| mysecretname | 02.08.2012 14:22 |
So, hier noch der MBAM-LOG (hat einen Trojaner gefunden und in Quarantäne verschoben) Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.07.30.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SZ :: PANDORA [Administrator]
02.08.2012 14:11:56
mbam-log-2012-08-02 (14-11-56).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 476671
Laufzeit: 49 Minute(n), 54 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\SZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
| Und hier die OTL-Logs
OTL Logfile: Code:
OTL logfile created on: 02.08.2012 15:56:19 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\SZ\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,72 Gb Available Physical Memory | 71,65% Memory free
15,95 Gb Paging File | 13,83 Gb Available in Paging File | 86,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 32,44 Gb Free Space | 29,02% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 670,20 Gb Free Space | 71,95% Space Free | Partition Type: NTFS
Computer Name: PANDORA | User Name: SZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\SZ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hama\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\Program Files (x86)\Hama\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Hama\Common\RaWLAPI.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (L4301_Solar) -- C:\Programme\Logitech\SolarApp\L4301_Solar.exe (Logitech, Inc.)
SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Hama\Common\RaRegistry64.exe (Ralink Technology, Corp.)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-954386229-1821757164-4254480043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-954386229-1821757164-4254480043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-954386229-1821757164-4254480043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-954386229-1821757164-4254480043-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 DE E3 10 66 37 CD 01 [binary data]
IE - HKU\S-1-5-21-954386229-1821757164-4254480043-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-954386229-1821757164-4254480043-1000\..\SearchScopes,DefaultScope = {4D4C533D-CC6D-4c1b-A14B-FE5BF7927E53}
IE - HKU\S-1-5-21-954386229-1821757164-4254480043-1000\..\SearchScopes\{4D4C533D-CC6D-4c1b-A14B-FE5BF7927E53}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-954386229-1821757164-4254480043-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?hl=de"
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\ScrollApp\LogiSmoothFirefoxExt [2012.01.11 13:19:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 15:47:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 15:47:19 | 000,000,000 | ---D | M]
[2011.12.17 16:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SZ\AppData\Roaming\mozilla\Extensions
[2012.07.27 11:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SZ\AppData\Roaming\mozilla\Firefox\Profiles\jjtzdvvq.default\extensions
[2012.07.27 11:38:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\SZ\AppData\Roaming\mozilla\Firefox\Profiles\jjtzdvvq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.19 16:13:45 | 000,001,618 | ---- | M] () -- C:\Users\SZ\AppData\Roaming\Mozilla\Firefox\Profiles\jjtzdvvq.default\searchplugins\scroogle-ssl.xml
[2012.03.20 21:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.11 13:19:00 | 000,000,000 | ---D | M] (Logitech Scroll App) -- C:\PROGRAM FILES\LOGITECH\SCROLLAPP\LOGISMOOTHFIREFOXEXT
[2012.07.19 15:47:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.10 13:00:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.10 13:00:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.10 13:00:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.10 13:00:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.11 10:43:44 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012.06.10 13:00:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.10 13:00:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Logitech Scroll App) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\ScrollApp\LogiSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Logitech Scroll App) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\ScrollApp\32-bit\LogiSmooth.dll (Logitech, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Programme\Logitech\ScrollApp\KhalScroll.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-954386229-1821757164-4254480043-1000..\Run: [] File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\SZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\SZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6298915C-3242-45E4-80DF-37B810BA1D8E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C53B2AB9-7544-45BB-AC7C-AA4EAC26F69C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C906D556-77C6-4BD7-A782-60C3C47392C4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d73193b5-2a0f-11e1-aa21-00268316364d}\Shell - "" = AutoRun
O33 - MountPoints2\{d73193b5-2a0f-11e1-aa21-00268316364d}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{d73193b5-2a0f-11e1-aa21-00268316364d}\Shell\directx\command - "" = G:\Support\DirectX\DXSETUP.exe
O33 - MountPoints2\{d73193b5-2a0f-11e1-aa21-00268316364d}\Shell\install\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.02 15:50:27 | 144,779,888 | ---- | C] (Emsisoft GmbH ) -- C:\Users\SZ\Desktop\EmsisoftAntiMalwareSetup.exe
[2012.08.02 13:59:54 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\SZ\Desktop\OTL.exe
[2012.08.01 21:54:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.08.01 21:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2012.08.01 19:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.08.01 17:20:16 | 000,000,000 | ---D | C] -- C:\Users\SZ\AppData\Roaming\calibre
[2012.07.27 11:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.27 11:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free YouTube Download
[2012.07.27 11:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.07.23 01:12:42 | 000,000,000 | ---D | C] -- C:\Users\SZ\Documents\Telltale Games
[2012.07.17 17:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.07.17 17:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.07.17 17:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.07.17 12:23:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.17 12:23:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.17 12:23:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.17 12:23:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.17 12:23:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.17 12:23:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.17 12:23:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.17 12:23:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.17 12:23:40 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.17 12:23:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.17 12:23:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.17 12:23:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.17 12:23:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.17 11:16:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.17 11:16:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.17 11:16:08 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.17 11:16:07 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.17 11:16:06 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.02 15:51:29 | 144,779,888 | ---- | M] (Emsisoft GmbH ) -- C:\Users\SZ\Desktop\EmsisoftAntiMalwareSetup.exe
[2012.08.02 15:48:26 | 000,591,235 | ---- | M] () -- C:\Users\SZ\Desktop\adwcleaner.exe
[2012.08.02 15:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.02 15:23:11 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.02 15:02:34 | 000,001,875 | ---- | M] () -- C:\Users\SZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.02 14:01:07 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.02 14:01:07 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.02 14:01:07 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.02 14:01:07 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.02 14:01:07 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.02 14:00:30 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.02 12:08:00 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 12:08:00 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 12:07:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\SZ\Desktop\OTL.exe
[2012.08.02 12:00:29 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.02 12:00:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 12:00:21 | 2129,285,119 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.02 11:58:50 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.07.30 16:30:01 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.30 16:30:01 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.30 16:29:37 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.07.27 10:43:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.27 10:43:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.20 10:52:56 | 000,057,714 | ---- | M] () -- C:\Users\SZ\Desktop\Screenshot Anmeldung Marathon.JPG
[2012.07.18 12:18:15 | 000,070,960 | ---- | M] () -- C:\Users\SZ\Desktop\Einspruch gegen Betriebskostenabrechnung.rtf
[2012.07.17 12:32:33 | 000,431,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.02 15:48:26 | 000,591,235 | ---- | C] () -- C:\Users\SZ\Desktop\adwcleaner.exe
[2012.08.02 14:00:30 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.02 11:47:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.08.02 11:47:51 | 000,001,875 | ---- | C] () -- C:\Users\SZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.20 10:52:43 | 000,057,714 | ---- | C] () -- C:\Users\SZ\Desktop\Screenshot Anmeldung Marathon.JPG
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.30 23:41:01 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.30 23:40:59 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.17 17:51:50 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.12.17 17:51:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.12.17 17:51:48 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.12.17 16:42:30 | 000,000,017 | ---- | C] () -- C:\Users\SZ\AppData\Local\resmon.resmoncfg
[2011.12.17 16:23:35 | 000,038,556 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.12.17 16:22:56 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.17 16:22:52 | 000,026,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
========== LOP Check ==========
[2011.12.20 14:19:13 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\.oit
[2012.06.10 13:29:21 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\Amazon
[2011.12.20 13:10:19 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\bizarre creations
[2012.08.01 17:21:40 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\calibre
[2012.06.14 15:55:53 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\DAEMON Tools Lite
[2012.03.20 14:00:45 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\Dropbox
[2012.05.27 14:12:45 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\Duden
[2012.07.27 11:38:18 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\DVDVideoSoft
[2012.03.12 12:08:13 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.14 07:56:59 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\Epson
[2012.01.11 13:18:01 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\Leadertech
[2012.06.11 11:05:05 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\MiniLyrics
[2011.12.28 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\NewSoft
[2012.05.29 15:37:44 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\Nokia
[2011.12.22 12:55:51 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\Nokia Suite
[2011.12.30 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\Origin
[2011.12.22 12:55:01 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\PC Suite
[2012.04.19 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\pdfforge
[2012.01.19 17:11:35 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\SigmaDataCenter21.6A52D17A1C86211F195F60E94C15876515EBE62C.1
[2011.12.19 17:11:12 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\Trine2
[2012.07.17 14:21:41 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\TS3Client
[2011.12.17 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\SZ\AppData\Roaming\TuneUp Software
[2012.06.20 11:00:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
OTL EXTRAS
OTL Logfile: Code:
OTL Extras logfile created on: 02.08.2012 15:56:19 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\SZ\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,72 Gb Available Physical Memory | 71,65% Memory free
15,95 Gb Paging File | 13,83 Gb Available in Paging File | 86,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 32,44 Gb Free Space | 29,02% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 670,20 Gb Free Space | 71,95% Space Free | Partition Type: NTFS
Computer Name: PANDORA | User Name: SZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-954386229-1821757164-4254480043-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1145A999-9036-4727-8C4D-4B1B65226FB9}" = rport=138 | protocol=17 | dir=out | app=system |
"{1BE2653D-CCAA-43BC-815D-FD2575581B56}" = lport=139 | protocol=6 | dir=in | app=system |
"{1E73A7BA-9859-4452-B97A-ED80BFF28E2C}" = rport=445 | protocol=6 | dir=out | app=system |
"{212BFDA0-7863-4ABC-8D21-50765B8AB1CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{23084579-E3FB-4253-90CB-5170E69BBFAD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{3803679C-E736-49F9-B199-E94FD2CCC77B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5286009C-49F7-4081-9BE3-8E603A054C46}" = lport=138 | protocol=17 | dir=in | app=system |
"{8186A00C-67D7-492B-97C8-552D9661FB9A}" = lport=137 | protocol=17 | dir=in | app=system |
"{9D101A5A-ED1F-4484-ABFE-ECA5E7F32542}" = rport=139 | protocol=6 | dir=out | app=system |
"{C567EAA3-6445-41E5-B73E-6BA2428B95EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{DADC9FAD-3D78-43F7-BA8E-8F534CCFA2B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EAEF104B-B00C-44D7-A949-42F60E23EB4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FFA5EFEB-520B-40CE-85C8-F7EF7A0909E9}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07229C9C-2F0F-436E-A3C9-CA1533E9948E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0B7BEF44-21AA-4C1B-8319-74038B5F2F2C}" = protocol=17 | dir=in | app=d:\programme exil\steam\steam.exe |
"{0F960947-C344-4030-988D-B15C40B5A0A0}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\batman2\runlauncher.bat |
"{0FD6653E-2D41-4292-B9C3-60C57BF4B2B0}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\trine\trine_launcher.exe |
"{105A52F0-359B-414B-8F45-31C6D0E10771}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{17CCE9E2-97EB-4DA7-8080-DBB6B48A637A}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\dxhrml\dxhrml.exe |
"{18D1FF7F-F56F-4735-908F-45B7B4AB33DA}" = protocol=17 | dir=in | app=c:\users\sz\appdata\roaming\dropbox\bin\dropbox.exe |
"{1C432F3A-91E7-4EEA-9C4C-FDE3A7A3D582}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{27E4635F-6A06-486D-8623-09AEFD95BF0D}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{2DB9A641-CD4F-4EA1-9855-CCBCD02818D2}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\portal 2\portal2.exe |
"{301F2631-450B-4850-91EF-0828413ABD21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{32FA8028-C740-4C4C-9601-DAD082BDE97C}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{369CE298-EF1D-4B03-8CB7-4343DFFC1EE0}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3735F413-2EB3-4F6E-9C0E-70A53F52CCD1}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\presto! page manager 9\licensecheck.exe |
"{37778FCA-3B14-4B87-AC3F-9119E011D16E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{38206D9E-9A94-4C67-8A9E-A51DCF7C9731}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{3AA10ADF-6DD4-4560-89FC-EC60B1461121}" = protocol=6 | dir=in | app=d:\programme exil\blur\blur.exe |
"{3C605B8B-FC04-4AA7-A18A-71B55F91348B}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{3DA7E2E2-BD30-4508-B11B-D506EABBB13B}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{4433791A-905C-417B-ADC3-0302E9A6CF53}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{44707A47-B8D3-4FF3-8EE6-546F6C2CDC2E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{46B11930-383D-43E5-AF12-5C59B8E00C7E}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\dxhrml\dxhrml.exe |
"{48BE3D1B-10D0-4F95-9029-816298DBA004}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\presto! page manager 9\licensecheck.exe |
"{48E2B9D7-A9C9-4C48-8F0E-2EA5F1116E5D}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{4C1E2D5E-DFA5-4ACC-B153-7B7D19D22F6E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CC011FD-53B7-4352-AB55-59FF367FC91D}" = protocol=17 | dir=in | app=d:\programme exil\blur\blur.exe |
"{4F14E357-B789-422D-BEC7-611BFB543EFF}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\skyrim\creationkit.exe |
"{528039D3-AD1F-48D1-9A91-F85E59DB20F7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{551D501B-6E2F-4867-B405-73996E93AA15}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{6181201F-8A41-4D9D-AF08-032DAAE90387}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{6D08F104-A34A-4F20-954A-997CDB8B4A70}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D51CF3E-A59A-4307-B831-A9D06FE6B133}" = protocol=17 | dir=in | app=d:\programme exil\origin games\battlefield 3\bf3.exe |
"{734631E4-C713-4F3B-9D4F-59034CABE2DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{74F79756-DFB9-483C-A0C1-7078F590CA7C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7ABAC72D-F3D1-4FD7-9D2B-36F728AD123B}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{7E675485-6BEC-4A0F-80A1-AECC6419E717}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{80180BE1-C52B-49AA-B775-80C1163A0FAF}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\portal 2\portal2.exe |
"{83F7914A-DAFA-4A69-8A56-AAF267D12452}" = protocol=17 | dir=in | app=d:\programme exil\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{8EE24DD3-EC86-4AC3-865F-13820780E3CE}" = protocol=6 | dir=in | app=d:\programme exil\origin games\battlefield 3\bf3.exe |
"{90FC1654-ACA5-4D79-AC39-1E438E77832D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{935B9D33-AA74-4A21-9433-1EB5FB849D25}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\trine\trine_launcher.exe |
"{974190EB-B0B2-4FBA-A676-55F0E00268EA}" = protocol=6 | dir=in | app=d:\programme exil\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{97538DD3-AF34-40C9-9B9A-2A6967CE7C09}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\dear esther\dearesther.exe |
"{9B886D68-1C75-4D65-BC12-CAB60772C45B}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\bastion\bastion.exe |
"{9F864B25-EFF5-4C75-A6C3-91CE326F3901}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{A2EB816D-8DB5-4479-9A2E-44FBB35629EC}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A490C937-AC70-4FA4-8312-27271FDE65C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B1298705-60B1-4096-90F3-91FF5C038FC2}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{B84706CF-42FE-44BF-80C8-B21B250D6686}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{BA712448-95C5-48D8-8FB4-D5DA8EEB14D7}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{BE94C66A-F08F-45F3-A9B3-7CF8C3BA31B3}" = protocol=6 | dir=in | app=d:\programme exil\steam\steam.exe |
"{C5BDEA43-B3DE-4A73-8C2E-C8B77EF1DE54}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{CA5133BC-901B-42C5-AE1E-168B43AFEB35}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\skyrim\creationkit.exe |
"{D1643E59-4ADF-4D96-908D-685B665E177A}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{DB116321-6991-4D0A-AF95-C031E21D507F}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\dear esther\dearesther.exe |
"{E03803E0-4AC3-46BE-8B0C-20A4904C07DE}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\bastion\bastion.exe |
"{E5913C30-7C71-4426-90D0-4F5C6B22C3CD}" = protocol=17 | dir=in | app=d:\programme exil\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{E5B423F5-C762-4B19-9B6B-9E3A6B5FC084}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\batman2\runlauncher.bat |
"{F07E41A0-4EFE-42AD-BF13-937FAB66E5E2}" = protocol=6 | dir=in | app=d:\programme exil\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{F4F25840-761F-46C6-B5F7-F198091046E2}" = protocol=6 | dir=in | app=c:\users\sz\appdata\roaming\dropbox\bin\dropbox.exe |
"{FE2257CC-E209-45F6-95AF-343F4187FAFE}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON BX525WD Series" = EPSON BX525WD Series Printer Uninstall
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sn1" = Logitech Scroll App 3.0
"SolarApp" = Logitech Solar App 1.0
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF7536-446D-4F5A-8920-B4E885E4581B}" = Presto! PageManager 9.00.11 SE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45C5C113-AD43-414B-867D-7C0AF54276CB}" = Duden-Rechtschreibprüfung PLUS
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C9ACC9D-E704-FAEE-6322-BC8F45769DA5}" = Sigma Data Center 2.1
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
"{90140000-0015-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
"{90140000-0016-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0C0A-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Spanish) 2010
"{90140000-0017-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{F26F86C8-AC71-413C-B432-CD0007FD9C33}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
"{90140000-0018-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
"{90140000-0019-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
"{90140000-001A-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
"{90140000-001B-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0403-0000-0000000FF1CE}_Office14.OMUI.es-es_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.es-es_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.es-es_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.OMUI.es-es_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-042D-0000-0000000FF1CE}_Office14.OMUI.es-es_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0456-0000-0000000FF1CE}_Office14.OMUI.es-es_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0C0A-1000-0000000FF1CE}_Office14.OMUI.es-es_{ED7E1546-A5BC-407C-8321-94D6DAF9B5A7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
"{90140000-002C-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{DBE2E9A2-A47F-42A9-A1CF-3B6665A9714A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
"{90140000-0044-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
"{90140000-006E-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{7FF53332-4A24-4F40-946E-C58B6326063C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
"{90140000-00A1-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
"{90140000-00BA-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{AA321CAB-5896-46B1-B18E-3EE82C88ABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0C0A-0000-0000000FF1CE}" = Microsoft Office O MUI (Spanish) 2010
"{90140000-0100-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{59DDF6A6-FD7E-4A78-968A-0FDBACB8B91C}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0C0A-0000-0000000FF1CE}" = Microsoft Office X MUI (Spanish) 2010
"{90140000-0101-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{4EB53E7C-9760-4670-AEF4-797A479CC67B}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Internet Security 2012
"Battlelog Web Plugins" = Battlelog Web Plugins
"EPSON BX525WD Series Manual" = EPSON BX525WD Series Handbuch
"EPSON BX525WD Series Network Guide" = EPSON BX525WD Series Netzwerk-Handbuch
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MiniLyrics" = Minilyrics
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.es-es" = Microsoft Office Language Pack 2010 - Spanish/Español
"Office14.SingleImage" = Microsoft Office Professional 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SigmaDataCenter21.6A52D17A1C86211F195F60E94C15876515EBE62C.1" = Sigma Data Center 2.1
"StarCraft II" = StarCraft II
"Steam App 107100" = Bastion
"Steam App 110800" = L.A. Noire: The Complete Edition
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 202480" = Creation Kit
"Steam App 203810" = Dear Esther
"Steam App 207610" = The Walking Dead
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 35700" = Trine
"Steam App 39160" = Dungeon Siege III
"Steam App 400" = Portal
"Steam App 550" = Left 4 Dead 2
"Steam App 57400" = Batman: Arkham City™
"Steam App 620" = Portal 2
"Steam App 65800" = Dungeon Defenders
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-954386229-1821757164-4254480043-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2012 07:32:20 | Computer Name = PANDORA | Source = VSS | ID = 12298
Description =
Error - 27.03.2012 10:18:59 | Computer Name = PANDORA | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 28.03.2012 08:28:38 | Computer Name = PANDORA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.6109.5005,
Zeitstempel: 0x4e79b881 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
Zeitstempel: 0x4e58702a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004974 ID des fehlerhaften
Prozesses: 0x119c Startzeit der fehlerhaften Anwendung: 0x01cd0cddb66b1352 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\OLEAUT32.dll Berichtskennung: 8b64795e-78d1-11e1-9c14-f46d04507ac6
Error - 13.04.2012 07:33:16 | Computer Name = PANDORA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.6109.5005,
Zeitstempel: 0x4e79b881 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038dc9 ID des fehlerhaften
Prozesses: 0xcac Startzeit der fehlerhaften Anwendung: 0x01cd196833c03477 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 75ba87fc-855c-11e1-a0dd-f46d04507ac6
Error - 13.04.2012 08:03:00 | Computer Name = PANDORA | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Steam.exe, Version: 1.0.1065.11,
Zeitstempel: 0x4d9b89de Name des fehlerhaften Moduls: Steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4f442e99 Ausnahmecode: 0xc0000005 Fehleroffset: 0x301ec66a
ID
des fehlerhaften Prozesses: 0xf24 Startzeit der fehlerhaften Anwendung: 0x01cd196c608f00fb
Pfad
der fehlerhaften Anwendung: D:\Programme Exil\Steam\Steam.exe Pfad des fehlerhaften
Moduls: Steam.dll Berichtskennung: 9d2ded37-8560-11e1-bb9e-00268316364d
Error - 13.04.2012 09:48:59 | Computer Name = PANDORA | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 14.04.2012 14:16:52 | Computer Name = PANDORA | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 18.04.2012 12:18:55 | Computer Name = PANDORA | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 20.04.2012 13:12:58 | Computer Name = PANDORA | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 24.04.2012 12:28:32 | Computer Name = PANDORA | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
[ System Events ]
Error - 02.08.2012 06:02:31 | Computer Name = PANDORA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 02.08.2012 09:42:13 | Computer Name = PANDORA | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{C906D556-77C6-4BD7-A782-60C3C47392C4} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 02.08.2012 09:42:13 | Computer Name = PANDORA | Source = NetBT | ID = 4321
Description = Der Name "PANDORA :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.100 registriert werden. Der Computer mit IP-Adresse 192.168.0.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 02.08.2012 09:42:13 | Computer Name = PANDORA | Source = NetBT | ID = 4321
Description = Der Name "PANDORA :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.100 registriert werden. Der Computer mit IP-Adresse 192.168.0.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 02.08.2012 09:43:48 | Computer Name = PANDORA | Source = NetBT | ID = 4321
Description = Der Name "PANDORA :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.100 registriert werden. Der Computer mit IP-Adresse 192.168.0.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 02.08.2012 09:48:18 | Computer Name = PANDORA | Source = NetBT | ID = 4321
Description = Der Name "PANDORA :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.100 registriert werden. Der Computer mit IP-Adresse 192.168.0.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 02.08.2012 09:48:25 | Computer Name = PANDORA | Source = NetBT | ID = 4321
Description = Der Name "PANDORA :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.100 registriert werden. Der Computer mit IP-Adresse 192.168.0.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 02.08.2012 09:50:25 | Computer Name = PANDORA | Source = NetBT | ID = 4321
Description = Der Name "PANDORA :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.100 registriert werden. Der Computer mit IP-Adresse 192.168.0.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 02.08.2012 09:54:52 | Computer Name = PANDORA | Source = NetBT | ID = 4321
Description = Der Name "PANDORA :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.100 registriert werden. Der Computer mit IP-Adresse 192.168.0.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 02.08.2012 09:55:41 | Computer Name = PANDORA | Source = NetBT | ID = 4321
Description = Der Name "PANDORA :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.100 registriert werden. Der Computer mit IP-Adresse 192.168.0.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
< End of report >
--- --- ---
Habe zwischenzeitlich noch mal MBAM aktualisiert und durchlaufen lassen. Hat diesmal drei infizierte Dateien gefunden. Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.08.02.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SZ :: PANDORA [Administrator]
02.08.2012 15:43:19
mbam-log-2012-08-02 (15-43-19).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 476849
Laufzeit: 37 Minute(n), 4 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 1
C:\Users\SZ\AppData\Local\Temp\deo0_sar.exe (Trojan.FakeMS) -> Löschen bei Neustart.
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\SZ\AppData\Local\Temp\deo0_sar.exe (Trojan.FakeMS) -> Löschen bei Neustart.
C:\Users\SZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
| |
