| |
| |||||||
Log-Analyse und Auswertung: IE öffnet Werbung ständiges hängen des pcsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.01.2011, 00:06
| #1 |
| |  IE öffnet Werbung ständiges hängen des pcs ja problem steht ja schon oben mein internetexplorer öffnet immer von alleine werbungs-seiten obwohl ich mit mozilla surfe und mein pc hängt seit dem des öfteren (äußert sich so das die maus sich ruckartig bewegt und man deshalb nix mehr machen kann), gestern hab ich dann mal wieder need for speed fespielt und dann hat sich das immer wieder minimiert obwohl nix war (normal machts das nur wenn i-win java update war oder so was hald) hab antivir schon scannen lassen, ccleaner gemacht, defragmentiert aber bringt alles nix hier mal von hijack HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:47:07, on 20.01.2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Windows\PLFSetI.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\BitTorrent\BitTorrent.exe C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Video Web Camera\traybar.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Georg\Downloads\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15446&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - mscoree.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" O4 - HKCU\..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.1\ICQ.exe" silent loginmode=4 O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13264 bytes Malware: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5557 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 21.01.2011 00:05:49 mbam-log-2011-01-21 (00-05-49).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 160323 Laufzeit: 10 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. |
|
21.01.2011, 01:06
| #2 |
| /// Malwareteam   |  IE öffnet Werbung ständiges hängen des pcs Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
|
|
21.01.2011, 12:06
| #3 |
| | IE öffnet Werbung ständiges hängen des pcs OTL.txt:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 21.01.2011 11:56:32 - Run 1 OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Georg\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,27 Gb Total Space | 130,50 Gb Free Space | 45,59% Space Free | Partition Type: NTFS Drive D: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.21 11:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe PRC - [2011.01.20 12:16:00 | 000,862,448 | ---- | M] (Intenium) -- C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe PRC - [2010.12.08 16:43:32 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.07 12:17:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.07 12:17:39 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.08.14 19:32:09 | 002,550,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe PRC - [2010.06.29 05:00:16 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.06.03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.04.15 09:16:48 | 000,288,064 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2010.03.03 08:46:04 | 002,631,640 | ---- | M] () -- C:\Program Files (x86)\Metin2\metin2.bin PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2009.12.03 14:32:54 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe PRC - [2009.11.21 00:34:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.11.02 00:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.10.30 02:06:55 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe PRC - [2009.08.25 18:38:06 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.08.20 17:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2009.08.20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2009.07.24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2009.04.15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe PRC - [2007.08.01 14:07:06 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe PRC - [2007.02.14 11:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe ========== Modules (SafeList) ========== MOD - [2011.01.21 11:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.30 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.01.13 15:32:58 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.08 16:43:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.07 12:17:39 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.12.23 17:39:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.09.30 14:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.08.29 01:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.25 18:38:06 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.07.24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.22 14:09:57 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.07.01 20:04:51 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.06.10 00:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2009.09.21 20:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.02 18:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.08.11 21:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009.07.30 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.24 11:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 12:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.05.05 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.04.28 18:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.04.28 18:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.04.03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.02.03 16:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV:64bit: - [2008.05.27 10:41:40 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) DRV:64bit: - [2008.05.27 10:41:40 | 000,137,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:64bit: - [2008.05.27 10:41:38 | 000,159,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:64bit: - [2008.05.27 10:41:38 | 000,138,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008.05.27 10:41:38 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) DRV:64bit: - [2008.05.27 10:41:38 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:64bit: - [2008.05.27 10:41:32 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV:64bit: - [2006.07.10 17:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2009.09.02 18:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15446&l=dis IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {da684c80-6ad7-4a95-80ec-959e8ab082fd}:1.9 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15443&locale=de_DE&apn_uid=1BD7261F-7899-4EFD-9FFD-169874EBF810&apn_ptnrs=GX&apn_sauid=D45257C8-0BD8-454C-8705-B7A0E77AD4AC&apn_dtid=YYYYYYB8DE&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.04 09:32:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.04 09:32:50 | 000,000,000 | ---D | M] [2010.03.01 20:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Extensions [2011.01.20 12:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions [2010.04.19 11:31:51 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.06.07 16:14:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.10.29 18:07:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.28 14:44:33 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.08.22 11:36:51 | 000,000,000 | ---D | M] ("Auto Replay for YouTube") -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{da684c80-6ad7-4a95-80ec-959e8ab082fd} [2010.03.13 20:19:14 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\sparweltgutscheinewl@sparwelt.de [2010.10.17 03:46:58 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\toolbar@ask.com [2011.01.20 14:35:56 | 000,002,395 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\askcom.xml [2010.01.21 16:17:44 | 000,000,917 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\conduit.xml [2011.01.16 13:42:49 | 000,000,947 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\icqplugin.xml [2010.06.07 16:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.07 16:13:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.07 16:13:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.11.14 21:08:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.14 21:08:53 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.11.14 21:08:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.14 21:08:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.14 21:08:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony) O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (Intenium) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.01.09 01:03:54 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ] O32 - AutoRun File - [2007.06.28 18:48:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ] O32 - AutoRun File - [2005.11.01 05:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2005.11.01 05:43:36 | 000,000,160 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2005.10.14 10:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ] O33 - MountPoints2\{5730db06-efdd-11de-9e1a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5730db06-efdd-11de-9e1a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2005.11.01 05:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.21 11:54:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe [2011.01.21 11:38:36 | 000,000,000 | R--D | C] -- C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2011.01.20 00:27:44 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\Malwarebytes [2011.01.20 00:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.20 00:27:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.01.20 00:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.20 00:27:04 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.01.20 00:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.01.19 23:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2011.01.19 23:58:35 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2011.01.19 23:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.01.19 23:53:46 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.01.14 22:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Algebrator [2011.01.14 22:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Algebrator [2011.01.14 22:31:17 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\algebrator4.1 [2011.01.14 18:32:04 | 000,000,000 | ---D | C] -- C:\Programme\Metin2_beta [2011.01.09 14:01:35 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\NFS Carbon [2011.01.09 13:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011.01.09 13:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2011.01.09 01:23:04 | 000,000,000 | ---D | C] -- C:\CARBON [2011.01.09 01:04:46 | 000,000,000 | ---D | C] -- C:\NFSC [2011.01.04 19:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.01.02 02:59:01 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\NFS Most Wanted [2011.01.02 02:47:06 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\NFSMW ========== Files - Modified Within 30 Days ========== [2011.01.21 11:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe [2011.01.21 11:50:49 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.21 11:50:49 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.21 11:50:49 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.21 11:50:49 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.21 11:50:48 | 001,514,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.21 11:45:12 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 11:45:12 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 11:36:40 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.21 11:35:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.21 11:35:41 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys [2011.01.21 00:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.21 00:02:42 | 000,017,244 | ---- | M] () -- C:\Users\Georg\Desktop\gaa.jpg [2011.01.20 20:07:59 | 000,137,886 | ---- | M] () -- C:\Users\Georg\Desktop\GA.png [2011.01.20 20:03:21 | 105,293,434 | ---- | M] () -- C:\Users\Georg\Documents\clip0072.avi [2011.01.20 19:59:42 | 000,012,524 | ---- | M] () -- C:\Users\Georg\Documents\clip0071.avi [2011.01.20 19:58:25 | 000,010,946 | ---- | M] () -- C:\Users\Georg\Documents\clip0070.avi [2011.01.20 19:58:14 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0069.avi [2011.01.20 00:39:14 | 004,184,518 | ---- | M] () -- C:\Users\Georg\Desktop\Torture_images.gif [2011.01.20 00:27:32 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.19 23:58:37 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.01.19 23:53:50 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.01.19 22:48:13 | 000,222,208 | ---- | M] () -- C:\Windows\Jxarab.exe [2011.01.17 21:21:22 | 000,011,170 | ---- | M] () -- C:\Users\Georg\Documents\clip0068.avi [2011.01.17 21:21:13 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0067.avi [2011.01.17 21:09:19 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0066.avi [2011.01.16 13:00:23 | 056,522,194 | ---- | M] () -- C:\Users\Georg\Documents\clip0065.avi [2011.01.15 18:40:44 | 000,001,216 | ---- | M] () -- C:\Users\Georg\Desktop\dragon_armor_by_ice_fire - Verknüpfung.lnk [2011.01.15 10:18:52 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.01.15 00:13:42 | 000,001,394 | ---- | M] () -- C:\Users\Georg\Desktop\Metin2.lnk [2011.01.14 22:31:38 | 000,000,979 | ---- | M] () -- C:\Users\Georg\Desktop\Algebrator.lnk [2011.01.14 14:11:28 | 048,413,094 | ---- | M] () -- C:\Users\Georg\Documents\clip0064.avi [2011.01.13 22:29:17 | 000,084,419 | ---- | M] () -- C:\Users\Georg\Desktop\eharmony-honesty-fail.jpg [2011.01.13 16:19:34 | 046,658,878 | ---- | M] () -- C:\Users\Georg\Documents\clip0063.avi [2011.01.11 21:44:19 | 056,429,090 | ---- | M] () -- C:\Users\Georg\Documents\clip0062.avi [2011.01.11 21:43:31 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0061.avi [2011.01.11 19:11:19 | 018,583,822 | ---- | M] () -- C:\Users\Georg\Documents\clip0060.avi [2011.01.11 19:10:12 | 174,350,876 | ---- | M] () -- C:\Users\Georg\Documents\clip0059.avi [2011.01.10 18:58:48 | 387,156,962 | ---- | M] () -- C:\Users\Georg\Documents\clip0058.avi [2011.01.10 18:55:11 | 008,608,664 | ---- | M] () -- C:\Users\Georg\Documents\clip0057.avi [2011.01.09 19:33:18 | 043,004,460 | ---- | M] () -- C:\Users\Georg\Documents\clip0056.avi [2011.01.09 13:52:37 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Carbon.lnk [2011.01.07 14:32:30 | 100,663,296 | ---- | M] () -- C:\Users\Georg\Documents\clip0055.avi [2011.01.07 14:31:34 | 000,780,000 | ---- | M] () -- C:\Users\Georg\Documents\clip0055.avi.bak [2011.01.05 17:35:10 | 057,236,040 | ---- | M] () -- C:\Users\Georg\Documents\clip0054.avi [2011.01.04 19:55:55 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.01.04 09:41:28 | 117,569,600 | ---- | M] () -- C:\Users\Georg\Documents\clip0053.avi [2011.01.03 19:14:35 | 083,078,582 | ---- | M] () -- C:\Users\Georg\Documents\clip0052.avi [2011.01.03 01:32:17 | 049,396,556 | ---- | M] () -- C:\Users\Georg\Documents\clip0051.avi [2011.01.02 02:58:51 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2011.01.01 18:05:48 | 104,857,600 | ---- | M] () -- C:\Users\Georg\Desktop\nfsmwmu.part09.rar [2011.01.01 16:33:03 | 000,010,955 | ---- | M] () -- C:\Users\Georg\Documents\Seelis.ods [2011.01.01 12:29:05 | 064,390,682 | ---- | M] () -- C:\Users\Georg\Documents\clip0050.avi [2010.12.31 19:19:06 | 000,001,941 | ---- | M] () -- C:\Users\Georg\Desktop\speed2 - Verknüpfung.lnk [2010.12.31 13:05:55 | 064,612,846 | ---- | M] () -- C:\Users\Georg\Documents\clip0049.avi [2010.12.31 13:05:12 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0048.avi [2010.12.31 13:04:49 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0047.avi [2010.12.31 13:04:28 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0046.avi [2010.12.30 10:54:43 | 090,961,592 | ---- | M] () -- C:\Users\Georg\Documents\clip0045.avi [2010.12.30 10:54:16 | 016,221,034 | ---- | M] () -- C:\Users\Georg\Documents\clip0044.avi [2010.12.29 15:37:04 | 052,327,430 | ---- | M] () -- C:\Users\Georg\Documents\clip0043.avi [2010.12.26 08:36:37 | 034,121,464 | ---- | M] () -- C:\Users\Georg\Documents\clip0042.avi [2010.12.24 23:15:03 | 104,336,596 | ---- | M] () -- C:\Users\Georg\Documents\clip0041.avi [2010.12.24 17:12:30 | 076,514,012 | ---- | M] () -- C:\Users\Georg\Documents\clip0040.avi [2010.12.24 09:01:52 | 045,140,486 | ---- | M] () -- C:\Users\Georg\Documents\clip0039.avi [2010.12.22 19:40:07 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0038.avi ========== Files Created - No Company Name ========== [2011.01.21 00:02:42 | 000,017,244 | ---- | C] () -- C:\Users\Georg\Desktop\gaa.jpg [2011.01.20 20:07:59 | 000,137,886 | ---- | C] () -- C:\Users\Georg\Desktop\GA.png [2011.01.20 20:00:12 | 105,293,434 | ---- | C] () -- C:\Users\Georg\Documents\clip0072.avi [2011.01.20 19:59:37 | 000,012,524 | ---- | C] () -- C:\Users\Georg\Documents\clip0071.avi [2011.01.20 19:58:21 | 000,010,946 | ---- | C] () -- C:\Users\Georg\Documents\clip0070.avi [2011.01.20 19:58:08 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0069.avi [2011.01.20 00:39:06 | 004,184,518 | ---- | C] () -- C:\Users\Georg\Desktop\Torture_images.gif [2011.01.20 00:27:32 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.19 23:58:37 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.01.19 23:53:50 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.01.19 23:36:25 | 000,222,208 | ---- | C] () -- C:\Windows\Jxarab.exe [2011.01.17 21:21:18 | 000,011,170 | ---- | C] () -- C:\Users\Georg\Documents\clip0068.avi [2011.01.17 21:21:08 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0067.avi [2011.01.17 21:09:14 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0066.avi [2011.01.16 13:00:07 | 056,522,194 | ---- | C] () -- C:\Users\Georg\Documents\clip0065.avi [2011.01.15 18:40:44 | 000,001,216 | ---- | C] () -- C:\Users\Georg\Desktop\dragon_armor_by_ice_fire - Verknüpfung.lnk [2011.01.15 00:13:42 | 000,001,394 | ---- | C] () -- C:\Users\Georg\Desktop\Metin2.lnk [2011.01.14 22:31:38 | 000,000,979 | ---- | C] () -- C:\Users\Georg\Desktop\Algebrator.lnk [2011.01.14 14:11:13 | 048,413,094 | ---- | C] () -- C:\Users\Georg\Documents\clip0064.avi [2011.01.13 22:29:17 | 000,084,419 | ---- | C] () -- C:\Users\Georg\Desktop\eharmony-honesty-fail.jpg [2011.01.13 16:19:19 | 046,658,878 | ---- | C] () -- C:\Users\Georg\Documents\clip0063.avi [2011.01.11 21:44:00 | 056,429,090 | ---- | C] () -- C:\Users\Georg\Documents\clip0062.avi [2011.01.11 21:43:29 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0061.avi [2011.01.11 19:11:11 | 018,583,822 | ---- | C] () -- C:\Users\Georg\Documents\clip0060.avi [2011.01.11 19:08:38 | 174,350,876 | ---- | C] () -- C:\Users\Georg\Documents\clip0059.avi [2011.01.10 18:55:14 | 387,156,962 | ---- | C] () -- C:\Users\Georg\Documents\clip0058.avi [2011.01.10 18:55:08 | 008,608,664 | ---- | C] () -- C:\Users\Georg\Documents\clip0057.avi [2011.01.09 19:33:04 | 043,004,460 | ---- | C] () -- C:\Users\Georg\Documents\clip0056.avi [2011.01.09 13:52:37 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Carbon.lnk [2011.01.09 13:38:49 | 000,011,049 | ---- | C] () -- C:\Users\Georg\Desktop\FFF.NFO [2011.01.09 13:38:49 | 000,000,382 | ---- | C] () -- C:\Users\Georg\Desktop\file_id.diz [2011.01.09 13:34:26 | 008,904,704 | ---- | C] () -- C:\Users\Georg\Desktop\nfsc.exe [2011.01.07 14:31:34 | 100,663,296 | ---- | C] () -- C:\Users\Georg\Documents\clip0055.avi [2011.01.07 14:31:34 | 000,780,000 | ---- | C] () -- C:\Users\Georg\Documents\clip0055.avi.bak [2011.01.05 17:34:39 | 057,236,040 | ---- | C] () -- C:\Users\Georg\Documents\clip0054.avi [2011.01.04 19:56:33 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.01.04 19:55:55 | 000,002,300 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.01.04 09:40:56 | 117,569,600 | ---- | C] () -- C:\Users\Georg\Documents\clip0053.avi [2011.01.03 19:14:11 | 083,078,582 | ---- | C] () -- C:\Users\Georg\Documents\clip0052.avi [2011.01.03 01:31:57 | 049,396,556 | ---- | C] () -- C:\Users\Georg\Documents\clip0051.avi [2011.01.02 02:58:51 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2011.01.01 18:00:05 | 104,857,600 | ---- | C] () -- C:\Users\Georg\Desktop\nfsmwmu.part09.rar [2011.01.01 12:28:38 | 064,390,682 | ---- | C] () -- C:\Users\Georg\Documents\clip0050.avi [2010.12.31 19:19:06 | 000,001,941 | ---- | C] () -- C:\Users\Georg\Desktop\speed2 - Verknüpfung.lnk [2010.12.31 13:05:36 | 064,612,846 | ---- | C] () -- C:\Users\Georg\Documents\clip0049.avi [2010.12.31 13:05:03 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0048.avi [2010.12.31 13:04:44 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0047.avi [2010.12.31 13:04:20 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0046.avi [2010.12.30 10:54:17 | 090,961,592 | ---- | C] () -- C:\Users\Georg\Documents\clip0045.avi [2010.12.30 10:54:11 | 016,221,034 | ---- | C] () -- C:\Users\Georg\Documents\clip0044.avi [2010.12.29 18:49:33 | 000,010,955 | ---- | C] () -- C:\Users\Georg\Documents\Seelis.ods [2010.12.29 15:36:29 | 052,327,430 | ---- | C] () -- C:\Users\Georg\Documents\clip0043.avi [2010.12.26 08:36:12 | 034,121,464 | ---- | C] () -- C:\Users\Georg\Documents\clip0042.avi [2010.12.24 23:13:57 | 104,336,596 | ---- | C] () -- C:\Users\Georg\Documents\clip0041.avi [2010.12.24 17:12:01 | 076,514,012 | ---- | C] () -- C:\Users\Georg\Documents\clip0040.avi [2010.12.24 09:01:20 | 045,140,486 | ---- | C] () -- C:\Users\Georg\Documents\clip0039.avi [2010.12.22 19:40:03 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0038.avi [2010.11.10 21:42:08 | 000,000,076 | ---- | C] () -- C:\Windows\iltwain.ini [2010.10.23 18:14:07 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.16 18:36:46 | 000,001,008 | ---- | C] () -- C:\Windows\SysWow64\Hardware.ini [2010.06.24 16:18:52 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2010.06.24 16:18:52 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2010.06.24 16:18:52 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2010.06.05 16:22:25 | 000,000,516 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.12.24 01:46:56 | 000,001,644 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2009.12.23 17:42:29 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.12.23 17:16:03 | 000,000,150 | ---- | C] () -- C:\Windows\PidList.ini [2009.10.30 05:26:14 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.10.30 05:25:45 | 000,776,614 | ---- | C] () -- C:\Program Files (x86)\Common Files\packardbell.ico [2009.10.30 02:31:41 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.10.30 02:31:41 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.10.30 02:31:41 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.06.14 10:59:54 | 000,042,016 | ---- | C] () -- C:\Windows\JSETWAIN.DLL ========== LOP Check ========== [2011.01.21 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\BitTorrent [2010.07.01 20:04:10 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\DAEMON Tools Pro [2010.11.10 21:56:21 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Downloaded Installations [2010.10.29 18:07:54 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.14 17:02:37 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\gtk-2.0 [2011.01.13 03:31:19 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\ICQ [2010.11.10 21:34:36 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\inkscape [2010.10.13 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\mt soft [2010.11.12 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\OpenOffice.org [2010.03.11 19:03:02 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\PlayFirst [2011.01.19 23:01:03 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SparweltGutschein [2010.10.10 20:55:14 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Zylom [2010.10.04 15:33:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:58C9BCAC < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.01.2011 11:56:32 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 130,50 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
Drive D: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{A8DDE3ED-9B6A-F806-32AF-EC53A836A04F}" = ATI Catalyst Install Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7CF178A-2F3D-0125-0D78-98EB53D92A52}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0695DD0E-0E07-061B-5317-1FCCEA3CA51F}" = CCC Help Czech
"{06A02948-CE93-82A0-7BD4-5FB9562136F7}" = CCC Help Japanese
"{0B7169C2-4FC9-0454-6E6F-CDBA27D9C3CF}" = CCC Help Spanish
"{117E3AE2-10D1-41C1-9FA6-F4C382F767A8}_is1" = Packard Bell GameZone Console
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FFA2D28-F77A-E27C-0659-F497926805AA}" = CCC Help Polish
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29BA43D8-07F9-4D78-A682-91BAAA98A302}" = Rome - Total War Anthology
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C02693A-EF4F-42D1-9036-664B6C0D647E}" = Google SketchUp Pro 8
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{37DA7059-EC42-8F87-2593-AB273A13CDE4}" = CCC Help Hungarian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41B823D8-0E7E-4910-A171-20B91EF6D93F}" = SV ScanRaster
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{554B7217-1988-2E1E-8CAC-30CB8498DA8E}" = CCC Help Portuguese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5920C2D5-2969-9BAE-E5A7-947721CFF1F1}" = CCC Help English
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C8C6C22-5B84-E88C-C38C-9E66DB569600}" = CCC Help Thai
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6122170D-F78E-182F-1D70-9187108F0AB7}" = Catalyst Control Center Graphics Light
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{667888E5-5D71-4312-A577-41024D32A8C8}" = Stronghold Crusader Extreme Demo
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{79BF8F0E-A3A6-D677-F4AE-157BE4AB9E46}" = CCC Help Danish
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7E9E6DC1-BE81-F3C8-2D61-F9AFADC7B2F8}" = CCC Help Chinese Standard
"{7EFE7605-8879-F08C-9EBD-F0B0EBEDE2AA}" = CCC Help French
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81CA0ED5-7522-01D4-2E20-018033B50087}" = CCC Help Korean
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3DA29D-D01B-4917-B266-D9BB810B2E6A}" = RcLatheDEMO 1.0
"{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91903291-1546-5B74-AC17-FDBBFD57D3F9}" = CCC Help Russian
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96E44EA5-13F8-491A-8EAC-67C5FA8D90B5}_is1" = Get7
"{974A6749-A030-9EC2-D200-7BD29CA886AC}" = ccc-core-static
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9D77E042-7D73-0DDA-DAEF-95AD3247C63F}" = Catalyst Control Center Localization All
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{a4584eb1-2889-4dcf-abed-da4f9f6996a3}" = Nero 9 Essentials
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA404934-A326-AC94-154A-73F65B2DBEFE}" = CCC Help Finnish
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{B04FC2D5-AE5C-1526-69B8-7121BD8CE3B1}" = CCC Help Swedish
"{B1C45394-E332-23F3-35EE-4086C5167C29}" = Catalyst Control Center Core Implementation
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B6C21804-0E6C-D4E6-0CF1-4E7F96AAE930}" = CCC Help Turkish
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDC96E64-A010-4341-A072-47EFDBD6CFBA}" = Stronghold Crusader Demo
"{BF59CB97-0475-8CDC-1DEB-F6565D3868FA}" = CCC Help Greek
"{C3A68A9A-2541-6171-3092-09C8AFAC4924}" = CCC Help Italian
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D4C3DAFC-2F7A-E7A9-89D1-70E53F44D231}" = Catalyst Control Center InstallProxy
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D6782F44-58DB-4DE5-A65C-890320CF3F99}" = Prince of Persia The Two Thrones
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DCF9791F-07F7-3FE8-E639-22EAE582C244}" = CCC Help Norwegian
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB7879B9-891A-2502-1CAC-4D328A7DA434}" = Catalyst Control Center Graphics Full Existing
"{EC3102A1-F7D5-F4D7-0BBE-E9A336852DD5}" = CCC Help Dutch
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA03EF4C-DE79-C463-6B50-AAC28A9A64FD}" = Catalyst Control Center Graphics Full New
"{FAAAA82D-E8FE-04C8-72D5-619A2632E1DF}" = CCC Help Chinese Traditional
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCB13E0B-09AD-7133-0B7E-52A157C6582E}" = CCC Help German
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Algebrator_is1" = Algebrator 4.0
"Alive 3GP Video Converter_is1" = Alive 3GP Video Converter (version 2.1.2.6)
"Amazonia" = Amazonia
"Amazonia_is1" = Amazonia
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BitTorrent" = BitTorrent
"DEUTSCHLAND SPIELT Spiele Post" = DEUTSCHLAND SPIELT Spiele Post
"DivX Setup.divx.com" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Feeding Frenzy Deluxe" = Feeding Frenzy Deluxe
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"Inkscape" = Inkscape 0.47
"InstallShield_{29BA43D8-07F9-4D78-A682-91BAAA98A302}" = Rome - Total War Anthology
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8
"Legacy of Kain: Defiance" = Legacy of Kain: Defiance 1.1
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Master Of Defense_is1" = Master Of Defense 1.67e
"Metaboli" = Metaboli
"Metin2_is1" = Metin2
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Welcome Center" = Welcome Center
"PackardBell Screensaver" = PackardBell ScreenSaver
"PDF to DXF JPG TIFF Converter_is1" = PDF to DXF JPG TIFF Converter
"Pharao" = Pharao
"Poker_is1" = Poker
"RAR Password Cracker" = RAR Password Cracker 4.12
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Feeding Frenzy Deluxe" = Feeding Frenzy Deluxe
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.01.2011 17:50:51 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Downloads\SoftonicDownloader_fuer_inkscape.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 19.01.2011 17:50:52 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Downloads\SoftonicDownloader_fuer_coreldraw.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 19.01.2011 17:53:15 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Downloads\SoftonicDownloader_fuer_coreldraw.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 19.01.2011 18:00:15 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Downloads\SoftonicDownloader_fuer_coreldraw.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 19.01.2011 18:00:24 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Downloads\SoftonicDownloader29029.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 19.01.2011 18:00:24 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Georg\Downloads\SoftonicDownloader_fuer_inkscape.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 19.01.2011 18:50:16 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.01.2011 18:50:16 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.01.2011 19:11:43 | Computer Name = Georg-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Jxarab.exe, Version: 1.0.746.11312,
Zeitstempel: 0x4d35c616 Name des fehlerhaften Moduls: MSVCR71.dll, Version: 7.10.3052.4,
Zeitstempel: 0x3e561eac Ausnahmecode: 0xc0000005 Fehleroffset: 0x00032e3f ID des fehlerhaften
Prozesses: 0xb3c Startzeit der fehlerhaften Anwendung: 0x01cbb8294fa128e7 Pfad der
fehlerhaften Anwendung: C:\Windows\Jxarab.exe Pfad des fehlerhaften Moduls: C:\Program
Files (x86)\Java\jre6\bin\MSVCR71.dll Berichtskennung: 7a4554f4-2421-11e0-90d7-00262d762144
Error - 20.01.2011 13:46:15 | Computer Name = Georg-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Jvk.exe, Version: 1.0.746.11312,
Zeitstempel: 0x4d342ba5 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x4320f825 ID des fehlerhaften
Prozesses: 0x12e0 Startzeit der fehlerhaften Anwendung: 0x01cbb8c6f8a1bb8f Pfad der
fehlerhaften Anwendung: C:\Users\Georg\AppData\Local\Temp\Jvk.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 2ccb96c0-24bd-11e0-90d7-00262d762144
[ Media Center Events ]
Error - 01.04.2010 11:18:45 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 17:18:45 - Fehler beim Herstellen der Internetverbindung. 17:18:45
- Serververbindung konnte nicht hergestellt werden..
Error - 01.04.2010 11:18:57 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 17:18:50 - Fehler beim Herstellen der Internetverbindung. 17:18:50
- Serververbindung konnte nicht hergestellt werden..
Error - 02.04.2010 11:22:40 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 17:22:40 - Fehler beim Herstellen der Internetverbindung. 17:22:40
- Serververbindung konnte nicht hergestellt werden..
Error - 02.04.2010 11:23:18 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 17:23:09 - Fehler beim Herstellen der Internetverbindung. 17:23:09
- Serververbindung konnte nicht hergestellt werden..
Error - 24.11.2010 10:37:11 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 15:37:11 - Fehler beim Herstellen der Internetverbindung. 15:37:11
- Serververbindung konnte nicht hergestellt werden..
Error - 24.11.2010 10:37:30 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 15:37:17 - Fehler beim Herstellen der Internetverbindung. 15:37:17
- Serververbindung konnte nicht hergestellt werden..
Error - 19.12.2010 11:16:06 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 16:16:06 - Fehler beim Herstellen der Internetverbindung. 16:16:06
- Serververbindung konnte nicht hergestellt werden..
Error - 19.12.2010 11:16:17 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 16:16:11 - Fehler beim Herstellen der Internetverbindung. 16:16:11
- Serververbindung konnte nicht hergestellt werden..
Error - 23.12.2010 10:51:31 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 15:51:31 - Fehler beim Herstellen der Internetverbindung. 15:51:31
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 21.01.2011 06:36:00 | Computer Name = Georg-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?01.?2011 um 01:00:23 unerwartet heruntergefahren.
Error - 21.01.2011 06:35:53 | Computer Name = Georg-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 21.01.2011 06:35:53 | Computer Name = Georg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 21.01.2011 06:37:14 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfsync02
Error - 21.01.2011 06:40:03 | Computer Name = Georg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 21.01.2011 06:43:41 | Computer Name = Georg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 21.01.2011 06:43:45 | Computer Name = Georg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 21.01.2011 06:43:48 | Computer Name = Georg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 21.01.2011 06:43:50 | Computer Name = Georg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 21.01.2011 06:44:07 | Computer Name = Georg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
mir is dazu noch aufgefallen das ich von antivit immer die meldung über diese datei hier bekomme: C:\Windows\Jxarab.exe ich klick jedes mal auf Zugriff verweigern aber i-wie kommt die dann nach ner weile wieder |
|
21.01.2011, 16:33
| #4 |
| /// Malwareteam | IE öffnet Werbung ständiges hängen des pcs Schritt 1 Filesharing Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen. Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich lieber Systeme, die keine solchen Programme installiert haben und bitte Dich daher alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren =>BitTorrent, Inc. Schritt 2 Programme deinstallieren Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren. Code:
ATTFilter Ask Toolbar
Schritt 3 Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15446&l=dis
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15443&locale=de_DE&apn_uid=1BD7261F-7899-4EFD-9FFD-169874EBF810&apn_ptnrs=GX&apn_sauid=D45257C8-0BD8-454C-8705-B7A0E77AD4AC&apn_dtid=YYYYYYB8DE&q="
[2010.10.17 03:46:58 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\toolbar@ask.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O32 - AutoRun File - [2007.06.28 18:48:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005.11.01 05:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 05:43:36 | 000,000,160 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005.10.14 10:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{5730db06-efdd-11de-9e1a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5730db06-efdd-11de-9e1a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2005.11.01 05:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.)
[2011.01.19 22:48:13 | 000,222,208 | ---- | M] () -- C:\Windows\Jxarab.exe
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:58C9BCAC
:Commands
[purity]
[emptytemp]
Schritt 3 ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt 4 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
|
|
21.01.2011, 23:38
| #5 |
| | IE öffnet Werbung ständiges hängen des pcs toolbar und bittorrent deinstalliert zu 3.1 otl All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "Ask.com" removed from browser.search.selectedEngine Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15443&locale=de_DE&apn_uid=1BD7261F-7899-4EFD-9FFD-169874EBF810&apn_ptnrs=GX&apn_sauid=D45257C8-0BD8-454C-8705-B7A0E77AD4AC&apn_dtid=YYYYYYB8DE&q=" removed from keyword.URL Folder C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\toolbar@ask.com\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. File not found. File move failed. D:\AutoRun.exe scheduled to be moved on reboot. File move failed. D:\autorun.inf scheduled to be moved on reboot. File move failed. D:\AutoRunGUI.dll scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5730db06-efdd-11de-9e1a-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5730db06-efdd-11de-9e1a-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5730db06-efdd-11de-9e1a-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5730db06-efdd-11de-9e1a-806e6f6e6963}\ not found. File move failed. D:\AutoRun.exe scheduled to be moved on reboot. C:\Windows\Jxarab.exe moved successfully. ADS C:\ProgramData\Temp:E3C56885 deleted successfully. ADS C:\ProgramData\Temp:0B9176C0 deleted successfully. ADS C:\ProgramData\Temp:4CF61E54 deleted successfully. ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully. ADS C:\ProgramData\Temp:ABE89FFE deleted successfully. ADS C:\ProgramData\Temp:E1F04E8D deleted successfully. ADS C:\ProgramData\Temp:93DE1838 deleted successfully. ADS C:\ProgramData\Temp:AB689DEA deleted successfully. ADS C:\ProgramData\Temp:444C53BA deleted successfully. ADS C:\ProgramData\Temp:58C9BCAC deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Georg ->Temp folder emptied: 7449338 bytes ->Temporary Internet Files folder emptied: 272375392 bytes ->Java cache emptied: 4376290 bytes ->FireFox cache emptied: 90686817 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 13429 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10644566 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102159 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 368,00 mb OTL by OldTimer - Version 3.2.20.3 log created on 01212011_171552 Files\Folders moved on Reboot... File move failed. D:\AutoRun.exe scheduled to be moved on reboot. File move failed. D:\autorun.inf scheduled to be moved on reboot. File move failed. D:\AutoRunGUI.dll scheduled to be moved on reboot. C:\Users\Georg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... zu 3.2 ESET Online Scanner ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=3226271abbc8314d9128a8844cd3b15a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-01-21 10:09:59 # local_time=2011-01-21 11:09:59 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1797 16775165 100 94 24896 32164291 60756 0 # compatibility_mode=5893 16776573 100 94 295963 47257285 0 0 # compatibility_mode=8192 67108863 100 0 3718 3718 0 0 # scanned=213921 # found=7 # cleaned=0 # scan_time=20364 C:\Users\Georg\Desktop\Wichtig\Neuer Ordner\angelbot v 2.4.5 by felixli93.exe Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Users\Georg\Desktop\Wichtig\Neuer Ordner\trienes's Angelbot v0.5.exe Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Users\Georg\Desktop\Wichtig\Neuer Ordner\trienes's Angelbot v0.5\trienes's Angelbot v0.5.exe Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Users\Georg\Downloads\angelbot v 2.4.5 by felixli93.zip Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Users\Georg\Downloads\Angelbot(4.3) by Hans Wurst.zip Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Users\Georg\Downloads\trienes's Angelbot v0.5.rar Win32/Packed.Autoit.E.Gen application (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\01212011_171552\C_Windows\Jxarab.exe a variant of Win32/Kryptik.JWP trojan (unable to clean) 00000000000000000000000000000000 I zu 4: otlOTL Logfile: Code:
ATTFilter OTL logfile created on: 21.01.2011 23:26:53 - Run 2 OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Georg\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,27 Gb Total Space | 129,35 Gb Free Space | 45,18% Space Free | Partition Type: NTFS Drive D: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.21 11:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe PRC - [2011.01.20 12:16:00 | 000,862,448 | ---- | M] (Intenium) -- C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe PRC - [2010.12.08 16:43:32 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.07 12:17:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.07 12:17:39 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.06.29 05:00:16 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.06.03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.04.15 09:16:48 | 000,288,064 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe PRC - [2010.03.03 08:46:04 | 002,631,640 | ---- | M] () -- C:\Program Files (x86)\Metin2\metin2.bin PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2009.12.03 14:32:54 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe PRC - [2009.11.21 00:34:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.11.02 00:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.10.30 02:06:55 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe PRC - [2009.08.25 18:38:06 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.08.20 17:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2009.08.20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2009.07.24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2009.04.15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe PRC - [2007.08.01 14:07:06 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe PRC - [2007.02.14 11:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe ========== Modules (SafeList) ========== MOD - [2011.01.21 11:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 02:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll MOD - [2009.07.14 02:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.30 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.01.13 15:32:58 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.08 16:43:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.07 12:17:39 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.12.23 17:39:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.09.30 14:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.08.29 01:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.25 18:38:06 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.20 17:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.07.24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.22 14:09:57 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.07.01 20:04:51 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.06.10 00:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2009.09.21 20:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.02 18:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.08.11 21:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009.07.30 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.24 11:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 12:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.05.05 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.04.28 18:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.04.28 18:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.04.03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.02.03 16:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV:64bit: - [2008.05.27 10:41:40 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) DRV:64bit: - [2008.05.27 10:41:40 | 000,137,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:64bit: - [2008.05.27 10:41:38 | 000,159,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:64bit: - [2008.05.27 10:41:38 | 000,138,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008.05.27 10:41:38 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) DRV:64bit: - [2008.05.27 10:41:38 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:64bit: - [2008.05.27 10:41:32 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV:64bit: - [2006.07.10 17:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2009.09.02 18:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {da684c80-6ad7-4a95-80ec-959e8ab082fd}:1.9 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.04 09:32:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.04 09:32:50 | 000,000,000 | ---D | M] [2010.03.01 20:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Extensions [2011.01.21 17:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions [2010.04.19 11:31:51 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.06.07 16:14:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.10.29 18:07:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.28 14:44:33 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.08.22 11:36:51 | 000,000,000 | ---D | M] ("Auto Replay for YouTube") -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{da684c80-6ad7-4a95-80ec-959e8ab082fd} [2010.03.13 20:19:14 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\sparweltgutscheinewl@sparwelt.de [2011.01.21 14:58:05 | 000,002,395 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\askcom.xml [2010.01.21 16:17:44 | 000,000,917 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\conduit.xml [2011.01.16 13:42:49 | 000,000,947 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\icqplugin.xml [2010.06.07 16:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.07 16:13:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.07 16:13:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.11.14 21:08:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.14 21:08:53 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.11.14 21:08:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.14 21:08:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.14 21:08:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony) O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (Intenium) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.01.09 01:03:54 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ] O32 - AutoRun File - [2007.06.28 18:48:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ] O32 - AutoRun File - [2005.11.01 05:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2005.11.01 05:43:36 | 000,000,160 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2005.10.14 10:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.21 17:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.01.21 17:21:20 | 000,000,000 | R--D | C] -- C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2011.01.21 17:15:52 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.21 11:54:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe [2011.01.20 00:27:44 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\Malwarebytes [2011.01.20 00:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.20 00:27:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.01.20 00:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.20 00:27:04 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.01.20 00:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.01.19 23:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2011.01.19 23:58:35 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2011.01.19 23:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.01.19 23:53:46 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.01.14 22:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Algebrator [2011.01.14 22:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Algebrator [2011.01.14 22:31:17 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\algebrator4.1 [2011.01.14 18:32:04 | 000,000,000 | ---D | C] -- C:\Programme\Metin2_beta [2011.01.09 14:01:35 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\NFS Carbon [2011.01.09 13:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011.01.09 13:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2011.01.09 01:23:04 | 000,000,000 | ---D | C] -- C:\CARBON [2011.01.09 01:04:46 | 000,000,000 | ---D | C] -- C:\NFSC [2011.01.04 19:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.01.02 02:59:01 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\NFS Most Wanted [2011.01.02 02:47:06 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\NFSMW ========== Files - Modified Within 30 Days ========== [2011.01.21 23:17:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.21 17:28:14 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 17:28:14 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 17:28:06 | 002,672,312 | ---- | M] () -- C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe [2011.01.21 17:19:18 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.21 17:18:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.21 17:18:14 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys [2011.01.21 11:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe [2011.01.21 11:50:49 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.21 11:50:49 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.21 11:50:49 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.21 11:50:49 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.21 11:50:48 | 001,514,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.21 00:02:42 | 000,017,244 | ---- | M] () -- C:\Users\Georg\Desktop\gaa.jpg [2011.01.20 20:07:59 | 000,137,886 | ---- | M] () -- C:\Users\Georg\Desktop\GA.png [2011.01.20 20:03:21 | 105,293,434 | ---- | M] () -- C:\Users\Georg\Documents\clip0072.avi [2011.01.20 19:59:42 | 000,012,524 | ---- | M] () -- C:\Users\Georg\Documents\clip0071.avi [2011.01.20 19:58:25 | 000,010,946 | ---- | M] () -- C:\Users\Georg\Documents\clip0070.avi [2011.01.20 19:58:14 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0069.avi [2011.01.20 00:39:14 | 004,184,518 | ---- | M] () -- C:\Users\Georg\Desktop\Torture_images.gif [2011.01.20 00:27:32 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.19 23:58:37 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.01.19 23:53:50 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.01.17 21:21:22 | 000,011,170 | ---- | M] () -- C:\Users\Georg\Documents\clip0068.avi [2011.01.17 21:21:13 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0067.avi [2011.01.17 21:09:19 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0066.avi [2011.01.16 13:00:23 | 056,522,194 | ---- | M] () -- C:\Users\Georg\Documents\clip0065.avi [2011.01.15 18:40:44 | 000,001,216 | ---- | M] () -- C:\Users\Georg\Desktop\dragon_armor_by_ice_fire - Verknüpfung.lnk [2011.01.15 10:18:52 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.01.15 00:13:42 | 000,001,394 | ---- | M] () -- C:\Users\Georg\Desktop\Metin2.lnk [2011.01.14 22:31:38 | 000,000,979 | ---- | M] () -- C:\Users\Georg\Desktop\Algebrator.lnk [2011.01.14 14:11:28 | 048,413,094 | ---- | M] () -- C:\Users\Georg\Documents\clip0064.avi [2011.01.13 22:29:17 | 000,084,419 | ---- | M] () -- C:\Users\Georg\Desktop\eharmony-honesty-fail.jpg [2011.01.13 16:19:34 | 046,658,878 | ---- | M] () -- C:\Users\Georg\Documents\clip0063.avi [2011.01.11 21:44:19 | 056,429,090 | ---- | M] () -- C:\Users\Georg\Documents\clip0062.avi [2011.01.11 21:43:31 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0061.avi [2011.01.11 19:11:19 | 018,583,822 | ---- | M] () -- C:\Users\Georg\Documents\clip0060.avi [2011.01.11 19:10:12 | 174,350,876 | ---- | M] () -- C:\Users\Georg\Documents\clip0059.avi [2011.01.10 18:58:48 | 387,156,962 | ---- | M] () -- C:\Users\Georg\Documents\clip0058.avi [2011.01.10 18:55:11 | 008,608,664 | ---- | M] () -- C:\Users\Georg\Documents\clip0057.avi [2011.01.09 19:33:18 | 043,004,460 | ---- | M] () -- C:\Users\Georg\Documents\clip0056.avi [2011.01.09 13:52:37 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Carbon.lnk [2011.01.07 14:32:30 | 100,663,296 | ---- | M] () -- C:\Users\Georg\Documents\clip0055.avi [2011.01.07 14:31:34 | 000,780,000 | ---- | M] () -- C:\Users\Georg\Documents\clip0055.avi.bak [2011.01.05 17:35:10 | 057,236,040 | ---- | M] () -- C:\Users\Georg\Documents\clip0054.avi [2011.01.04 19:55:55 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.01.04 09:41:28 | 117,569,600 | ---- | M] () -- C:\Users\Georg\Documents\clip0053.avi [2011.01.03 19:14:35 | 083,078,582 | ---- | M] () -- C:\Users\Georg\Documents\clip0052.avi [2011.01.03 01:32:17 | 049,396,556 | ---- | M] () -- C:\Users\Georg\Documents\clip0051.avi [2011.01.02 02:58:51 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2011.01.01 18:05:48 | 104,857,600 | ---- | M] () -- C:\Users\Georg\Desktop\nfsmwmu.part09.rar [2011.01.01 16:33:03 | 000,010,955 | ---- | M] () -- C:\Users\Georg\Documents\Seelis.ods [2011.01.01 12:29:05 | 064,390,682 | ---- | M] () -- C:\Users\Georg\Documents\clip0050.avi [2010.12.31 19:19:06 | 000,001,941 | ---- | M] () -- C:\Users\Georg\Desktop\speed2 - Verknüpfung.lnk [2010.12.31 13:05:55 | 064,612,846 | ---- | M] () -- C:\Users\Georg\Documents\clip0049.avi [2010.12.31 13:05:12 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0048.avi [2010.12.31 13:04:49 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0047.avi [2010.12.31 13:04:28 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0046.avi [2010.12.30 10:54:43 | 090,961,592 | ---- | M] () -- C:\Users\Georg\Documents\clip0045.avi [2010.12.30 10:54:16 | 016,221,034 | ---- | M] () -- C:\Users\Georg\Documents\clip0044.avi [2010.12.29 15:37:04 | 052,327,430 | ---- | M] () -- C:\Users\Georg\Documents\clip0043.avi [2010.12.26 08:36:37 | 034,121,464 | ---- | M] () -- C:\Users\Georg\Documents\clip0042.avi [2010.12.24 23:15:03 | 104,336,596 | ---- | M] () -- C:\Users\Georg\Documents\clip0041.avi [2010.12.24 17:12:30 | 076,514,012 | ---- | M] () -- C:\Users\Georg\Documents\clip0040.avi [2010.12.24 09:01:52 | 045,140,486 | ---- | M] () -- C:\Users\Georg\Documents\clip0039.avi ========== Files Created - No Company Name ========== [2011.01.21 17:27:59 | 002,672,312 | ---- | C] () -- C:\Users\Georg\Desktop\esetsmartinstaller_enu.exe [2011.01.21 00:02:42 | 000,017,244 | ---- | C] () -- C:\Users\Georg\Desktop\gaa.jpg [2011.01.20 20:07:59 | 000,137,886 | ---- | C] () -- C:\Users\Georg\Desktop\GA.png [2011.01.20 20:00:12 | 105,293,434 | ---- | C] () -- C:\Users\Georg\Documents\clip0072.avi [2011.01.20 19:59:37 | 000,012,524 | ---- | C] () -- C:\Users\Georg\Documents\clip0071.avi [2011.01.20 19:58:21 | 000,010,946 | ---- | C] () -- C:\Users\Georg\Documents\clip0070.avi [2011.01.20 19:58:08 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0069.avi [2011.01.20 00:39:06 | 004,184,518 | ---- | C] () -- C:\Users\Georg\Desktop\Torture_images.gif [2011.01.20 00:27:32 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.19 23:58:37 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.01.19 23:53:50 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.01.17 21:21:18 | 000,011,170 | ---- | C] () -- C:\Users\Georg\Documents\clip0068.avi [2011.01.17 21:21:08 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0067.avi [2011.01.17 21:09:14 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0066.avi [2011.01.16 13:00:07 | 056,522,194 | ---- | C] () -- C:\Users\Georg\Documents\clip0065.avi [2011.01.15 18:40:44 | 000,001,216 | ---- | C] () -- C:\Users\Georg\Desktop\dragon_armor_by_ice_fire - Verknüpfung.lnk [2011.01.15 00:13:42 | 000,001,394 | ---- | C] () -- C:\Users\Georg\Desktop\Metin2.lnk [2011.01.14 22:31:38 | 000,000,979 | ---- | C] () -- C:\Users\Georg\Desktop\Algebrator.lnk [2011.01.14 14:11:13 | 048,413,094 | ---- | C] () -- C:\Users\Georg\Documents\clip0064.avi [2011.01.13 22:29:17 | 000,084,419 | ---- | C] () -- C:\Users\Georg\Desktop\eharmony-honesty-fail.jpg [2011.01.13 16:19:19 | 046,658,878 | ---- | C] () -- C:\Users\Georg\Documents\clip0063.avi [2011.01.11 21:44:00 | 056,429,090 | ---- | C] () -- C:\Users\Georg\Documents\clip0062.avi [2011.01.11 21:43:29 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0061.avi [2011.01.11 19:11:11 | 018,583,822 | ---- | C] () -- C:\Users\Georg\Documents\clip0060.avi [2011.01.11 19:08:38 | 174,350,876 | ---- | C] () -- C:\Users\Georg\Documents\clip0059.avi [2011.01.10 18:55:14 | 387,156,962 | ---- | C] () -- C:\Users\Georg\Documents\clip0058.avi [2011.01.10 18:55:08 | 008,608,664 | ---- | C] () -- C:\Users\Georg\Documents\clip0057.avi [2011.01.09 19:33:04 | 043,004,460 | ---- | C] () -- C:\Users\Georg\Documents\clip0056.avi [2011.01.09 13:52:37 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Carbon.lnk [2011.01.09 13:38:49 | 000,011,049 | ---- | C] () -- C:\Users\Georg\Desktop\FFF.NFO [2011.01.09 13:38:49 | 000,000,382 | ---- | C] () -- C:\Users\Georg\Desktop\file_id.diz [2011.01.09 13:34:26 | 008,904,704 | ---- | C] () -- C:\Users\Georg\Desktop\nfsc.exe [2011.01.07 14:31:34 | 100,663,296 | ---- | C] () -- C:\Users\Georg\Documents\clip0055.avi [2011.01.07 14:31:34 | 000,780,000 | ---- | C] () -- C:\Users\Georg\Documents\clip0055.avi.bak [2011.01.05 17:34:39 | 057,236,040 | ---- | C] () -- C:\Users\Georg\Documents\clip0054.avi [2011.01.04 19:56:33 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.01.04 19:55:55 | 000,002,300 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.01.04 09:40:56 | 117,569,600 | ---- | C] () -- C:\Users\Georg\Documents\clip0053.avi [2011.01.03 19:14:11 | 083,078,582 | ---- | C] () -- C:\Users\Georg\Documents\clip0052.avi [2011.01.03 01:31:57 | 049,396,556 | ---- | C] () -- C:\Users\Georg\Documents\clip0051.avi [2011.01.02 02:58:51 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2011.01.01 18:00:05 | 104,857,600 | ---- | C] () -- C:\Users\Georg\Desktop\nfsmwmu.part09.rar [2011.01.01 12:28:38 | 064,390,682 | ---- | C] () -- C:\Users\Georg\Documents\clip0050.avi [2010.12.31 19:19:06 | 000,001,941 | ---- | C] () -- C:\Users\Georg\Desktop\speed2 - Verknüpfung.lnk [2010.12.31 13:05:36 | 064,612,846 | ---- | C] () -- C:\Users\Georg\Documents\clip0049.avi [2010.12.31 13:05:03 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0048.avi [2010.12.31 13:04:44 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0047.avi [2010.12.31 13:04:20 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0046.avi [2010.12.30 10:54:17 | 090,961,592 | ---- | C] () -- C:\Users\Georg\Documents\clip0045.avi [2010.12.30 10:54:11 | 016,221,034 | ---- | C] () -- C:\Users\Georg\Documents\clip0044.avi [2010.12.29 18:49:33 | 000,010,955 | ---- | C] () -- C:\Users\Georg\Documents\Seelis.ods [2010.12.29 15:36:29 | 052,327,430 | ---- | C] () -- C:\Users\Georg\Documents\clip0043.avi [2010.12.26 08:36:12 | 034,121,464 | ---- | C] () -- C:\Users\Georg\Documents\clip0042.avi [2010.12.24 23:13:57 | 104,336,596 | ---- | C] () -- C:\Users\Georg\Documents\clip0041.avi [2010.12.24 17:12:01 | 076,514,012 | ---- | C] () -- C:\Users\Georg\Documents\clip0040.avi [2010.12.24 09:01:20 | 045,140,486 | ---- | C] () -- C:\Users\Georg\Documents\clip0039.avi [2010.11.10 21:42:08 | 000,000,076 | ---- | C] () -- C:\Windows\iltwain.ini [2010.10.23 18:14:07 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.16 18:36:46 | 000,001,008 | ---- | C] () -- C:\Windows\SysWow64\Hardware.ini [2010.06.24 16:18:52 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2010.06.24 16:18:52 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2010.06.24 16:18:52 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2010.06.05 16:22:25 | 000,000,516 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.12.24 01:46:56 | 000,001,644 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2009.12.23 17:42:29 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.12.23 17:16:03 | 000,000,150 | ---- | C] () -- C:\Windows\PidList.ini [2009.10.30 05:26:14 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.10.30 05:25:45 | 000,776,614 | ---- | C] () -- C:\Program Files (x86)\Common Files\packardbell.ico [2009.10.30 02:31:41 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.10.30 02:31:41 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.10.30 02:31:41 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.06.14 10:59:54 | 000,042,016 | ---- | C] () -- C:\Windows\JSETWAIN.DLL ========== LOP Check ========== [2011.01.21 17:32:30 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\BitTorrent [2010.07.01 20:04:10 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\DAEMON Tools Pro [2010.11.10 21:56:21 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Downloaded Installations [2010.10.29 18:07:54 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.14 17:02:37 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\gtk-2.0 [2011.01.13 03:31:19 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\ICQ [2010.11.10 21:34:36 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\inkscape [2010.10.13 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\mt soft [2010.11.12 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\OpenOffice.org [2010.03.11 19:03:02 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\PlayFirst [2011.01.19 23:01:03 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\SparweltGutschein [2010.10.10 20:55:14 | 000,000,000 | ---D | M] -- C:\Users\Georg\AppData\Roaming\Zylom [2010.10.04 15:33:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2009.07.27 21:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010.04.09 22:29:00 | 001,184,646 | ---- | M] () -- C:\BottingPoint.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2010.10.17 12:27:42 | 000,001,042 | ---- | M] () -- C:\Hardware.ini [2011.01.21 17:18:14 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys [2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007.11.07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007.11.07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007.11.07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007.11.07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007.11.07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007.11.07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007.11.07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007.11.07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007.11.07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2011.01.21 17:18:28 | 4293,246,976 | -HS- | M] () -- C:\pagefile.sys [2009.12.09 04:22:18 | 000,013,365 | RHS- | M] () -- C:\Patch.rev [2010.03.01 16:04:37 | 000,000,218 | RHS- | M] () -- C:\Preload.rev [2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007.11.07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab [2007.11.07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2004.09.20 14:00:28 | 000,802,816 | ---- | M] (Sprout Games, LLC) -- C:\Windows\FeedingFrenzy.scr [2009.07.10 13:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > allerdings hatte ich da nur die OTL.txt - die Extra.txt wie verlangt hab ich nicht bekommen - auch nach dem zweiten mal ausführe nicht |
|
22.01.2011, 15:47
| #6 |
| /// Malwareteam | IE öffnet Werbung ständiges hängen des pcs Schritt 1 Was sind das für Dateien in diesem Ordner? C:\Users\Georg\Desktop\Wichtig\Neuer Ordner\angelbot v 2.4.5 by felixli93.exe Lösche am besten den gesamten Ordner wenn dort nur solche Sachen drin sind. Schritt 2 Wie läuft es zur Zeit? Öffnen sich noch Werbungen? |
|
22.01.2011, 16:12
| #7 |
| | IE öffnet Werbung ständiges hängen des pcs is gelöscht und werbung öffnet sich im moment nicht mehr ich lass den laptop heut nacht mal an und schau dann morgen ob was da is (weil vor 3 oder 4 tagen hatte ich den mal über nacht an und dann bestimmt 30 seiten mit werbung geöffnet) bis hier hin schon mal ein dickes dankeschön und ich werd in zukunft besser aufpassen was ich da alles runterlad =/ |
|
22.01.2011, 16:33
| #8 |
| /// Malwareteam | IE öffnet Werbung ständiges hängen des pcs Melde Dich aber wieder auch wenn keine Werbung mehr kommt. Wir sind noch nicht durch. |
|
23.01.2011, 20:48
| #9 |
| | IE öffnet Werbung ständiges hängen des pcs so laptop heute nacht angelassen und der ie hat keine werbung geöffnet was kommt dann als nächstes dran? mfg Geändert von XRatzorX (23.01.2011 um 20:54 Uhr) |
|
23.01.2011, 22:20
| #10 |
| /// Malwareteam | IE öffnet Werbung ständiges hängen des pcs Hier noch die letzten paar Schritte zur Säuberung Deines Rechners. Schritt 1 Systemwiederherstellungpunkte leeren Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen. Schritt 2 Tool CleanUp Starte bitte die OTL.exe. Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen. Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren. Schritt 3 Automatische Updates Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten. Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl und klicke auf OK. Stelle sicher das die automatischen Updates aktiviert sind. Schritt 4 Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
Schritt 5 Tipps für sicheres Surfen Das sind meine Vorschläge. Verwende einen alternativen Browser statt den IE. Ich empfehle Mozilla Firefox. Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. |
|
23.01.2011, 22:59
| #11 |
| | IE öffnet Werbung ständiges hängen des pcs habs jetzt nur mal überflogen werd mich dann morgen intensiver damit beschäftigen aber wenn ich windows + e drücke dann bei C: eigenschaften und bereinigen komm ich zu diesem datenträgerbereinigungsfenster, finde da keine weiteren optionen (nur systemdateien bereinigen und dateien anzeigen) sry aber da ich keine ahnung von so was hab frag ich lieber nach =) mfg |
|
23.01.2011, 23:08
| #12 |
| /// Malwareteam | IE öffnet Werbung ständiges hängen des pcs Mach es so: Win-Taste und E zugleich drücke --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen. |
|
25.01.2011, 17:29
| #13 |
| | IE öffnet Werbung ständiges hängen des pcs ja tut mir echt leid aber ich komm vor m wochenende nicht mehr dazu das zu machen und dann meld ich mich nochmal |
|
25.01.2011, 20:18
| #14 |
| /// Malwareteam | IE öffnet Werbung ständiges hängen des pcs Ok mach das. |
|
| Themen zu IE öffnet Werbung ständiges hängen des pcs |
| adobe, antivir, antivir guard, avg, avira, bho, converter, desktop, excel, firefox, google, hijack.zones, hijackthis, hängen, hängt, internet explorer, maus, monitor, mozilla, mp3, packard bell, photoshop, plug-in, problem, scan, software, syswow64, werbung, windows, winload toolbar, öffnet werbung |
Textbox.
Button.
Linear-Darstellung
