Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Extremer Fall - Keine Rückmeldung Mozilla-dauerhaftes hängen (https://www.trojaner-board.de/123469-extremer-fall-keine-rueckmeldung-mozilla-dauerhaftes-haengen.html)

cigar 04.09.2012 12:41
Extremer Fall - Keine Rückmeldung Mozilla-dauerhaftes hängen
 
Hallo Gemeinde,

folgendes Problem: seit kurzer Zeit habe ich mit meinem Laptop mehrere Probleme- zum einen egal ob im Internet oder auch nicht immer hängt es - über mozilla muss ich minuten lang warten bis das fenster wieder normal wird und ich im netz surfen kann.

rechter mausklick und ich warte minuten bis die funktionen sichtbar sind - oder ich ein film über vlc gucken möchte läuft es ne minute und dann freeeeeezzzzz. zum kotzen ist das


folgendes noch gerade als ich den can durchgeführt habe .... hängt ds programm und dann läufts weiter es hängt wieder und läuft weiter mindestens 10 mal die ganze zeit

EXTRA.TXT

OTL Logfile:
Code:
OTL Extras logfile created on: 04.09.2012 13:21:00 - Run 1
OTL by OldTimer - Version 3.2.60.0    Folder = C:\Users\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 63,49% Memory free
7,08 Gb Paging File | 5,28 Gb Available in Paging File | 74,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 2,91 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
 
Computer Name:  | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B9D13A-3E8D-49C9-A0FE-4F3A769437C9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{04E3466B-FAA5-47CC-AC24-21F364312A4F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0CEEEE56-7789-4ECA-A70D-1D82AF0FB7B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D66A41C-64A4-4BE7-A0E4-425E8EE0E11B}" = rport=137 | protocol=17 | dir=out | app=system |
"{18CAAEDE-B163-42D4-8191-53A5B3AC43A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18FD288C-F231-435C-B32E-B75FD09691B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{1A650A7A-EEDB-4DC9-A852-4A177FC703C7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22FBF68A-ACB2-4AAD-89BB-DC37757FEDDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C9827D5-54DF-444D-AD76-14770D7D8C0C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{42826F1C-6F97-46B9-9A9F-EC7B900ECF74}" = lport=137 | protocol=17 | dir=in | app=system |
"{44725AFD-574D-4A3C-9300-70398586B003}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{52F1BBCC-9FC1-4218-8CD5-5031792CD649}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E6EA804-6888-4360-83B0-382F0E5F5B7E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{62CED3D0-3547-4026-B4D6-26D42A70CB23}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{75B665F1-984E-4718-9B16-7EDB4EC188D0}" = rport=445 | protocol=6 | dir=out | app=system |
"{7612C115-51B4-4AF1-96E9-FA046BDCA121}" = lport=138 | protocol=17 | dir=in | app=system |
"{77334FC4-9F32-49B2-842D-61DAE06A2FDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88883800-23CA-4732-9AB3-E5A065EEDD61}" = rport=2869 | protocol=6 | dir=out | app=system |
"{947362BD-2D49-43FD-A921-3CF364EDB386}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A0F036A1-7F50-4757-8E69-3A938AFD4E82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A28054FE-A3E6-4E24-8D46-073685E58412}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A2D58611-7ACF-42DD-8495-C721A4D1FDBD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A35D2D13-A785-43F1-95BD-1BAD4827CF57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC2B519E-95B6-4F1B-A88B-06971DB22331}" = lport=445 | protocol=6 | dir=in | app=system |
"{AFB73EE2-3E57-4378-8999-7B5B15B77140}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B0FC6DEE-8CB3-4E72-8A92-52921F120B76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9575711-A832-4DAF-850A-271A28966695}" = rport=138 | protocol=17 | dir=out | app=system |
"{BD2760C6-A831-4AC2-8E52-0C778A8C9C7B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1FCD64B-61B1-46AF-8AFB-D19725F89C4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C83389F8-5AC0-441B-8267-9580BDCF61E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C9D4213A-9B26-4BB7-8664-CD60E8A70021}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB2A3C92-1E5F-46B1-B4CA-58860DEC4060}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DB339CEE-E8B3-47A7-AFA7-DB822C147A6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DC277E6F-915D-422F-B9BA-F4B5389A1D47}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDC55461-7C23-40F2-8168-B5909B8ACE8B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8A985CB-A3F5-43F0-8CFA-769BB27101DB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E9853F00-0234-48AC-A746-C15CE4BDE55D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3E84D0A-FE63-4C07-A65C-BCB565AAE3EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4C5F265-A931-4414-A53C-868EF8D9A56F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7DC4721-0FFF-4461-A160-50C7249A4535}" = rport=139 | protocol=6 | dir=out | app=system |
"{F9F10FF0-0500-4E93-90A3-3E91446D6E8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03895FC3-06C6-4003-8BC4-7B7D81CAFB48}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{11B0B25B-5403-42C5-B7E9-DA1EE510A6E6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{15851655-313E-48BE-B870-94690A9227FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17C875FC-0682-4C2B-B18E-BE607C5ABD6F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{440326BD-A54A-4C73-8B10-F026F8F077C8}" = protocol=6 | dir=out | app=system |
"{608CBA4E-5C34-407C-8ECE-178451E00379}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{72142363-662F-4553-B4EC-5B8F437380FC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{77B995CE-08EE-4651-A398-878036FAE181}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{83EE9C15-D861-4248-8AD0-0F80B3FA27B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{84952A57-4AE3-4753-9C08-53130717D326}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A77D9CA-FE8D-4D6F-80CC-8BCE44A845F1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8CD60C77-8247-4CDC-B083-A9BC873EB81F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8E45A903-965E-41DF-9DD6-7E70EE77A19C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{90948412-4738-4595-AA05-C927FAD3711B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{973901FA-6087-47F3-87E0-9926C3139891}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{98397D2D-E3D6-4C04-B4F1-3F3819A3260B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9AB98CD9-C551-4ED8-B47A-2B2701576855}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A26A70C8-8917-43DB-BD20-7335595B219D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A75E2539-A834-484E-8A50-F054CEF0EB5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8F487FC-CBA7-442F-B939-7F55D69D5156}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B740925F-2EDC-4B9C-9600-1CDB252C6CF2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C9E7E159-0CB3-4ED1-9993-323B9464AD6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBA198EF-B62B-47E4-A184-042D1E8DCABC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF483B3A-7780-4985-BDC0-D05F7E9D813C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D019C53D-0B8F-4EBA-9229-EDA549F3787B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E40C3956-A552-4755-A1BB-994BEB27AE27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E44AF022-6D8C-4BF5-99F0-3E77FE927D4C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EB2BC4E0-8CED-4A65-829E-95C23972EF0B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB518AB9-CAD5-4047-BA21-3BA9F1C94AD6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F1460D3B-EFA7-4B2B-9760-AAC2EC8A11F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F97FAC16-9C46-42FE-962B-C6B89FCC5F18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FDA046E1-E2AE-44AE-9EA2-EF1649E5D37B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{096F933E-5CAF-4C4A-B0BB-4D9C1953B16A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{2B7BC090-98D8-4E81-A62A-626D4A952855}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{4C87EB22-A8ED-497F-AA7F-ED4FC17DBDED}C:\program files (x86)\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\age of empires 2\age2_x1\age2_x1.exe |
"TCP Query User{5B6A0386-32C3-43CD-AFD1-1FE4497AB58B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{8D8AB52A-7909-41AE-A74A-63D7D29746CC}C:\program files (x86)\flashfxp\flashfxp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashfxp\flashfxp.exe |
"TCP Query User{C03B30CE-DD99-4658-9A64-7FC7C671E9B1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{F6EDB7EB-D60B-475D-8495-CC53446CC04C}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{FC73FA0C-D93E-4D40-AB34-C8A0E7F7771D}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{129FD362-0636-4DAD-9459-C6C275EDF533}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{233CF28D-B8FD-465B-90A9-4D12A427999A}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{2DEAB494-0FBE-4CE1-84F5-B360044251ED}C:\program files (x86)\flashfxp\flashfxp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashfxp\flashfxp.exe |
"UDP Query User{4E56A6B6-6A41-4EEA-B060-EBBBB96BDB06}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{7B6F710D-A835-4A84-8F06-7869A7D8FE32}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{B1553F09-B471-4971-8C5A-3FD51341018A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{C8675CE5-6F15-43A9-BFE1-3BB0940961FD}C:\program files (x86)\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\age of empires 2\age2_x1\age2_x1.exe |
"UDP Query User{E99B18E3-EAAC-40DA-91F0-E1BA6FD23F3B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA64B79-30A1-F52E-D801-B07CF05FFFAF}" = ccc-utility64
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}" = ATI Catalyst Install Manager
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{016095EE-5BB3-791C-A558-06412FF78691}" = CCC Help Russian
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CEC2F82-AEB2-4C4B-B450-62C6CEF159FE}_is1" = Age of Empires 2 & The Conquerors v1.1 Userpatch AiO version 0.2
"{10F4A085-EA81-594B-C0B8-ADF013D26B8E}" = CCC Help Turkish
"{14EC371D-145C-9AC3-B3A8-EA90C6B0325E}" = PX Profile Update
"{1942E836-414C-4414-672B-93FCC8CC18AB}" = CCC Help Danish
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{284AE43C-30E4-B57E-A234-05496D05AB68}" = Catalyst Control Center Graphics Previews Vista
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{32354BAB-8BAE-7189-6E3F-922D47292D3D}" = CCC Help Czech
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{5735A865-CD31-5788-DA38-AAB06EAED9F4}" = CCC Help Hungarian
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5901E428-EC91-71EE-BA56-9417E40BE182}" = ccc-core-static
"{60AA5155-39C7-14AA-FB4B-489B1C8DE9A1}" = CCC Help Chinese Traditional
"{62D1C755-74C9-4BA0-841B-B7D795DEA9C7}" = Video Web Camera
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72449E65-4852-2FD9-F603-D77E39DD3CF6}" = CCC Help Finnish
"{7703542C-3842-C5EE-2452-B006F441A162}" = CCC Help Polish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F529418-344D-3792-F7B6-04EB805F5931}" = CCC Help English
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91F29ED6-6C82-F83D-BF8D-3E67D18E7249}" = Catalyst Control Center Localization All
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{990EEE1A-4D64-16AF-A944-AD97AE080D26}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A98031B-0A1A-AFDC-87F4-AAFDC1E97B7D}" = CCC Help Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.8.974
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEAA9D8A-A347-0FC4-5CAF-D9F2236FCF49}" = CCC Help French
"{AEB43F42-8F9D-DBD8-0B11-941CC27C174A}" = CCC Help Norwegian
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2EE73BE-CD73-6EC9-A5A0-0E080A60A00E}" = CCC Help Chinese Standard
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCF4223-BC7B-110C-4E19-5FF025721C4B}" = CCC Help Spanish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17D581A-6949-6A53-7A18-E80C6BDCC800}" = CCC Help Italian
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96D1A04-B0B4-0788-D70F-0A9BB9C503BD}" = CCC Help Korean
"{EB5E21BC-AC56-A45D-5593-A1C55A380677}" = CCC Help Swedish
"{ECEDC447-3EED-6F90-CB39-0A49BD2D63DE}" = CCC Help Thai
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{EF45FBBD-3CE8-698B-AC44-C693468F53D3}" = CCC Help Greek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47BEA79-07F3-5602-76B4-B9B9042269A1}" = Catalyst Control Center InstallProxy
"{F73D3B6A-4E5F-E93D-C7C3-65DE80BEE0E7}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9D7691A-E3CD-EF15-DE38-EDF0BB1E345F}" = CCC Help Japanese
"{FAE5B434-5222-4C81-BEEE-74A380D1EA6C}" = Badoo Desktop
"1489-3350-5074-6281" = JDownloader 0.9
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"bwin Poker JPC_is1" = bwin Poker JPC 1.0.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"Freelancer 1.0" = Freelancer
"Identity Card" = Identity Card
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.09.2012 01:51:54 | Computer Name = KINGYB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.09.2012 01:51:54 | Computer Name = KINGYB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3089
 
Error - 04.09.2012 01:51:54 | Computer Name = KINGYB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3089
 
Error - 04.09.2012 03:35:16 | Computer Name = KINGYB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.09.2012 03:35:16 | Computer Name = KINGYB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6204847
 
Error - 04.09.2012 03:35:16 | Computer Name = KINGYB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6204847
 
Error - 04.09.2012 03:35:21 | Computer Name = kingyb-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 04.09.2012 05:14:07 | Computer Name = KINGYB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.09.2012 05:14:07 | Computer Name = KINGYB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 04.09.2012 05:14:07 | Computer Name = KINGYB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
[ Media Center Events ]
Error - 05.09.2011 16:25:04 | Computer Name = kingyb-PC | Source = MCUpdate | ID = 0
Description = 22:25:04 - Fehler beim Herstellen der Internetverbindung.  22:25:04
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.09.2011 17:40:33 | Computer Name = kingyb-PC | Source = MCUpdate | ID = 0
Description = 23:40:33 - Fehler beim Herstellen der Internetverbindung.  23:40:33
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.09.2011 02:03:11 | Computer Name = kingyb-PC | Source = MCUpdate | ID = 0
Description = 08:03:11 - Fehler beim Herstellen der Internetverbindung.  08:03:11
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 06.09.2011 22:29:46 | Computer Name = kingyb-PC | Source = MCUpdate | ID = 0
Description = 04:29:46 - Fehler beim Herstellen der Internetverbindung.  04:29:46
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 08.09.2011 17:49:50 | Computer Name = kingyb-PC | Source = MCUpdate | ID = 0
Description = 23:49:50 - Fehler beim Herstellen der Internetverbindung.  23:49:50
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 08.09.2011 20:40:55 | Computer Name = kingyb-PC | Source = MCUpdate | ID = 0
Description = 02:40:55 - Fehler beim Herstellen der Internetverbindung.  02:40:55
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 10.09.2011 01:06:30 | Computer Name = kingyb-PC | Source = MCUpdate | ID = 0
Description = 07:06:30 - Fehler beim Herstellen der Internetverbindung.  07:06:30
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 10.09.2011 22:29:50 | Computer Name = kingyb-PC | Source = MCUpdate | ID = 0
Description = 04:29:50 - Fehler beim Herstellen der Internetverbindung.  04:29:50
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 24.09.2011 02:40:05 | Computer Name = kingyb-PC | Source = MCUpdate | ID = 0
Description = 08:40:05 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com') 
 
Error - 29.10.2011 18:56:13 | Computer Name = kingyb-PC | Source = MCUpdate | ID = 0
Description = 00:56:13 - Directory konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten) 
 
[ System Events ]
Error - 03.09.2012 19:24:58 | Computer Name = kingyb-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?09.?2012 um 01:24:00 unerwartet heruntergefahren.
 
Error - 03.09.2012 19:24:50 | Computer Name = kingyb-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\FNETDEVI.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 03.09.2012 19:26:20 | Computer Name = kingyb-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  FNETDEVI
 
Error - 03.09.2012 19:26:41 | Computer Name = kingyb-PC | Source = ipnathlp | ID = 34001
Description =
 
Error - 03.09.2012 19:26:41 | Computer Name = kingyb-PC | Source = ipnathlp | ID = 30013
Description =
 
Error - 03.09.2012 19:32:00 | Computer Name = kingyb-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
Error - 04.09.2012 01:18:19 | Computer Name = kingyb-PC | Source = DCOM | ID = 10010
Description =
 
Error - 04.09.2012 01:29:25 | Computer Name = kingyb-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
Error - 04.09.2012 05:35:55 | Computer Name = kingyb-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 04.09.2012 07:09:56 | Computer Name = kingyb-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
 
< End of report >
--- --- ---



OTL.TXT


OTL Logfile:
Code:
OTL logfile created on: 04.09.2012 13:21:00 - Run 1
OTL by OldTimer - Version 3.2.60.0    Folder = C:\Users\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 63,49% Memory free
7,08 Gb Paging File | 5,28 Gb Available in Paging File | 74,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 2,91 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
 
Computer Name:  | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.04 13:15:05 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\kingyb\Downloads\OTL.exe
PRC - [2012.08.29 23:37:01 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.15 00:44:10 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012.08.08 21:48:29 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.07.09 13:43:22 | 001,061,008 | ---- | M] (Badoo) -- C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
PRC - [2012.05.08 19:31:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:31:12 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.08 19:31:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2010.06.22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.06.22 08:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.22 08:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.03 08:19:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.02.03 08:19:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.29 23:37:00 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.08.15 00:44:10 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012.06.15 10:17:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 10:17:52 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.12 10:21:49 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll
MOD - [2012.05.12 01:39:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 01:39:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 01:39:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 01:39:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 01:39:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 01:38:56 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009.01.01 11:14:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.05.27 06:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.08.29 23:37:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.15 00:44:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.05.08 19:31:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:31:12 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.08 19:31:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.07.26 04:17:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.02.03 08:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.02.03 08:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 19:31:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:31:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011.11.29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011.11.24 23:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011.11.24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011.10.26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.25 17:54:34 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.06.10 06:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.06.08 13:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010.05.27 07:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.27 06:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.05 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.22 11:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.27 04:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011.05.04 19:34:39 | 000,019,572 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FNETDEVI.SYS -- (FNETDEVI)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme732g&r=273604114706l0413z185r47j1t218
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme732g&r=273604114706l0413z185r47j1t218
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme732g&r=273604114706l0413z185r47j1t218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme732g&r=273604114706l0413z185r47j1t218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme732g&r=273604114706l0413z185r47j1t218
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=102869&gct=hp
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE429
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE429
IE - HKCU\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
IE - HKCU\..\SearchScopes\{B96040EF-CBF0-428D-803C-30E9A1D188D3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=6d54bdbc-1b32-4340-81c9-a5d546d64ae8&apn_sauid=ADB27876-EEF0-4B41-B4E5-2888E54F2803
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll (Vitzo)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files (x86)\VDownloader\Addons\FireFox [2012.01.14 19:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.29 23:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.01 12:35:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.29 23:37:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.01 12:35:26 | 000,000,000 | ---D | M]
 
[2011.04.30 19:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kingyb\AppData\Roaming\mozilla\Extensions
[2012.05.06 21:20:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kingyb\AppData\Roaming\mozilla\Firefox\Profiles\dj2eblow.default\extensions
[2011.12.21 23:33:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\kingyb\AppData\Roaming\mozilla\Firefox\Profiles\dj2eblow.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.09 10:05:16 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\kingyb\AppData\Roaming\mozilla\Firefox\Profiles\dj2eblow.default\extensions\toolbar@ask.com
[2011.08.31 18:02:51 | 000,002,400 | ---- | M] () -- C:\Users\kingyb\AppData\Roaming\Mozilla\Firefox\Profiles\dj2eblow.default\searchplugins\askcom.xml
[2011.07.20 19:36:49 | 000,002,023 | ---- | M] () -- C:\Users\kingyb\AppData\Roaming\Mozilla\Firefox\Profiles\dj2eblow.default\searchplugins\badoo.xml
[2012.07.01 12:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.07.01 12:35:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.29 23:37:01 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.19 10:11:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 23:37:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 10:11:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 10:11:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 10:11:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 10:11:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe (Badoo)
O4 - Startup: C:\Users\kingyb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VDownloader.lnk = C:\Program Files (x86)\VDownloader\VDownloader.exe (Vitzo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\kingyb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\kingyb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC70AA39-B096-4A09-B7A9-0C4CA7614530}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAE6364B-2EEE-48CD-9479-3E2AE8299399}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.04 01:09:11 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{0B1F9427-0769-4232-9A8D-F0A850D4C297}
[2012.09.03 10:41:53 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{9C3DC78A-1028-4F02-9D72-F910D9FCC2D6}
[2012.09.02 18:57:07 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{9BD5D80D-BB79-4D36-87A3-D6265E2C81DB}
[2012.09.01 19:58:20 | 000,000,000 | ---D | C] -- C:\Users\kingyb\Desktop\Neuer Ordner
[2012.09.01 17:55:39 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{05793FB1-058A-4D10-9C74-72DD7D82D86D}
[2012.08.31 16:56:27 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{F5D55741-3175-4979-914E-0344F0068BF8}
[2012.08.30 07:32:19 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{7B8374C7-7F79-4BC7-B98A-6FBD26DEAC7C}
[2012.08.29 10:35:58 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{CC32F6B8-A9AA-4BF4-B279-04CA99E0A1EE}
[2012.08.28 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{8B66542F-CF5C-4890-B2B5-8CF28590028C}
[2012.08.27 20:13:51 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{D3E5CD43-11C8-443F-BF34-9E32E045277B}
[2012.08.25 21:32:11 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{340E0F49-84E1-4D3C-BC95-61CBCE36D242}
[2012.08.25 08:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.08.24 19:15:52 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{C936CAE5-68F1-4D2D-8AAC-4F3D2EF9321C}
[2012.08.24 07:04:22 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{41DF711E-A453-45BE-A9FD-73A07563AA74}
[2012.08.23 20:55:35 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\adaware
[2012.08.23 20:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.08.23 20:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.08.23 20:55:28 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012.08.23 20:55:27 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012.08.23 20:55:27 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.08.23 20:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.08.23 20:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012.08.23 20:55:16 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\Downloaded Installations
[2012.08.23 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Roaming\Ad-Aware Antivirus
[2012.08.23 17:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.08.23 17:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.08.23 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.08.23 17:01:34 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{DE3C4C0B-D42C-4594-8EB0-F5F43A3D9E52}
[2012.08.22 14:26:10 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{5C3A1B78-58D3-4F0C-8072-AA78A791DB59}
[2012.08.21 15:24:16 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{11DFCAF6-7333-4D7A-BF36-59348CA95B0A}
[2012.08.20 09:27:50 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{800F39FD-AC98-4428-9212-B37F174DFCEC}
[2012.08.19 09:16:13 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{49F31C1A-06D5-4F62-A317-F82FC7BA01F9}
[2012.08.17 12:09:00 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{3682CD1C-ADEA-452B-9F71-28EA7E4B2703}
[2012.08.17 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{79C8B22B-3041-4A6A-9AE4-337147456EA2}
[2012.08.16 15:48:27 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{C98A33F5-A86E-42D2-BCE6-2EAC3113E941}
[2012.08.16 15:48:16 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{86CD96EE-D50C-44AC-A082-4620219923B4}
[2012.08.15 13:29:51 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{D85D0BA5-9678-4E83-A60D-D7304996D85B}
[2012.08.15 13:28:46 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{DBE29C69-19AE-4DAC-8A4F-F9E54223256D}
[2012.08.14 06:45:34 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{351B50DD-E12B-46C4-BBFF-42C4F6FBF8FC}
[2012.08.14 06:42:49 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{CB0CF70D-B901-424F-BAFE-CB6E7674EA62}
[2012.08.13 14:56:35 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{42872216-8602-4141-A03A-49E044819686}
[2012.08.11 16:47:36 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{8C1725A6-41FF-4600-B338-ED879277A4C1}
[2012.08.11 16:46:39 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{CB3F8FE1-4376-48B8-A81F-6921578B89B6}
[2012.08.11 10:30:01 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{6E6DE049-B880-4F52-9BB1-B3F23EB362EB}
[2012.08.10 17:09:30 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{A68F6717-501B-42A9-8342-B0E78F91F128}
[2012.08.10 17:09:19 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{4430932A-4B45-41F7-B208-97C9379CCA8C}
[2012.08.09 06:30:05 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{A38AA295-BC58-469F-B711-95951508D280}
[2012.08.09 06:29:53 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{66BA6331-8E18-4F63-855A-2DEE678451D8}
[2012.08.08 15:15:32 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{9C9DD9D0-AE2F-458B-977F-DF7E284C5A90}
[2012.08.08 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{1E6BA99B-8116-4262-B672-078D7EEC18C8}
[2012.08.07 17:33:20 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{5CD3D46E-47C3-4552-A8D2-037738F13D12}
[2012.08.07 07:27:17 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{4A55BDFB-D327-4E84-A4BB-A36409AEFEB4}
[2012.08.06 15:32:09 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{D5921988-9B3A-4247-9DAC-2C56708DD4AE}
[2012.08.06 15:31:58 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{1464115C-3B2A-4BAF-96CF-AFB03569E33A}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.04 13:14:06 | 000,000,168 | ---- | M] () -- C:\Users\kingyb\defogger_reenable
[2012.09.04 13:06:46 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.04 12:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.04 11:35:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 10:06:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.04 01:34:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 01:34:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 01:25:45 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.09.04 01:24:50 | 3113,336,832 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.02 12:00:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012.08.31 07:14:22 | 000,002,452 | ---- | M] () -- C:\Windows\SysWow64\APConfig.xml
[2012.08.31 07:14:22 | 000,001,738 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012.08.26 13:34:32 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012.08.23 17:27:38 | 000,000,124 | ---- | M] () -- C:\Windows\wininit.ini
[2012.08.23 17:11:45 | 000,001,227 | ---- | M] () -- C:\Users\kingyb\Desktop\Spybot - Search & Destroy.lnk
[2012.08.18 00:17:07 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.18 00:17:07 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.18 00:17:07 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.18 00:17:07 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.18 00:17:07 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.16 15:41:22 | 000,283,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.04 13:14:06 | 000,000,168 | ---- | C] () -- C:\Users\kingyb\defogger_reenable
[2012.09.02 12:00:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012.08.31 07:14:22 | 000,002,452 | ---- | C] () -- C:\Windows\SysWow64\APConfig.xml
[2012.08.31 07:14:22 | 000,001,738 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012.08.26 13:34:32 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012.08.23 20:55:29 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.08.23 17:27:38 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini
[2012.08.23 17:11:45 | 000,001,227 | ---- | C] () -- C:\Users\kingyb\Desktop\Spybot - Search & Destroy.lnk
[2012.01.14 19:03:29 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2012.01.02 20:10:02 | 001,527,692 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.02 12:31:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.30 19:32:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== LOP Check ==========
 
[2012.08.23 23:17:41 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\Ad-Aware Antivirus
[2012.07.21 07:24:02 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\Camfrog
[2011.09.25 17:56:22 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\DAEMON Tools Lite
[2011.06.03 21:40:46 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\DAEMON Tools Pro
[2011.12.21 23:33:11 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\DVDVideoSoft
[2011.12.21 23:33:03 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.30 20:13:30 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\FlashFXP
[2011.09.05 16:21:26 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\FloodLightGames
[2011.08.14 16:06:58 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\Liteon
[2012.08.18 11:46:07 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\ManyCam
[2012.01.03 10:58:15 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\SoftGrid Client
[2012.01.02 20:10:58 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\TP
[2012.01.16 20:31:55 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\VDownloader
[2012.06.28 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\Windows Live Writer
[2012.07.10 19:44:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---



bitte um eure hilfe

t'john 04.09.2012 20:54
:hallo:

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=102869&gct=hp
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE429
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE429
IE - HKCU\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://badoo.com/startpage/?source=bsb&q={searchTerms}
IE - HKCU\..\SearchScopes\{B96040EF-CBF0-428D-803C-30E9A1D188D3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=6d54bdbc-1b32-4340-81c9-a5d546d64ae8&apn_sauid=ADB27876-EEF0-4B41-B4E5-2888E54F2803
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - Startup: C:\Users\kingyb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VDownloader.lnk = C:\Program Files (x86)\VDownloader\VDownloader.exe (Vitzo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1

[2011.11.09 10:05:16 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\kingyb\AppData\Roaming\mozilla\Firefox\Profiles\dj2eblow.default\extensions\toolbar@ask.com
[2011.08.31 18:02:51 | 000,002,400 | ---- | M] () -- C:\Users\kingyb\AppData\Roaming\Mozilla\Firefox\Profiles\dj2eblow.default\searchplugins\askcom.xml
[2011.07.20 19:36:49 | 000,002,023 | ---- | M] () -- C:\Users\kingyb\AppData\Roaming\Mozilla\Firefox\Profiles\dj2eblow.default\searchplugins\badoo.xml
[2012.06.19 10:11:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.19 10:11:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 10:11:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 10:11:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 10:11:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

[2012.01.02 20:10:58 | 000,000,000 | ---D | M] -- C:\Users\kingyb\AppData\Roaming\TP
[2011.05.02 12:31:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
:Files

C:\Users\\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\\AppData\Local\Temp\*.exe
C:\Users\\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

cigar 05.09.2012 08:07
morgen t john erstmal vielen dank für deine antwort und mühe

habe folgendes problem

bei OTL habe ich jetzt nach dem öffnen unten in das feld bei benutzer definiertes scans und fixes folgendes eingefügt:

Zitat:
C:\Users\kingyb\AppData\Roaming\Mozilla\Firefox\Profiles\dj2eblow.default\searchplugins\askcom.xml

und als log datei wird das hier bei mir angezeigt

Error: Unable to interpret <C:\Users\kingyb\AppData\Roaming\Mozilla\Firefox\Profiles\dj2eblow.default\searchplugins\askcom.xml> in the current context!

OTL by OldTimer - Version 3.2.60.0 log created on 09052012_090622

ist das den so korrekt ???

t'john 06.09.2012 00:37
Achte darauf, dass du den Fix richtig und vollstaendig kopierst.
Der Fix faengt mit :OTL an!

cigar 06.09.2012 11:32
also MALWAREBYTES geht nicht es bleibt wiedermal hängen ( keine RÜCKMELDUNG) OTL geht jetzt auch einmal auch nicht ... ich werde laptop nochmal runterfahren und hochfahren und OTL und MALWAREBytes erneut versuchen


ADWcleaner hat funktioniert hier die LOGS


ADWCLEANER

Zitat:
# AdwCleaner v2.000 - Datei am 09/06/2012 um 12:27:44 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : kingyb - KINGYB-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\kingyb\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\kingyb\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\kingyb\AppData\LocalLow\facemoods.com
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\kingyb\AppData\Roaming\Mozilla\Firefox\Profiles\dj2eblow.default\prefs.js

Gefunden : user_pref("extensions.asktb.AviraIDW-TS", "1319741876185");
Gefunden : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gefunden : user_pref("extensions.asktb.cbid", "JM");
Gefunden : user_pref("extensions.asktb.config-updated", false);
Gefunden : user_pref("extensions.asktb.crumb", "2011.10.23+10.03.22-toolbar005iad-DE-Q29sb2duZSxHZXJtYW55");
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gefunden : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.guid", "9548c222-0222-4d78-9999-8268031d0adc");
Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gefunden : user_pref("extensions.asktb.if", "first");
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1320857720506");
Gefunden : user_pref("extensions.asktb.last-v", "3.12.5.100006");
Gefunden : user_pref("extensions.asktb.locale", "de_DE");
Gefunden : user_pref("extensions.asktb.location", "Cologne,Germany");
Gefunden : user_pref("extensions.asktb.notification-shown", true);
Gefunden : user_pref("extensions.asktb.o", "100000080");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "2");
Gefunden : user_pref("extensions.asktb.sa", "NO");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gefunden : user_pref("extensions.asktb.themeid", "");
Gefunden : user_pref("extensions.asktb.to", "");
Gefunden : user_pref("extensions.facemoods._xpiupdate", true);
Gefunden : user_pref("extensions.facemoods.aflt", "_#wbst");
Gefunden : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Gefunden : user_pref("extensions.facemoods.firstRun", false);
Gefunden : user_pref("extensions.facemoods.first_time", false);
Gefunden : user_pref("extensions.facemoods.id", "_#e294063920da4ae3bf9e4948b84dd19d");
Gefunden : user_pref("extensions.facemoods.instlDay", "_#15239");
Gefunden : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Gefunden : user_pref("extensions.facemoods.sid", "_#e294063920da4ae3bf9e4948b84dd19d");
Gefunden : user_pref("extensions.facemoods.update", "_#v1.4.0");
Gefunden : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\kingyb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [7151 octets] - [06/09/2012 12:27:46]

########## EOF - C:\AdwCleaner[R1].txt - [7211 octets] ##########
otl hat nach neu hoch fahren funktioniert aber währen dem scan immer ab und zu keine rückmeldung ...



OTL Logfile:
Code:
OTL logfile created on: 06.09.2012 13:00:01 - Run 3
OTL by OldTimer - Version 3.2.60.0    Folder = C:\Users\kingyb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 64,56% Memory free
7,73 Gb Paging File | 6,13 Gb Available in Paging File | 79,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 5,34 Gb Free Space | 1,18% Space Free | Partition Type: NTFS
 
Computer Name: KINGYB-PC | User Name: kingyb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.04 13:15:05 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\kingyb\Desktop\OTL.exe
PRC - [2012.08.08 21:48:29 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.07.12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.08 19:31:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:31:12 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.08 19:31:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.06.22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.06.22 08:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.22 08:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.03 08:19:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.02.03 08:19:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 10:17:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 10:17:52 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.12 10:21:49 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll
MOD - [2012.05.12 01:39:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 01:39:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 01:39:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 01:39:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 01:39:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 01:38:56 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009.01.01 11:14:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.05.27 06:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.08.29 23:37:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.15 00:44:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 19:31:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:31:12 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.08 19:31:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.07.26 04:17:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.02.03 08:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.02.03 08:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 19:31:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:31:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011.11.29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011.11.24 23:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011.11.24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011.10.26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.06.10 06:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.06.08 13:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010.05.27 07:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.27 06:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.05 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.22 11:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.27 04:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011.05.04 19:34:39 | 000,019,572 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FNETDEVI.SYS -- (FNETDEVI)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme732g&r=273604114706l0413z185r47j1t218
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme732g&r=273604114706l0413z185r47j1t218
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme732g&r=273604114706l0413z185r47j1t218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme732g&r=273604114706l0413z185r47j1t218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme732g&r=273604114706l0413z185r47j1t218
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files (x86)\VDownloader\Addons\FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.29 23:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.01 12:35:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.29 23:37:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.01 12:35:26 | 000,000,000 | ---D | M]
 
[2011.04.30 19:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kingyb\AppData\Roaming\mozilla\Extensions
[2012.09.05 17:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kingyb\AppData\Roaming\mozilla\Firefox\Profiles\dj2eblow.default\extensions
[2011.12.21 23:33:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\kingyb\AppData\Roaming\mozilla\Firefox\Profiles\dj2eblow.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.04 21:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.08.29 23:37:01 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.08.29 23:37:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe (Badoo)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\kingyb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\kingyb\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC70AA39-B096-4A09-B7A9-0C4CA7614530}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAE6364B-2EEE-48CD-9479-3E2AE8299399}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.06 12:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.06 12:03:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.06 12:02:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.06 11:59:53 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\kingyb\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.06 10:00:18 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{A2F5E591-9B49-4EB4-A954-83195DBB2190}
[2012.09.05 18:07:59 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{AEC8F5D8-9F07-45CF-A436-EE34C1A27F60}
[2012.09.04 21:13:40 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{3B71D1FD-8227-431A-87CB-BEDBACCA47F9}
[2012.09.04 18:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.09.04 18:12:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.04 16:26:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.04 13:15:05 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\kingyb\Desktop\OTL.exe
[2012.09.04 01:09:11 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{0B1F9427-0769-4232-9A8D-F0A850D4C297}
[2012.09.03 10:41:53 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{9C3DC78A-1028-4F02-9D72-F910D9FCC2D6}
[2012.09.02 18:57:07 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{9BD5D80D-BB79-4D36-87A3-D6265E2C81DB}
[2012.09.01 19:58:20 | 000,000,000 | ---D | C] -- C:\Users\kingyb\Desktop\Neuer Ordner
[2012.09.01 17:55:39 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{05793FB1-058A-4D10-9C74-72DD7D82D86D}
[2012.08.31 16:56:27 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{F5D55741-3175-4979-914E-0344F0068BF8}
[2012.08.30 07:32:19 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{7B8374C7-7F79-4BC7-B98A-6FBD26DEAC7C}
[2012.08.29 10:35:58 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{CC32F6B8-A9AA-4BF4-B279-04CA99E0A1EE}
[2012.08.28 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{8B66542F-CF5C-4890-B2B5-8CF28590028C}
[2012.08.27 20:13:51 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{D3E5CD43-11C8-443F-BF34-9E32E045277B}
[2012.08.25 21:32:11 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{340E0F49-84E1-4D3C-BC95-61CBCE36D242}
[2012.08.25 08:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.08.24 19:15:52 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{C936CAE5-68F1-4D2D-8AAC-4F3D2EF9321C}
[2012.08.24 07:04:22 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{41DF711E-A453-45BE-A9FD-73A07563AA74}
[2012.08.23 20:55:35 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\adaware
[2012.08.23 20:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.08.23 20:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.08.23 20:55:28 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012.08.23 20:55:27 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012.08.23 20:55:27 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.08.23 20:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.08.23 20:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012.08.23 20:55:16 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\Downloaded Installations
[2012.08.23 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Roaming\Ad-Aware Antivirus
[2012.08.23 17:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.08.23 17:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.08.23 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.08.23 17:01:34 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{DE3C4C0B-D42C-4594-8EB0-F5F43A3D9E52}
[2012.08.22 14:26:10 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{5C3A1B78-58D3-4F0C-8072-AA78A791DB59}
[2012.08.21 15:24:16 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{11DFCAF6-7333-4D7A-BF36-59348CA95B0A}
[2012.08.20 09:27:50 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{800F39FD-AC98-4428-9212-B37F174DFCEC}
[2012.08.19 09:16:13 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{49F31C1A-06D5-4F62-A317-F82FC7BA01F9}
[2012.08.17 12:09:00 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{3682CD1C-ADEA-452B-9F71-28EA7E4B2703}
[2012.08.17 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{79C8B22B-3041-4A6A-9AE4-337147456EA2}
[2012.08.16 15:48:27 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{C98A33F5-A86E-42D2-BCE6-2EAC3113E941}
[2012.08.16 15:48:16 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{86CD96EE-D50C-44AC-A082-4620219923B4}
[2012.08.15 21:03:32 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 21:03:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 21:03:30 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 21:03:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 21:03:29 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 21:03:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 21:03:29 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.15 21:03:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 21:03:27 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 21:03:27 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 21:03:25 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 21:03:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 21:03:23 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 21:03:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 21:03:13 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.15 21:03:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 21:03:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 21:03:09 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.15 13:29:51 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{D85D0BA5-9678-4E83-A60D-D7304996D85B}
[2012.08.15 13:28:46 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{DBE29C69-19AE-4DAC-8A4F-F9E54223256D}
[2012.08.14 06:45:34 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{351B50DD-E12B-46C4-BBFF-42C4F6FBF8FC}
[2012.08.14 06:42:49 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{CB0CF70D-B901-424F-BAFE-CB6E7674EA62}
[2012.08.13 14:56:35 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{42872216-8602-4141-A03A-49E044819686}
[2012.08.11 16:47:36 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{8C1725A6-41FF-4600-B338-ED879277A4C1}
[2012.08.11 16:46:39 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{CB3F8FE1-4376-48B8-A81F-6921578B89B6}
[2012.08.11 10:30:01 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{6E6DE049-B880-4F52-9BB1-B3F23EB362EB}
[2012.08.10 17:09:30 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{A68F6717-501B-42A9-8342-B0E78F91F128}
[2012.08.10 17:09:19 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{4430932A-4B45-41F7-B208-97C9379CCA8C}
[2012.08.09 06:30:05 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{A38AA295-BC58-469F-B711-95951508D280}
[2012.08.09 06:29:53 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{66BA6331-8E18-4F63-855A-2DEE678451D8}
[2012.08.08 15:15:32 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{9C9DD9D0-AE2F-458B-977F-DF7E284C5A90}
[2012.08.08 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{1E6BA99B-8116-4262-B672-078D7EEC18C8}
[2012.08.07 17:33:20 | 000,000,000 | ---D | C] -- C:\Users\kingyb\AppData\Local\{5CD3D46E-47C3-4552-A8D2-037738F13D12}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.06 13:06:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.06 13:01:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 13:01:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 12:53:54 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.09.06 12:53:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.06 12:53:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.06 12:53:08 | 3113,336,832 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.06 12:25:25 | 000,511,265 | ---- | M] () -- C:\Users\kingyb\Desktop\adwcleaner.exe
[2012.09.06 12:03:44 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.06 12:00:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\kingyb\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.06 11:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.04 13:15:05 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\kingyb\Desktop\OTL.exe
[2012.09.04 13:14:06 | 000,000,168 | ---- | M] () -- C:\Users\kingyb\defogger_reenable
[2012.08.31 07:14:22 | 000,002,452 | ---- | M] () -- C:\Windows\SysWow64\APConfig.xml
[2012.08.31 07:14:22 | 000,001,738 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012.08.26 13:34:32 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012.08.23 17:27:38 | 000,000,124 | ---- | M] () -- C:\Windows\wininit.ini
[2012.08.23 17:11:45 | 000,001,227 | ---- | M] () -- C:\Users\kingyb\Desktop\Spybot - Search & Destroy.lnk
[2012.08.18 00:17:07 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.18 00:17:07 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.18 00:17:07 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.18 00:17:07 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.18 00:17:07 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.16 15:41:22 | 000,283,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 00:44:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 00:44:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.09.06 12:24:41 | 000,511,265 | ---- | C] () -- C:\Users\kingyb\Desktop\adwcleaner.exe
[2012.09.06 12:03:44 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.04 13:14:06 | 000,000,168 | ---- | C] () -- C:\Users\kingyb\defogger_reenable
[2012.08.31 07:14:22 | 000,002,452 | ---- | C] () -- C:\Windows\SysWow64\APConfig.xml
[2012.08.31 07:14:22 | 000,001,738 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012.08.26 13:34:32 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012.08.23 20:55:29 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.08.23 17:27:38 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini
[2012.08.23 17:11:45 | 000,001,227 | ---- | C] () -- C:\Users\kingyb\Desktop\Spybot - Search & Destroy.lnk
[2012.01.02 20:10:02 | 001,527,692 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.30 19:32:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

< End of report >
--- --- ---

t'john 06.09.2012 18:45
DU SOLLST DEN FIX AUSFUEHREN!!!

Was soll das?

BEACHTE DIE ANLEITUNG!
http://www.trojaner-board.de/123469-...tml#post908083

cigar 06.09.2012 18:47
hab ich doch ... das ist der neue log file danach ......

t'john 06.09.2012 19:42
Zitat:
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
Wo ist das Fix-Log?

cigar 07.09.2012 11:03
datum 06.09.2012



Code:
Files\Folders moved on Reboot...
File\Folder C:\Users\kingyb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VDownloader.lnk not found!
File move failed. C:\Users\kingyb\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File\Folder C:\Users\kingyb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\30c6d346-54248a4b not found!
File\Folder C:\Users\kingyb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\30c6d346-54248a4b.idx not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
hi john also hier nochmal der neue file ich glaube das ist es was wir wollten ;)


datum 07.09.2012

Code:
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A244612-A1F7-11E0-95C0-E71F4824019B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B96040EF-CBF0-428D-803C-30E9A1D188D3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B96040EF-CBF0-428D-803C-30E9A1D188D3}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
File move failed. C:\Users\kingyb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VDownloader.lnk scheduled to be moved on reboot.
File C:\Program Files (x86)\VDownloader\VDownloader.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Folder C:\Users\kingyb\AppData\Roaming\mozilla\Firefox\Profiles\dj2eblow.default\extensions\toolbar@ask.com\ not found.
File C:\Users\kingyb\AppData\Roaming\Mozilla\Firefox\Profiles\dj2eblow.default\searchplugins\askcom.xml not found.
File C:\Users\kingyb\AppData\Roaming\Mozilla\Firefox\Profiles\dj2eblow.default\searchplugins\badoo.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml not found.
Folder C:\Users\kingyb\AppData\Roaming\TP\ not found.
File C:\ProgramData\ezsidmv.dat not found.
========== FILES ==========
File\Folder C:\Users\\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Users\kingyb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\kingyb\Desktop\cmd.bat deleted successfully.
C:\Users\kingyb\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.60.0 log created on 09072012_120435

Files\Folders moved on Reboot...
File\Folder C:\Users\kingyb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VDownloader.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john 07.09.2012 15:01
Nein, ich will das Fix-Log vom ersten Durchgang.

cigar 07.09.2012 18:42
hi -- t john

nach dem ich gefixt habe ;) bin ich auf C:\_OTL\MovedFiles\<datum_nummer.log und habe das neueste kopiert und hier eben eingefügt ist dies nicht der fix log ???!!!!!

t'john 08.09.2012 18:46
Ich will das aelteste sehen.

cigar 09.09.2012 12:14
es sind 3 vom 04.09.2012


Code:
Error: Unable to interpret <C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe> in the current context!
 
OTL by OldTimer - Version 3.2.60.0 log created on 09042012_181243

Code:
Error: Unable to interpret <C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe> in the current context!
 
OTL by OldTimer - Version 3.2.60.0 log created on 09042012_181307

Code:
Error: Unable to interpret <TR/Crypt.XPACK.Gen> in the current context!
 
OTL by OldTimer - Version 3.2.60.0 log created on 09042012_181342

t'john 09.09.2012 23:20
Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

t'john 23.02.2013 16:14
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:50 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19