-48E2-9696-4E5ED133B997} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{1BEE157C-8355-4D7B-B940-5B5F742ACEEE}.exe Task: C:\Windows\Tasks\DSite.job => ? Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Standardtastatur (PS/2) Description: Standardtastatur (PS/2) Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardtastaturen) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/24/2013 00:08:44 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error: (07/24/2013 00:08:44 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error: (07/24/2013 00:05:05 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/24/2013 11:46:12 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Zugriff verweigert Error: (07/24/2013 11:43:02 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error: (07/24/2013 11:43:02 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error: (07/24/2013 11:41:20 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/24/2013 11:22:34 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/24/2013 11:13:42 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error: (07/24/2013 11:13:42 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. System errors: ============= Error: (07/24/2013 00:44:43 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:44:35 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:34:43 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:34:35 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:24:43 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:24:35 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:14:43 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:14:35 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:06:52 PM) (Source: Service Control Manager) (User: ) Description: PnP-X-IP-BusauflistungFunktionssuchanbieter-Host%%1058 Error: (07/24/2013 00:05:08 PM) (Source: Service Control Manager) (User: ) Description: ntiomin Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-07-23 13:25:30.280 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:30.186 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:30.077 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.983 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.890 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.796 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.625 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.531 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.422 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.328 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 8190.32 MB Available physical RAM: 5745.76 MB Total Pagefile: 16577.63 MB Available Pagefile: 13766.39 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:458.46 GB) (Free:211.15 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:458.41 GB) (Free:410.1 GB) NTFS (Disk=0 Partition=3) Drive e: (My Disc) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 676C2876) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=458 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
24.07.2013, 11:56 | #4 |
| Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013 Ran by andy (administrator) on 24-07-2013 12:44:27 Running from C:\Users\andy\Desktop\Neuer Ordner Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Tanuki Software, Ltd.) C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe (Ralink Technology, Corp.) C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Microsoft Corporation) C:\Windows\system32\locator.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Oracle Corporation) C:\Windows\SysWOW64\java.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Realtek Semiconductor) C:\Windows\RAVCpl64.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (Akamai Technologies, Inc.) C:\Users\andy\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Edimax Technology Co.) C:\Program Files (x86)\EDIMAX\Common\RaUI.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Akamai Technologies, Inc.) C:\Users\andy\AppData\Local\Akamai\netsession_win.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - RAVCpl64.exe [x] HKLM\...\Run: [Skytel] - Skytel.exe [x] HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e208ff6f672c650c04e7a8e5c9943106\n. ATTENTION! ====> ZeroAccess? HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd) HKCU\...\Run: [HydraVisionMDEngine] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe [569344 2010-11-18] (AMD) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\andy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [Epson Stylus Photo PX710W(Netzwerk)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_SC574.tmp" /EF "HKCU" [x] HKCU\...\Run: [phonostar-PlayerTimer] - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2012-10-13] () HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-18] (AMD) HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106\n. ATTENTION! ====> ZeroAccess? MountPoints2: L - L:\LANLauncher.exe MountPoints2: {87924176-839d-11e0-8df8-00226838da8f} - F:\LaunchU3.exe -a HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-06-26] () HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG) HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation) HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer) HKU\Default\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation) HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer) HKU\Default User\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk ShortcutTarget: Wireless Utility.lnk -> C:\Program Files (x86)\EDIMAX\Common\RaUI.exe (Edimax Technology Co.) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_gin2g&mntrId=4406000E2EB7C6AB HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://isearch.avg.com/?cid=&mid=&lang=&ds=&pr=&d=&v=&sap=hp hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 hxxp://global.acer.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0411&m=aspire_m5711 URLSearchHook: (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss_gin2g&mntrId=4406000E2EB7C6AB SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss_gin2g&mntrId=4406000E2EB7C6AB SearchScopes: HKCU - {480895A8-4E1F-46BA-B874-676ECAEBF0AA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {6C8252B8-767D-4525-9222-039C5FFDE6D0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=dbd9583e-4199-4dcf-8b1a-9ca10cad4d52&apn_sauid=7F56338C-2D7E-4469-9A40-138FC4BA9D34 SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={4504E953-4B99-4BD8-83B3-9C3BE5D7DC4F}&mid=193e01731d4f47d0ad83d16b2edc337c-9a17b43a29ba30b5145348a65b47eabb4e5f0f45&lang=de&ds=tt014&pr=sa&d=2012-11-10 13:47:33&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms} SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyFw6p1KD&i=26 BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll () BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO-x32: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: MimalaAmazonToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM-x32 - Mimala Amazon Toolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () Toolbar: HKCU - No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default FF user.js: detected! => C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\user.js FF NewTab: hxxp://www.delta-search.com/?affID=121562&tt=gc_&babsrc=NT_ss&mntrId=4406000E2EB7C6AB FF Homepage: hxxp://www.goggle.de/ FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @phonostar.de/phonostar - C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( ) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\BrowserProtect.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\firefox-add-ons.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-1.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-10.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-11.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-12.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-13.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-14.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-15.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-16.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-17.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-18.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-19.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-2.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-20.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-21.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-22.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-23.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-24.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-25.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-3.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-4.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-5.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-6.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-7.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-8.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin-9.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\mixidj.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\searchplugins\sweetim.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src FF Extension: Toolbar für amazon.de - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\0001.amztoolbar@minimalarts.de FF Extension: Lyrics-Monkey - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\122 FF Extension: AVG Security Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\avg@toolbar FF Extension: Babylon - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@babylon.com FF Extension: Delta Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@delta.com FF Extension: incredibar.com - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ffxtlbr@incredibar.com FF Extension: Ashampoo DE Community Toolbar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{5786d022-540e-4699-b350-b4be0ae94b79} FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} FF Extension: ciuvo-extension - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\ciuvo-extension@icq.de.xpi FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\qd2dfnji.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\andy\AppData\Roaming\5025 FF Extension: Java String Helper - C:\Users\andy\AppData\Roaming\5025 Chrome: ======= CHR HomePage: "homepage": "", CHR RestoreOnStartup: "hxxp://search.babylon.com/?affID=121562&tt=gc_&babsrc=HP_ss_gin2g&mntrId=4406000E2EB7C6AB", "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=4406000E2EB7C6AB" CHR Plugin: ( "name": "Remoting Viewer",) - "path": "internal-remoting-viewer", CHR Plugin: ( "name": "Native Client",) - "path": "C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll", No File CHR Plugin: ( "name": "Chrome PDF Viewer",) - "path": "C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll", No File CHR Plugin: ( "name": "Shockwave Flash",) - "path": "C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll", No File CHR Plugin: ( "name": "Shockwave Flash",) - "path": "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll", No File CHR Plugin: ( "name": "Adobe Acrobat",) - "path": "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll", No File CHR Plugin: ( "name": "Java Deployment Toolkit 6.0.260.3",) - "path": "C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll", No File CHR Plugin: ( "name": "Java(TM) Platform SE 6 U26",) - "path": "C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll", No File CHR Plugin: ( "name": "Microsoft® Windows Media Player Firefox Plugin",) - "path": "C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll", No File CHR Plugin: ( "name": "DjVu Plugin Viewer",) - "path": "C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll", No File CHR Plugin: ( "name": "2007 Microsoft Office system",) - "path": "C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll", No File CHR Plugin: ( "name": "QuickTime Plug-in 7.6.9",) - "path": "C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll", No File CHR Plugin: ( "name": "fluxDVD Browser Plugin",) - "path": "C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll", No File CHR Plugin: ( "name": "Google Update",) - "path": "C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll", No File CHR Plugin: ( "name": "Windows Live® Photo Gallery",) - "path": "C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll", No File CHR Plugin: ( "name": "iTunes Application Detector",) - "path": "C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll", No File CHR Plugin: ( "name": "Protect Disc License Acquisition Plugin",) - "path": "C:\Users\andy\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll", No File CHR Plugin: ( "name": "Windows Presentation Foundation",) - "path": "c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll", No File CHR Plugin: ( "name": "Default Plug-in",) - "path": "default_plugin", No File CHR Extension: (TV) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0 CHR Extension: (YouTube) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Digital Clock) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0 CHR Extension: (avast! WebRep) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0 CHR Extension: (SweetIM for Facebook) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0 CHR Extension: () - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19 CHR Extension: (Lyrics-Monkey) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.122 CHR Extension: (MixiDj Chrome Toolbar) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0 CHR Extension: (Sprocket Rocket) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdichmkdadfihhbgllepglgbkonlehe\1.0_0 CHR Extension: (AVG Secure Search) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0 CHR Extension: (Gmail) - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.3.0.11\avg.crx ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG) R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) S3 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-01-24] (Dassault Systèmes) R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated) R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-10-01] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3889424 2011-08-01] (INCA Internet Co., Ltd.) R2 PS3 Media Server; C:\Users\andy\Desktop\PS3 Media Server\win32\service\wrapper.exe [366872 2011-05-17] (Tanuki Software, Ltd.) R2 RalinkRegistryWriter; C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe [69632 2008-05-12] (Ralink Technology, Corp.) R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-26] (AVG Secure Search) S4 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-08-23] () S2 IBUpdaterService; %SystemRoot%\system32\dmwu.exe [x] S2 WebOptimizer; %SystemRoot%\system32\dmwu.exe [x] ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-05] (DT Soft Ltd) R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.) R2 int15; C:\Windows\SysWOW64\drivers\int15_64.sys [17952 2008-09-30] (Acer, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28192 2008-07-22] (NVIDIA Corporation) R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation) R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated) R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated) R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated) R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [55640 2006-09-18] (Realtek Semiconductor Corporation ) S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2012-01-04] (Windows (R) Win 7 DDK provider) R2 VBoxDrv; C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys [203864 2010-07-15] (Oracle Corporation) S3 dump_wmimmc; \??\C:\AeriaGames\WolfTeam-DE\GameGuard\dump_wmimmc.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S1 ntiomin; No ImagePath S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 USBAAPL64; System32\Drivers\usbaapl64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-24 12:41 - 2013-07-24 12:41 - 00000955 _____ C:\Users\andy\Desktop\Continue Zip Opener Installation.lnk 2013-07-24 11:01 - 2013-07-24 11:01 - 00000000 ____D C:\FRST 2013-07-23 11:24 - 2013-07-23 11:25 - 00000000 ____D C:\Users\andy\AppData\Local\Dirty 2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\YVwAvuyo 2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\QOzRNmaj 2013-07-21 21:51 - 2013-07-21 21:51 - 00000000 ____D C:\Users\andy\AppData\Roaming\FSC 2013-07-21 21:48 - 2013-07-23 12:09 - 00000000 ____D C:\Program Files (x86)\Iminent 2013-07-21 13:00 - 2013-07-21 15:44 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner (2) 2013-07-20 18:24 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files\iPod(37) 2013-07-20 18:24 - 2013-07-20 18:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-07-20 18:23 - 2013-07-20 18:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update(0) 2013-07-20 18:21 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files\Bonjour(36) 2013-07-20 18:21 - 2013-07-24 12:03 - 00000000 ____D C:\Program Files (x86)\Bonjour(17) 2013-07-20 13:35 - 2013-07-20 13:35 - 00000000 ____D C:\Users\andy\AppData\Roaming\WindSolutions 2013-07-20 13:34 - 2013-07-20 18:03 - 00000000 ____D C:\ProgramData\WindSolutions 2013-07-20 13:33 - 2013-07-20 13:33 - 08249273 ____R C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip 2013-07-20 13:20 - 2013-07-20 13:20 - 00000952 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-20 12:27 - 2013-07-20 12:27 - 00001700 _____ C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk 2013-07-20 12:26 - 2013-07-24 12:44 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner 2013-07-20 12:07 - 2013-07-20 19:10 - 00000000 ____D C:\Users\andy\Desktop\Spartacus 2013-07-20 12:03 - 2013-07-23 12:11 - 00000000 ____D C:\Users\andy\Desktop\Filme 2013-07-20 12:03 - 2013-07-20 12:41 - 00000000 ____D C:\Users\andy\Desktop\Musik 2013-07-20 12:03 - 2013-07-20 12:40 - 00000000 ____D C:\Users\andy\Desktop\Programme 2013-07-20 12:03 - 2013-07-20 12:10 - 00000000 ____D C:\Users\andy\Desktop\Spiele 2013-07-16 19:54 - 2013-07-16 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-10 21:33 - 2013-07-10 21:33 - 00262144 _____ C:\Windows\Minidump\Mini071013-01.dmp 2013-06-26 21:40 - 2013-06-26 21:40 - 00003718 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2013-06-25 20:21 - 2013-06-25 20:21 - 00000000 ____D C:\Users\andy\AppData\Local\{BA8BAA2F-142E-4166-85C0-6D80F8DA2338} ==================== One Month Modified Files and Folders ======= 2013-07-24 12:44 - 2013-07-20 12:26 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner 2013-07-24 12:41 - 2013-07-24 12:41 - 00000955 _____ C:\Users\andy\Desktop\Continue Zip Opener Installation.lnk 2013-07-24 12:21 - 2012-07-01 20:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-24 12:11 - 2008-01-21 13:10 - 01452956 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-24 12:11 - 2008-01-21 13:09 - 00631120 _____ C:\Windows\system32\perfh007.dat 2013-07-24 12:11 - 2008-01-21 13:09 - 00127462 _____ C:\Windows\system32\perfc007.dat 2013-07-24 12:06 - 2012-07-02 16:34 - 00101414 _____ C:\Users\andy\Sti_Trace.log 2013-07-24 12:03 - 2013-07-20 18:24 - 00000000 ____D C:\Program Files\iPod(37) 2013-07-24 12:03 - 2013-07-20 18:21 - 00000000 ____D C:\Program Files\Bonjour(36) 2013-07-24 12:03 - 2013-07-20 18:21 - 00000000 ____D C:\Program Files (x86)\Bonjour(17) 2013-07-24 12:03 - 2013-06-03 18:47 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-07-24 12:03 - 2012-02-19 19:13 - 00000000 ____D C:\Users\andy\Desktop\PS3 Media Server 2013-07-24 12:03 - 2012-01-08 18:30 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-24 12:03 - 2011-04-04 23:17 - 00000000 ____D C:\Users\andy 2013-07-24 12:03 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-24 12:03 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-24 12:03 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-24 12:03 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\Msdtc 2013-07-24 12:02 - 2006-11-02 14:33 - 90439680 _____ C:\Windows\system32\config\software_previous 2013-07-24 12:02 - 2006-11-02 14:33 - 45088768 _____ C:\Windows\system32\config\components_previous 2013-07-24 12:02 - 2006-11-02 14:33 - 31457280 _____ C:\Windows\system32\config\system_previous 2013-07-24 12:02 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\default_previous 2013-07-24 12:02 - 2006-11-02 14:33 - 00057344 _____ C:\Windows\system32\config\sam_previous 2013-07-24 12:02 - 2006-11-02 14:33 - 00020480 _____ C:\Windows\system32\config\security_previous 2013-07-24 11:54 - 2013-05-28 18:56 - 00000000 ____D C:\Users\andy\AppData\Roaming\Delta 2013-07-24 11:54 - 2013-03-11 20:47 - 00000000 ____D C:\Users\andy\AppData\Roaming\Kalenderchen 2013-07-24 11:54 - 2013-02-19 20:45 - 00000000 ____D C:\Users\andy\AppData\Local\iLivid 2013-07-24 11:54 - 2013-02-01 18:06 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-07-24 11:54 - 2013-02-01 18:03 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-07-24 11:54 - 2013-01-23 19:27 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSTATIK 2013-07-24 11:54 - 2012-12-30 18:49 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II 2013-07-24 11:54 - 2012-12-30 18:20 - 00000000 ____D C:\Users\andy\Documents\StarCraft II 2013-07-24 11:54 - 2012-07-21 13:08 - 00000000 ____D C:\Users\andy\AppData\Local\MicrosoftStore 2013-07-24 11:54 - 2012-07-01 20:44 - 00000000 ____D C:\Users\andy\AppData\Roaming\mp3DirectCut 2013-07-24 11:54 - 2012-05-14 22:03 - 00000000 ____D C:\Users\andy\AppData\Roaming\ICQ Search 2013-07-24 11:54 - 2012-02-17 19:08 - 00000000 ____D C:\Users\andy\AppData\Roaming\DVDVideoSoft 2013-07-24 11:54 - 2012-01-30 00:15 - 00000000 ____D C:\Users\andy\AppData\Local\Akamai 2013-07-24 11:54 - 2012-01-08 18:31 - 00000000 ____D C:\Users\andy\AppData\Roaming\PhotoScape 2013-07-24 11:54 - 2011-11-10 23:02 - 00000000 ____D C:\Users\andy\AppData\Local\PokerStars.EU 2013-07-24 11:54 - 2011-10-30 18:53 - 00000000 ____D C:\Users\andy\AppData\Roaming\gtk-2.0 2013-07-24 11:54 - 2011-10-30 18:39 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouWave_Android 2013-07-24 11:54 - 2011-09-08 22:20 - 00000000 ____D C:\Users\andy\AppData\Roaming\5025 2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files\iTunes 2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files\iPod 2013-07-24 11:54 - 2011-06-14 17:49 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-07-24 11:54 - 2011-06-14 17:48 - 00000000 ____D C:\ProgramData\Apple Computer 2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\ProgramData\Apple 2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\Program Files\Bonjour 2013-07-24 11:54 - 2011-06-14 17:47 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-07-24 11:54 - 2011-06-14 15:03 - 00000000 ____D C:\AutoCAD Plant 3D 2011 Content 2013-07-24 11:54 - 2011-06-13 10:46 - 00000000 ____D C:\AiO-Files 2013-07-24 11:54 - 2011-05-26 22:38 - 00000000 ____D C:\Users\andy\AppData\Local\Microsoft Help 2013-07-24 11:54 - 2011-05-23 17:31 - 00000000 ____D C:\Users\andy\AppData\Local\PokerStars.NET 2013-07-24 11:54 - 2011-04-23 23:26 - 00000000 ____D C:\Users\andy\AppData\Roaming\ProtectDISC 2013-07-24 11:54 - 2011-04-21 07:24 - 00000000 ____D C:\Users\andy\AppData\Roaming\dvdcss 2013-07-24 11:54 - 2011-04-20 20:38 - 00000000 ____D C:\Users\andy\AppData\Roaming\vlc 2013-07-24 11:54 - 2011-04-08 15:22 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-07-24 11:54 - 2011-04-05 20:59 - 00000000 ____D C:\Users\andy\AppData\Roaming\Gutscheinmieze 2013-07-24 11:54 - 2011-04-05 19:25 - 00000000 ____D C:\Users\andy\Documents\UseNeXT 2013-07-24 11:54 - 2011-04-04 23:21 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-07-24 11:54 - 2011-04-04 23:17 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-07-24 11:54 - 2011-04-04 23:17 - 00000000 ___RD C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-07-24 11:54 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\spool 2013-07-24 11:53 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\registration 2013-07-24 11:41 - 2011-04-04 23:08 - 01509939 _____ C:\Windows\WindowsUpdate.log 2013-07-24 11:22 - 2011-09-28 13:02 - 00001356 _____ C:\Users\andy\AppData\Local\d3d9caps.dat 2013-07-24 11:10 - 2008-01-21 05:26 - 07011402 _____ C:\Windows\PFRO.log 2013-07-24 11:01 - 2013-07-24 11:01 - 00000000 ____D C:\FRST 2013-07-23 12:11 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Filme 2013-07-23 12:09 - 2013-07-21 21:48 - 00000000 ____D C:\Program Files (x86)\Iminent 2013-07-23 11:57 - 2013-02-16 14:03 - 00000000 ____D C:\Users\andy\AppData\Roaming\UseNeXT 2013-07-23 11:37 - 2009-01-23 12:39 - 00000000 ____D C:\Program Files (x86)\Acer Arcade Live 2013-07-23 11:25 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\Dirty 2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\YVwAvuyo 2013-07-23 11:24 - 2013-07-23 11:24 - 00000000 ____D C:\Users\andy\AppData\Local\QOzRNmaj 2013-07-23 11:24 - 2012-07-30 08:49 - 00000000 ____D C:\Users\andy\AppData\Local\{34E010AB-4EBA-4C22-80AA-8510855D73D4} 2013-07-21 21:51 - 2013-07-21 21:51 - 00000000 ____D C:\Users\andy\AppData\Roaming\FSC 2013-07-21 21:49 - 2006-11-02 15:34 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2013-07-21 21:49 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2013-07-21 15:44 - 2013-07-21 13:00 - 00000000 ____D C:\Users\andy\Desktop\Neuer Ordner (2) 2013-07-20 19:10 - 2013-07-20 12:07 - 00000000 ____D C:\Users\andy\Desktop\Spartacus 2013-07-20 19:10 - 2011-08-18 21:22 - 00025473 _____ C:\Windows\setupact.log 2013-07-20 18:24 - 2013-07-20 18:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-07-20 18:23 - 2013-07-20 18:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update(0) 2013-07-20 18:03 - 2013-07-20 13:34 - 00000000 ____D C:\ProgramData\WindSolutions 2013-07-20 14:03 - 2012-01-08 18:30 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-20 13:35 - 2013-07-20 13:35 - 00000000 ____D C:\Users\andy\AppData\Roaming\WindSolutions 2013-07-20 13:33 - 2013-07-20 13:33 - 08249273 ____R C:\Users\andy\Desktop\CopyTransManagerDEv0.992.zip 2013-07-20 13:21 - 2012-10-18 16:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-20 13:20 - 2013-07-20 13:20 - 00000952 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-20 13:07 - 2012-07-19 15:16 - 00000000 ____D C:\Users\andy\Desktop\Fotos 2013-07-20 12:44 - 2012-02-22 16:34 - 00000186 _____ C:\Users\andy\AppData\Roaming\wklnhst.dat 2013-07-20 12:41 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Musik 2013-07-20 12:40 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Programme 2013-07-20 12:27 - 2013-07-20 12:27 - 00001700 _____ C:\Users\andy\Desktop\UseNeXT by Tangysoft.lnk 2013-07-20 12:27 - 2013-02-16 14:03 - 00000000 ____D C:\Program Files (x86)\UseNeXT 2013-07-20 12:17 - 2006-11-02 17:42 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-20 12:10 - 2013-07-20 12:03 - 00000000 ____D C:\Users\andy\Desktop\Spiele 2013-07-17 12:55 - 2012-04-26 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-16 21:55 - 2013-07-16 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-16 21:53 - 2012-11-17 23:59 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU 2013-07-16 16:02 - 2012-08-06 16:02 - 00000250 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job 2013-07-16 15:58 - 2012-01-08 18:30 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-16 15:58 - 2012-01-08 18:30 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-10 21:33 - 2013-07-10 21:33 - 00262144 _____ C:\Windows\Minidump\Mini071013-01.dmp 2013-07-10 21:33 - 2013-02-20 19:47 - 00000000 ____D C:\Windows\Minidump 2013-07-10 21:32 - 2013-02-20 19:47 - 652037851 _____ C:\Windows\MEMORY.DMP 2013-06-26 21:40 - 2013-06-26 21:40 - 00003718 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2013-06-26 21:40 - 2012-11-20 19:39 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys 2013-06-26 21:40 - 2012-11-19 18:14 - 00000000 ____D C:\ProgramData\AVG Secure Search 2013-06-26 21:40 - 2012-11-10 14:47 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2013-06-25 20:26 - 2013-06-18 21:15 - 00000000 ____D C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013-06-25 20:21 - 2013-06-25 20:21 - 00000000 ____D C:\Users\andy\AppData\Local\{BA8BAA2F-142E-4166-85C0-6D80F8DA2338} ZeroAccess: C:\Windows\assembly\tmp C:\Windows\assembly\tmp\U C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3218207204-1069015776-1838312663-1000\$e208ff6f672c650c04e7a8e5c9943106 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$e208ff6f672c650c04e7a8e5c9943106 ZeroAccess: C:\Users\andy\AppData\Local\649deb8e C:\Users\andy\AppData\Local\649deb8e\@ C:\Users\andy\AppData\Local\649deb8e\U ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-24 12:25 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2013 Ran by andy at 2013-07-24 12:44:59 Running from C:\Users\andy\Desktop\Neuer Ordner Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Acer eDataSecurity Management (x32 Version: 3.0.3065) Acer Empowering Technology (x32 Version: 3.0.3011) Acer Product Registration (x32 Version: 3.0.0.10) Acer ScreenSaver (x32 Version: 4.01.0718) Activision(R) (x32 Version: 1.00.0000) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Akamai NetSession Interface (HKCU) AMD APP SDK Runtime (Version: 10.0.1084.4) AMD Catalyst Install Manager (Version: 8.0.903.0) Apple Application Support (x32 Version: 2.3) Apple Software Update (x32 Version: 2.1.3.127) Ashampoo 3D CAD Professional 3 (x32 Version: 3.0.2) ATI AVIVO64 Codecs (Version: 11.6.0.51118) ATI Catalyst Registration (x32 Version: 3.00.0000) ATI Problem Report Wizard (Version: 3.0.800.0) AutoCAD Plant 3D 2011 Language Pack - Deutsch (Version: 2.0.37.00) AVG Security Toolbar (x32 Version: 15.3.0.11) Avira Free Antivirus (x32 Version: 13.0.0.3737) Bing Bar (x32 Version: 6.3.2348.0) Bing Bar Platform (x32 Version: 6.3.2348.0) Bonjour (Version: 2.0.5.0) C:\Program Files (x86)\Acer GameZone\GameConsole (x32 Version: 2.0.1.4) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2012.1219.1521.27485) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0214.2218.39913) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485) Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485) Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485) CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485) CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485) CCC Help Czech (x32 Version: 2012.0214.2217.39913) CCC Help Czech (x32 Version: 2012.1219.1520.27485) CCC Help Danish (x32 Version: 2012.0214.2217.39913) CCC Help Danish (x32 Version: 2012.1219.1520.27485) CCC Help Dutch (x32 Version: 2012.1219.1520.27485) CCC Help English (x32 Version: 2012.0214.2217.39913) CCC Help English (x32 Version: 2012.1219.1520.27485) CCC Help Finnish (x32 Version: 2012.0214.2217.39913) CCC Help Finnish (x32 Version: 2012.1219.1520.27485) CCC Help French (x32 Version: 2012.0214.2217.39913) CCC Help French (x32 Version: 2012.1219.1520.27485) CCC Help German (x32 Version: 2012.0214.2217.39913) CCC Help German (x32 Version: 2012.1219.1520.27485) CCC Help Greek (x32 Version: 2012.0214.2217.39913) CCC Help Greek (x32 Version: 2012.1219.1520.27485) CCC Help Hungarian (x32 Version: 2012.0214.2217.39913) CCC Help Hungarian (x32 Version: 2012.1219.1520.27485) CCC Help Italian (x32 Version: 2012.0214.2217.39913) CCC Help Italian (x32 Version: 2012.1219.1520.27485) CCC Help Japanese (x32 Version: 2012.0214.2217.39913) CCC Help Japanese (x32 Version: 2012.1219.1520.27485) CCC Help Korean (x32 Version: 2012.0214.2217.39913) CCC Help Korean (x32 Version: 2012.1219.1520.27485) CCC Help Norwegian (x32 Version: 2012.1219.1520.27485) CCC Help Polish (x32 Version: 2012.1219.1520.27485) CCC Help Portuguese (x32 Version: 2012.1219.1520.27485) CCC Help Russian (x32 Version: 2012.1219.1520.27485) CCC Help Spanish (x32 Version: 2012.0214.2217.39913) CCC Help Spanish (x32 Version: 2012.1219.1520.27485) CCC Help Swedish (x32 Version: 2012.1219.1520.27485) CCC Help Thai (x32 Version: 2012.1219.1520.27485) CCC Help Turkish (x32 Version: 2012.1219.1520.27485) ccc-utility64 (Version: 2012.0214.2218.39913) ccc-utility64 (Version: 2012.1219.1521.27485) Cisco EAP-FAST Module (x32 Version: 2.2.14) Cisco LEAP Module (x32 Version: 1.0.19) Cisco PEAP Module (x32 Version: 1.1.6) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.40.2.0131) DAEMON Tools Toolbar (x32 Version: 1.1.4.0024) DATA BECKER BewerbungsGenie 7 (x32 Version: 6.0.10.49) Delta toolbar (x32 Version: 1.8.21.5) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904) Dishonored German (c) Bethesda version 1 (x32 Version: 1) Document Express DjVu Plug-in (x32 Version: 6.1.27549) Dolby Control Center (Version: 1.1.0601) dolp_demo (x32 Version: 1.0.0.0) DraftSight (x32 Version: 8.4.274) Dual-Core Optimizer (x32 Version: 1.1.4.0169) EDIMAX Edimax Wireless LAN (x32 Version: 1.0.3.0) Epson Easy Photo Print 2 (x32 Version: 2.3.2.0) Epson Event Manager (x32 Version: 2.30.00) Epson Print CD (x32 Version: 2.00.00) Epson Printer Software Downloader (x32 Version: 2.0.0) Epson Printer Software Downloader (x32) EPSON Scan (x32) Epson Stylus Photo PX710W_PX810FW_TX710W_TX810FW Handbuch (x32) EpsonNet Print (x32 Version: 2.4i) EpsonNet Setup (x32 Version: 3.1a) eSobi v2 (x32 Version: 2.0.3.000201) FINAL FANTASY VII (x32 Version: 1.0) FluidSIM 4.2n Pneumatik Demoversion (x32) FoxTab Media Player (HKCU) Free MP4 Video Converter version 5.0.24.430 (x32 Version: 5.0.24.430) Free-Jahreskalender 2013 (x32 Version: 9.00.2013) Geeks3D.com FurMark 1.9.0 (x32) Goldfieber III - Der Schatz des Schwarzen Ordens SA - Deutsch 1.0 (x32 Version: 1.0) Google Chrome (x32 Version: 28.0.1500.72) Google Earth Plug-in (x32 Version: 7.0.3.8542) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Update Helper (x32 Version: 1.3.21.153) HydraVision (x32 Version: 4.2.184.0) IB Updater Service (Version: 3.0.5.4) Ice Age 3 Die Dinosaurier sind los(TM) (x32 Version: 1.00.0000) iLivid (x32 Version: 4.0.0.2466) Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004) iTunes (Version: 10.3.1.55) Java Auto Updater (x32 Version: 2.1.5.3) Java(TM) 6 Update 26 (x32 Version: 6.0.260) Java(TM) 7 Update 2 (x32 Version: 7.0.20) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kalenderchen 5 (x32) LEGO® Star Wars™: Die Komplette Saga (x32 Version: 1.00.0000) LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000) MAGIX Screenshare (x32 Version: 4.3.6.1987) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Messenger Companion (x32 Version: 15.4.3502.0922) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.0.0) Microsoft Default Manager (x32 Version: 2.2.114.0) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access database engine 2007 (English) (x32 Version: 12.0.6612.1000) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0) Microsoft Silverlight (x32 Version: 4.1.10329.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Works (x32 Version: 08.05.0822) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) minimal arts - Toolbar für amazon.de (x32 Version: 1.0.0) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) NTI Backup Now 5 (x32 Version: 5.1.2.616) NTI Backup Now Standard (x32 Version: 5.1.2.616) NTI Media Maker 8 (x32 Version: 8.0.2.6509) NVIDIA Drivers NVIDIA PhysX (x32 Version: 9.09.1112) ON PX710W Series Printer Uninstall PassportPhoto (remove) (HKCU) phonostar-Player Version 3.02.7 (x32) PokerStars.eu (x32) ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14) PS3 Media Server (x32 Version: 1.52.1) QuickTime (x32 Version: 7.73.80.64) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5704) REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0175) Rockstar Games Social Club (x32 Version: 1.0.9.5) Screenshot Captor 2.88.01 (x32) Segoe UI (x32 Version: 15.4.2271.0615) StarCraft II (x32 Version: 2.0.8.25604) Streamripper (Remove only) (x32) Sweet Home 3D version 4.0 (x32) SweetIM for Messenger 3.7 (x32 Version: 3.7.0007) SweetPacks bundle uninstaller (x32 Version: 1.0.0000) The Lord of the Rings FREE Trial (x32 Version: 1.00.0000) The War Z version 1.0 (x32 Version: 1.0) Trojan Killer (x32 Version: 2.1.5.4) Uniblue RegistryBooster 2010 (x32) Unity Web Player (HKCU Version: ) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (x32) Update für Microsoft Office Excel 2007 Help (KB963678) (x32) Update für Microsoft Office Outlook 2007 Help (KB963677) (x32) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update für Microsoft Office Word 2007 Help (KB963665) (x32) Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008) UseNeXT by Tangysoft (x32) Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 0.9.9 (x32 Version: 0.9.9) Web Assistant 2.0.0.478 (Version: 2.0.0.478) WhiteCap (x32 Version: 5.7.1) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live Sync (x32 Version: 14.0.8050.1202) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) WinFunktion Mathematik plus 19 (x32 Version: 1.00.0000) WinRAR 4.00 (64-Bit) (Version: 4.00.0) WinX Free MP4 to WMV Converter 4.1.3 (x32) World of Tanks v.0.7.1 (x32) XP Codec Pack (x32) ==================== Restore Points ========================= 21-06-2013 12:10:17 Geplanter Prüfpunkt 20-07-2013 12:34:51 Geplanter Prüfpunkt 20-07-2013 16:06:49 Removed Apple Application Support 20-07-2013 16:07:37 Removed Apple Software Update 20-07-2013 16:08:02 Removed Bonjour 20-07-2013 16:09:05 Removed iTunes 20-07-2013 16:12:02 Removed QuickTime 20-07-2013 16:22:08 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller 20-07-2013 16:22:42 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter 20-07-2013 16:23:22 Installed iTunes 21-07-2013 12:06:56 Geplanter Prüfpunkt 21-07-2013 19:49:57 Installed Free MKV to MP4 Converter 24-07-2013 09:46:12 Wiederherstellungsvorgang ==================== Hosts content: ========================== 2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {0FAB4149-C18F-4330-8DB0-14FA898BB2FD} - System32\Tasks\EPUpdater => C:\Users\andy\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-05-09] () Task: {1407D4DE-8E14-45FC-9B72-87E1ADB83CB7} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-24] (Microsoft Corporation) Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {1ADF0A84-9505-405C-AF6E-85C18D440FFF} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23] (SEIKO EPSON CORPORATION) Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {37819B81-B5B6-4DA8-8C61-22CFE4F665A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe No File Task: {4E7BD2E8-BBC9-4AB5-AEE2-DE6057348886} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.) Task: {5AD377E2-BAC0-4C22-B9A1-CD0808331AC6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-09-30] (Sun Microsystems, Inc.) Task: {6C5F1E5E-DA7F-4D02-908D-132AE0B63619} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation) Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {8B743BA1-1E7F-4EC2-95C4-9BBEE1892D96} - System32\Tasks\DSite => C:\Users\andy\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File Task: {922531D1-EC78-477B-8E1E-3D87ECAEDF43} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {A10CCCD9-C249-43D9-ADFE-40C3791823B8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {B937F521-5611-4ECF-AC58-C1FAFCDE78B0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {BCB5E6E2-48A5-42EE-92BD-668EBB00F6CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08] (Google Inc.) Task: {D0EDC67A-3F36-4AFB-B73E-6936137AFC1B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {DF71AB72-180F-4664-9D6C-2B78E1413FA1} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{1BEE157C-8355-4D7B-B940-5B5F742ACEEE}.exe No File Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {F40A7189-5D64-48E2-9696-4E5ED133B997} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-08] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{1BEE157C-8355-4D7B-B940-5B5F742ACEEE}.exe Task: C:\Windows\Tasks\DSite.job => ? Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Standardtastatur (PS/2) Description: Standardtastatur (PS/2) Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardtastaturen) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/24/2013 00:08:44 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error: (07/24/2013 00:08:44 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error: (07/24/2013 00:05:05 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/24/2013 11:46:12 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Zugriff verweigert Error: (07/24/2013 11:43:02 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error: (07/24/2013 11:43:02 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error: (07/24/2013 11:41:20 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/24/2013 11:22:34 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/24/2013 11:13:42 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error: (07/24/2013 11:13:42 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. System errors: ============= Error: (07/24/2013 00:44:43 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:44:35 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:34:43 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:34:35 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:24:43 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:24:35 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:14:43 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:14:35 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/24/2013 00:06:52 PM) (Source: Service Control Manager) (User: ) Description: PnP-X-IP-BusauflistungFunktionssuchanbieter-Host%%1058 Error: (07/24/2013 00:05:08 PM) (Source: Service Control Manager) (User: ) Description: ntiomin Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-07-23 13:25:30.280 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:30.186 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:30.077 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.983 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.890 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.796 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.625 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.531 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.422 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-23 13:25:29.328 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 8190.32 MB Available physical RAM: 5745.76 MB Total Pagefile: 16577.63 MB Available Pagefile: 13766.39 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:458.46 GB) (Free:211.15 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:458.41 GB) (Free:410.1 GB) NTFS (Disk=0 Partition=3) Drive e: (My Disc) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 676C2876) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=458 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=458 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Was muss ich jetzt tun? |
24.07.2013, 12:02 | #5 |
/// the machine /// TB-Ausbilder | Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! Dein Rechner ist gant schön verseucht. Wir können den bereinigen. Aber alle Fotos und andere Sachen, die veschlüsselt sind, sind futsch. Keine Chance die zu entschlüsseln.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.07.2013, 12:28 | #6 |
| Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! Und jetzt.... ich brauche die Fotos! Kann man gar nix mehr machen? |
24.07.2013, 14:39 | #7 |
/// the machine /// TB-Ausbilder | Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! Nein. Die Entschlüsselungscodes hierfür liegen auf Online-Servern der Malware-Schreiber. Diese sind aber offline, also keine Chance da ran zu kommen. Du kannst die irgendwo speichern. Vielleicht hast Du Glück, irgendwann kommt ne neue Infektionswelle und man erwischt nen Dropper der auf nen noch gültigen Server linkt, dann kann man evtl an den Code rankommen. Das Einzige was wir hier machen können ist den Rechner bereinigen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Virus Dirty Decrypt Verschlüsselung Trojaner, alle Foto kann ich nicht aufmachen, bitte bitte Hilfe!!! |
akamai, antivir, avg security toolbar, avira, becker, bho, bonjour, cid, converter, desktop, error, firefox, flash player, home, install.exe, logfile, mozilla, mp3, object, plug-in, preferences, problem, realtek, scan, secure search, senden, software, trojaner, usb, virus, vista, visual studio, vtoolbarupdater |