Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Googleproblem --> Tracking999 (https://www.trojaner-board.de/127670-googleproblem-tracking999.html)

donpedrofo 29.11.2012 21:17
Googleproblem --> Tracking999
 
Hallo ich habe seit Gestern 28.11.2012 folgendes Problem

Wenn ich in Goolge was suche und auf dem Suchergebniss auf einen Link klicke, werde ich immer auf eine weiße Seite weitergeleitet wo etwas mit
tracking999.com in der Adressleiste steht.

In Google wird man bei diesem Fehler nur auf verschiedene Anti Spy Ware Programme weitergeleitet und in diesem Forum habe ich erst einen Post gefunden.

Habe alle tools die von euch vorgeschlagen wurde ausprobiert und die .txt files gespeichert.
Ich weis jetzt nur nicht wie ich die ganzen .txt files hochladen soll??

Könntet ihr mir bitte weiter helfen? Danke im vorraus.

cosinus 30.11.2012 15:14
Hallo und :hallo:

Zitat:
Habe alle tools die von euch vorgeschlagen wurde ausprobiert und die .txt files gespeichert.
Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

donpedrofo 30.11.2012 16:57
Hab vorhin Spybod und Ativir über meine Festplatte laufen lassen ohne Befund.


alles klar danke dann post ich hier mal die einzellen CODES

adwcleaner:

Code:
# AdwCleaner v2.009 - Datei am 29/11/2012 um 20:08:09 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Peter Hagedorn - PETERHAGEDORN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Peter Hagedorn\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\AutocompletePro
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Peter Hagedorn\AppData\Local\Ilivid Player

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\TENCENT
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\prefs.js

C:\Users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "2255279500000000000000030da4e330");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15668");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.819:11:25");

*************************

AdwCleaner[R1].txt - [3064 octets] - [29/11/2012 20:07:22]
AdwCleaner[S1].txt - [3105 octets] - [29/11/2012 20:08:09]

########## EOF - C:\AdwCleaner[S1].txt - [3165 octets] ##########

OTL:

OTL EXTRAS Logfile:
Code:
OTL logfile created on: 29.11.2012 20:41:57 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Peter Hagedorn\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,79% Memory free
7,93 Gb Paging File | 6,35 Gb Available in Paging File | 80,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86)
Drive C: | 97,66 Gb Total Space | 40,19 Gb Free Space | 41,16% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 14,54 Gb Free Space | 14,89% Space Free | Partition Type: NTFS
Drive E: | 172,69 Gb Total Space | 78,12 Gb Free Space | 45,24% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 35,87 Gb Free Space | 36,73% Space Free | Partition Type: NTFS
 
Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.29 20:10:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter Hagedorn\Desktop\OTL.exe
PRC - [2012.08.08 16:04:24 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:58:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:58:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- E:\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- E:\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- e:\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.08 20:36:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 16:11:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 19:58:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 19:58:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.09.22 16:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- e:\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.02 11:47:18 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.05.21 03:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.05.21 03:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.05.08 19:58:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:58:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 11:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.01.18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 05:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.01.11 07:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.22 20:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.07.14 12:42:56 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 40 63 3F 6D CA CD 01  [binary data]
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12
FF - prefs.js..extensions.enabledAddons: AX1FMU@w19hh.com:11
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: E:\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: E:\Mozilla Firefox\plugins
 
[2011.11.16 15:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Extensions
[2012.11.27 22:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions
[2012.11.21 15:54:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.27 22:04:58 | 000,003,233 | ---- | M] () (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\firefox\profiles\n3qsqsb5.default\extensions\AX1FMU@w19hh.com.xpi
[2011.11.19 12:58:32 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\firefox\profiles\n3qsqsb5.default\extensions\youtube2mp3@mondayx.de.xpi
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [Intel(R)GraphicsControls] C:\Users\Peter Hagedorn\AppData\Roaming\Intel\Intel(R)GraphicsControls.exe File not found
O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [msconflg] C:\Users\Peter Hagedorn\AppData\Roaming\msconflg.exe File not found
O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [SpybotSD TeaTimer] e:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBD288FE-D362-44E5-BDE3-B673B8EB2E7E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.29 20:10:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Peter Hagedorn\Desktop\OTL.exe
[2012.11.29 18:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.11.25 16:53:21 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\Desktop\Neuer Ordner
[2012.11.24 19:12:54 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Windows Sidebar
[2012.11.24 19:12:40 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\TuneUp Software
[2012.11.24 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.11.24 19:12:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.11.24 19:12:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.11.24 19:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2012.11.13 18:31:02 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\PDAppFlex
[2012.11.13 18:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.11.12 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.11.12 21:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86)
[2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Google
[2012.11.05 17:54:30 | 000,000,000 | ---D | C] -- C:\yParser16_1
[2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.05.09 20:55:05 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.29 20:37:25 | 001,800,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.29 20:37:25 | 000,763,270 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.29 20:37:25 | 000,718,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.29 20:37:25 | 000,173,624 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.29 20:37:25 | 000,146,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.29 20:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.29 20:16:54 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 20:16:54 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 20:10:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter Hagedorn\Desktop\OTL.exe
[2012.11.29 20:09:16 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.29 20:09:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.29 20:09:04 | 3193,618,432 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.29 19:59:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.29 19:54:04 | 000,480,125 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\adwcleaner.exe
[2012.11.29 18:14:20 | 000,000,770 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk
[2012.11.24 19:11:13 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2012.11.24 19:00:29 | 000,000,020 | ---- | M] () -- C:\ProgramData\droidcam-settings
[2012.11.15 19:29:30 | 000,262,122 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg
[2012.11.15 14:28:44 | 004,916,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.04 18:00:21 | 000,000,541 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk
[2012.11.01 18:08:23 | 001,778,032 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2012.11.29 19:54:03 | 000,480,125 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\adwcleaner.exe
[2012.11.29 18:14:20 | 000,000,770 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk
[2012.11.24 18:58:17 | 000,000,020 | ---- | C] () -- C:\ProgramData\droidcam-settings
[2012.11.24 18:57:45 | 000,000,562 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam.lnk
[2012.11.15 19:29:30 | 000,262,122 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg
[2012.11.05 17:54:35 | 002,076,672 | ---- | C] () -- C:\Windows\libmysql.dll
[2012.11.04 18:00:21 | 000,000,541 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk
[2012.10.10 14:38:18 | 000,154,283 | -H-- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\Peter Hagedorn-wchelper.dll
[2012.09.26 16:27:42 | 000,001,536 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe
[2012.08.15 20:22:23 | 000,003,584 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.04 16:06:07 | 000,135,935 | ---- | C] () -- C:\Users\Peter Hagedorn\475740_389447054439980_1180347956_o.jpg
[2012.08.04 16:06:07 | 000,060,954 | ---- | C] () -- C:\Users\Peter Hagedorn\228083_174335632621194_5063792_n.jpg
[2012.08.04 16:06:07 | 000,037,292 | ---- | C] () -- C:\Users\Peter Hagedorn\311782_212727452115345_5678760_n.jpg
[2012.08.04 16:06:07 | 000,032,854 | ---- | C] () -- C:\Users\Peter Hagedorn\555235_397545003630185_814928582_n.jpg
[2012.08.03 22:02:41 | 000,048,236 | ---- | C] () -- C:\Users\Peter Hagedorn\556715_397633903621295_831462772_n.jpg
[2012.08.03 22:02:41 | 000,041,440 | ---- | C] () -- C:\Users\Peter Hagedorn\524484_420877571291805_1147114674_n.jpg
[2012.08.03 22:02:41 | 000,030,823 | ---- | C] () -- C:\Users\Peter Hagedorn\308400_246757268708960_2084032314_n.jpg
[2012.08.03 22:02:41 | 000,024,195 | ---- | C] () -- C:\Users\Peter Hagedorn\373785_424387980945887_289037230_n.jpg
[2012.07.01 21:58:51 | 001,778,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.09 20:55:05 | 000,099,384 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\inst.exe
[2012.05.09 20:55:05 | 000,007,859 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.cat
[2012.05.09 20:55:05 | 000,001,167 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.inf
[2012.05.09 20:44:25 | 000,001,057 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\vso_ts_preview.xml
[2012.01.29 18:23:08 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---



OTL-EXTRA:

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 29.11.2012 20:41:57 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Peter Hagedorn\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,79% Memory free
7,93 Gb Paging File | 6,35 Gb Available in Paging File | 80,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86)
Drive C: | 97,66 Gb Total Space | 40,19 Gb Free Space | 41,16% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 14,54 Gb Free Space | 14,89% Space Free | Partition Type: NTFS
Drive E: | 172,69 Gb Total Space | 78,12 Gb Free Space | 45,24% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 35,87 Gb Free Space | 36,73% Space Free | Partition Type: NTFS
 
Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AD4037-6633-4E61-8AB5-D0280BBAFA67}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2C0D109E-0709-4C57-9AE2-7C7093F19ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3096A1C2-D0E4-46B8-8A1B-1E8ED1B55C1A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3410E138-6BCB-4F40-B546-A9EFF3E6120C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{40360C25-0035-44F7-BA02-BB904571EB70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46E45664-B26C-4DA1-BCA3-0B1C77EC802A}" = lport=137 | protocol=17 | dir=in | app=system |
"{551CAB9D-2EA4-4CC9-823B-9D52FFB67215}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5A35CEA5-9C12-4755-996B-E642E22384B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C186FB8-DB19-43A4-A2E9-1B4DC4159E19}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E2A20E8-2D9A-4DEA-BD68-91DE2043FC10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF620EC-14B9-44BD-8205-C85E2EF5CF5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9AD45986-2CE5-4D75-AAEC-4E7177C758FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{B74622B0-2E9F-4043-8EDB-61B22E46DC82}" = rport=445 | protocol=6 | dir=out | app=system |
"{B83C169E-9B66-4ECD-AC53-DAAE36F18619}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2542559-9FA8-4E67-B1EF-6D72D37BD97C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC7C2826-C261-4C6A-8330-7CA87EA4AC1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D012EE79-9DDA-4000-AF1A-10C4D971CCEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E22891A7-0416-47C4-98A5-C49618E93A2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E313490C-1098-4B94-BA58-68253E11824C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2EFE722-282E-45E3-BF89-4345BC819229}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F46C0CD0-26B6-4C97-BC53-E0FD85D80D45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F69278B0-1298-49E0-9715-B4FE66BF06A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{F98281DB-66F1-4378-9F6F-4D8C0EDC225B}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAB003B5-3813-40D1-ACE3-D37860FB3CE1}" = lport=10243 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B5601-35C4-4C55-A0A6-03343FE362FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04E465CD-337E-4ECC-AFAD-0B6970056013}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18EB8771-BC06-40E4-9E96-2F140C002B1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21166C00-FB3D-4B21-BD13-3E7C6099F59C}" = protocol=6 | dir=in | app=e:\droidcam\droidcamapp.exe |
"{2CA5A946-FBDD-4C49-A797-20D9E45F7003}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{31968711-CEC4-4F64-A511-46BB114E7B38}" = protocol=6 | dir=out | app=system |
"{370E6152-1ED8-424F-AFB0-C13E2A30418E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B816396-68C1-413F-A8EE-3BA0BEAA45BC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{401321D0-10BA-4DA0-988C-CDCAA20DDDD9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4E99166B-8474-43C7-BC87-BFC6E85D72EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{509EBDB6-92B3-473D-B137-B8FB76E9F272}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53F5A6C5-02DF-4F20-939E-D383E1CEF7EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6848284E-A832-45EC-B37B-6C8E2ADD9F6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A9CFA0D-9A44-4B3E-A799-7A4570F8DE48}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A960264-90A8-419F-9CBC-03461D9D83AC}" = protocol=17 | dir=in | app=e:\qqintl\bin\qq.exe |
"{7C9F30A9-0A20-411D-924C-8B9AC6BE4752}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DF5519F-44B4-489F-AE8E-548106BEA2E8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{89544430-00D8-465D-9AB5-6200C2CBE1F9}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9318EE68-5279-460D-98EE-3BB86FA42C6C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{969DD71E-D2D1-481C-A3E8-08D43E5A82DD}" = protocol=6 | dir=in | app=e:\qqintl\bin\qq.exe |
"{980067A2-8F45-4E44-9734-F521FD6B054B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{997071DE-A982-4D69-B748-E0E9CE05645F}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{9EC7D912-007D-4C59-9DCB-CC4210C1B126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0D20957-E9E4-4D86-BE47-40D1DE8BD7C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8117704-7B9E-4C80-B660-CF4F845B0BBA}" = dir=in | app=e:\mpk\mpkview.exe |
"{AD88D1C6-B339-46DD-95BB-E8300A832652}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AFFD8E8B-53BA-492C-B24D-45EC07DFAB49}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B23353BC-272B-4BA3-A4AB-B0CD54C9B629}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C2810B02-168B-45A7-AD63-8DC9261347A4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C3342031-BCFB-4F22-9074-CD318DE5B986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D315465C-3FC1-48D0-BC64-8E4DE79223FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAD8E0DC-2C32-4B9F-B306-0A40B05D5C20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8392474-4166-4396-81CD-0526ED8EAAF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5AF0C33-8BBE-4D5D-935D-8487A779E55C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F6349756-FF65-4BA5-AF16-65BD12AF4B4D}" = dir=in | app=e:\mpk\mpk.exe |
"{FB4CD95B-CDAE-4A02-A453-EA5323D43FA0}" = protocol=17 | dir=in | app=e:\droidcam\droidcamapp.exe |
"TCP Query User{0952F30B-0032-4DE4-8DB4-B4B3087A3E85}E:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"TCP Query User{15014167-183E-4AF3-8D20-EC51DE34BF95}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"TCP Query User{354C1C9D-F71C-4A76-A56C-B3414E08BB0D}E:\tibiacast\tibiacast client.exe" = protocol=6 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"TCP Query User{40E00FB3-3158-406D-87A0-1826F4735FD5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5EB9B314-0D55-4689-A3D1-DA5A9ADC6D14}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{97F7E791-8B15-4477-A84A-2ACBBFCA4ADD}E:\london 2012\london2012.exe" = protocol=6 | dir=in | app=e:\london 2012\london2012.exe |
"TCP Query User{DBCC130A-41D4-4656-876C-47EBB333FA8D}E:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=e:\sopcast\sopcast.exe |
"TCP Query User{E468BA5C-951C-4899-9D9A-A9FCFEA1F9A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{EA892FEA-B02C-4FC5-9DEA-2A6714ADE6C4}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{FF90AE82-3CFD-4DD8-B572-D3A53D4F3D0C}E:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=e:\miranda im\miranda32.exe |
"UDP Query User{0A08BB74-59B2-48E9-9D93-F9D73213D0F6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{40BF9E0F-1A8F-4F7B-901D-1CEF755A7536}E:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=e:\sopcast\sopcast.exe |
"UDP Query User{53E9C828-031C-40A7-AAA3-2A1165D64C66}E:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"UDP Query User{59269D52-7EC9-45DB-A4C0-C57101119A55}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{5DD068B0-C1EA-4DEB-AA8B-D0FBFF4FD6E6}E:\london 2012\london2012.exe" = protocol=17 | dir=in | app=e:\london 2012\london2012.exe |
"UDP Query User{92CF29D5-2E29-420E-A327-12409DDBE51D}E:\tibiacast\tibiacast client.exe" = protocol=17 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"UDP Query User{9E8705C5-80B8-4932-AE5A-FF5ECC744FA0}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{ACFD954A-F829-4605-9313-B7B6DC1A81D6}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{EEFB6FC5-EBF2-4E12-ADE5-863C773493D6}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"UDP Query User{F15019E7-E37F-4D3C-B16B-31E914A78C46}E:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=e:\miranda im\miranda32.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5FB5C4-7F23-4EB3-A7FA-DFD0B2F30341}" = Tibiacast
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.5.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Picasa 3" = Picasa 3
"PS3 Media Server" = PS3 Media Server
"SopCast" = SopCast 3.5.0
"Tibia_is1" = Tibia
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.10.2012 11:47:00 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Error - 26.10.2012 12:24:20 | Computer Name = PeterHagedorn | Source = Application
 Error | ID = 1000
 
Description = Name der fehlerhaften Anwendung: Taskmgr.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78d21
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006f0138
ID des fehlerhaften Prozesses: 0xb0c
Startzeit der fehlerhaften Anwendung: 0x01cdb3965079c809
Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Taskmgr.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 9827f94a-1f89-11e2-afaa-00030da4e330
Error - 26.10.2012 12:24:22 | Computer Name = PeterHagedorn | Source = Application
 Error | ID = 1000
 
Error - 26.10.2012 12:24:34 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Taskmgr.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce78d21  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0150010  Fehleroffset: 0x00084699  ID des fehlerhaften
 Prozesses: 0xb0c  Startzeit der fehlerhaften Anwendung: 0x01cdb3965079c809  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\Taskmgr.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a02255f6-1f89-11e2-afaa-00030da4e330
 
Error - 01.11.2012 12:24:04 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680,
 Zeitstempel: 0x50882871  Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680,
 Zeitstempel: 0x508827d6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00130ef7  ID des fehlerhaften
 Prozesses: 0x1388  Startzeit der fehlerhaften Anwendung: 0x01cdb84446004987  Pfad der
 fehlerhaften Anwendung: E:\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften Moduls:
 E:\Mozilla Firefox\xul.dll  Berichtskennung: 8cb3853e-2440-11e2-a862-00030da4e330
 
Error - 05.11.2012 12:54:39 | Computer Name = PeterHagedorn | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not reliably determine the server's fully qualified domain name, using 192.168.2.100
 for ServerName    .
 
Error - 06.11.2012 17:52:20 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_4_402_287.exe,
 Version: 11.4.402.287, Zeitstempel: 0x5066dda3  Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll,
 Version: 11.4.402.287, Zeitstempel: 0x5066df1c  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x004254cf  ID des fehlerhaften Prozesses: 0x588  Startzeit der fehlerhaften Anwendung:
 0x01cdbc5e9e46131a  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
Berichtskennung:
 3cb32c37-285c-11e2-98e4-00030da4e330
 
[ System Events ]
Error - 14.06.2012 10:12:48 | Computer Name = PeterHagedorn | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
Error - 17.06.2012 10:05:43 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?06.?2012 um 16:04:51 unerwartet heruntergefahren.
 
Error - 19.06.2012 12:21:58 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.06.2012 12:22:00 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.06.2012 18:10:22 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?06.?2012 um 00:09:26 unerwartet heruntergefahren.
 
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.06.2012 09:59:03 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >
--- --- ---



defogger:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:51 on 29/11/2012 (Peter Hagedorn)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

asWMBR:

Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-29 20:54:30
-----------------------------
20:54:30.737    OS Version: Windows x64 6.1.7601 Service Pack 1
20:54:30.737    Number of processors: 2 586 0x1706
20:54:30.737    ComputerName: PETERHAGEDORN  UserName:
20:54:31.658    Initialize success
20:57:41.839    AVAST engine defs: 12112900
20:57:58.251    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:57:58.251    Disk 0 Vendor: Hitachi_HTS725050A9A364 PC4OC70E Size: 476940MB BusType: 11
20:57:58.266    Disk 0 MBR read successfully
20:57:58.266    Disk 0 MBR scan
20:57:58.282    Disk 0 Windows 7 default MBR code
20:57:58.282    Disk 0 Partition 1 00    42          SFS                0 MB offset 63
20:57:58.297    Disk 0 Partition 2 80 (A) 42          SFS NTFS          100 MB offset 2048
20:57:58.313    Disk 0 Partition 3 00    42          SFS NTFS      100000 MB offset 206848
20:57:58.329    Disk 0 Partition 4 00    42          SFS NTFS      376838 MB offset 205006848
20:57:58.344    Disk 0 scanning C:\Windows\system32\drivers
20:57:58.344    Service scanning
20:58:32.058    Modules scanning
20:58:32.058    Disk 0 trace - called modules:
20:58:32.620    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:58:32.636    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c226d0]
20:58:32.667    3 CLASSPNP.SYS[fffff8800199443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046a8060]
20:58:33.572    AVAST engine scan C:\Windows
20:58:33.572    AVAST engine scan C:\Windows\system32
20:58:33.587    AVAST engine scan C:\Windows\system32\drivers
20:58:33.618    AVAST engine scan C:\Users\Peter Hagedorn
20:58:33.634    AVAST engine scan C:\ProgramData
20:58:33.665    Scan finished successfully
20:58:55.227    Disk 0 MBR has been saved successfully to "C:\Users\Peter Hagedorn\Desktop\MBR.dat"
20:58:55.237    The log file has been saved successfully to "C:\Users\Peter Hagedorn\Desktop\aswMBR.txt"

TDSSKiller:

Code:
20:59:37.0977 1872  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:59:38.0207 1872  ============================================================
20:59:38.0207 1872  Current date / time: 2012/11/29 20:59:38.0207
20:59:38.0207 1872  SystemInfo:
20:59:38.0207 1872 
20:59:38.0207 1872  OS Version: 6.1.7601 ServicePack: 1.0
20:59:38.0207 1872  Product type: Workstation
20:59:38.0207 1872  ComputerName: PETERHAGEDORN
20:59:38.0207 1872  UserName: Peter Hagedorn
20:59:38.0207 1872  Windows directory: C:\Windows
20:59:38.0207 1872  System windows directory: C:\Windows
20:59:38.0207 1872  Running under WOW64
20:59:38.0207 1872  Processor architecture: Intel x64
20:59:38.0207 1872  Number of processors: 2
20:59:38.0207 1872  Page size: 0x1000
20:59:38.0207 1872  Boot type: Normal boot
20:59:38.0207 1872  ============================================================
20:59:39.0267 1872  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:59:39.0267 1872  ============================================================
20:59:39.0267 1872  \Device\Harddisk0\DR0:
20:59:39.0267 1872  MBR partitions:
20:59:39.0267 1872  Initialize success
20:59:39.0267 1872  ============================================================
20:59:49.0890 3236  ============================================================
20:59:49.0890 3236  Scan started
20:59:49.0890 3236  Mode: Manual;
20:59:49.0890 3236  ============================================================
20:59:50.0342 3236  ================ Scan system memory ========================
20:59:50.0342 3236  System memory - ok
20:59:50.0342 3236  ================ Scan services =============================
20:59:50.0373 3236  1394ohci - ok
20:59:50.0389 3236  ACPI - ok
20:59:50.0389 3236  AcpiPmi - ok
20:59:50.0404 3236  AdobeARMservice - ok
20:59:50.0420 3236  AdobeFlashPlayerUpdateSvc - ok
20:59:50.0436 3236  adp94xx - ok
20:59:50.0436 3236  adpahci - ok
20:59:50.0436 3236  adpu320 - ok
20:59:50.0451 3236  AeLookupSvc - ok
20:59:50.0467 3236  AFD - ok
20:59:50.0482 3236  agp440 - ok
20:59:50.0482 3236  ALG - ok
20:59:50.0482 3236  aliide - ok
20:59:50.0498 3236  amdide - ok
20:59:50.0498 3236  AmdK8 - ok
20:59:50.0498 3236  AmdPPM - ok
20:59:50.0498 3236  amdsata - ok
20:59:50.0514 3236  amdsbs - ok
20:59:50.0514 3236  amdxata - ok
20:59:50.0545 3236  AntiVirSchedulerService - ok
20:59:50.0545 3236  AntiVirService - ok
20:59:50.0560 3236  AppID - ok
20:59:50.0560 3236  AppIDSvc - ok
20:59:50.0560 3236  Appinfo - ok
20:59:50.0576 3236  AppMgmt - ok
20:59:50.0576 3236  arc - ok
20:59:50.0576 3236  arcsas - ok
20:59:50.0607 3236  aspnet_state - ok
20:59:50.0607 3236  AsyncMac - ok
20:59:50.0623 3236  atapi - ok
20:59:50.0623 3236  AudioEndpointBuilder - ok
20:59:50.0623 3236  AudioSrv - ok
20:59:50.0638 3236  avgntflt - ok
20:59:50.0638 3236  avipbb - ok
20:59:50.0638 3236  avkmgr - ok
20:59:50.0638 3236  AxInstSV - ok
20:59:50.0654 3236  b06bdrv - ok
20:59:50.0654 3236  b57nd60a - ok
20:59:50.0670 3236  BDESVC - ok
20:59:50.0680 3236  Beep - ok
20:59:50.0690 3236  BFE - ok
20:59:50.0700 3236  BITS - ok
20:59:50.0710 3236  blbdrive - ok
20:59:50.0710 3236  bowser - ok
20:59:50.0720 3236  BrFiltLo - ok
20:59:50.0720 3236  BrFiltUp - ok
20:59:50.0730 3236  Browser - ok
20:59:50.0730 3236  Brserid - ok
20:59:50.0740 3236  BrSerWdm - ok
20:59:50.0740 3236  BrUsbMdm - ok
20:59:50.0750 3236  BrUsbSer - ok
20:59:50.0750 3236  BTHMODEM - ok
20:59:50.0770 3236  bthserv - ok
20:59:50.0780 3236  cdfs - ok
20:59:50.0790 3236  cdrom - ok
20:59:50.0800 3236  CertPropSvc - ok
20:59:50.0810 3236  circlass - ok
20:59:50.0810 3236  CLFS - ok
20:59:50.0810 3236  clr_optimization_v2.0.50727_32 - ok
20:59:50.0820 3236  clr_optimization_v2.0.50727_64 - ok
20:59:50.0820 3236  clr_optimization_v4.0.30319_32 - ok
20:59:50.0830 3236  clr_optimization_v4.0.30319_64 - ok
20:59:50.0840 3236  CmBatt - ok
20:59:50.0850 3236  cmdide - ok
20:59:50.0850 3236  CNG - ok
20:59:50.0860 3236  Compbatt - ok
20:59:50.0870 3236  CompositeBus - ok
20:59:50.0880 3236  COMSysApp - ok
20:59:50.0880 3236  crcdisk - ok
20:59:50.0890 3236  CryptSvc - ok
20:59:50.0890 3236  CSC - ok
20:59:50.0900 3236  CscService - ok
20:59:50.0900 3236  DcomLaunch - ok
20:59:50.0910 3236  defragsvc - ok
20:59:50.0910 3236  DfsC - ok
20:59:50.0930 3236  dg_ssudbus - ok
20:59:50.0930 3236  Dhcp - ok
20:59:50.0940 3236  discache - ok
20:59:50.0940 3236  Disk - ok
20:59:50.0950 3236  Dnscache - ok
20:59:50.0950 3236  dot3svc - ok
20:59:50.0960 3236  DPS - ok
20:59:50.0960 3236  drmkaud - ok
20:59:50.0970 3236  DXGKrnl - ok
20:59:50.0970 3236  EapHost - ok
20:59:50.0980 3236  ebdrv - ok
20:59:50.0980 3236  EFS - ok
20:59:50.0990 3236  ehRecvr - ok
20:59:50.0990 3236  ehSched - ok
20:59:50.0990 3236  elxstor - ok
20:59:51.0000 3236  ErrDev - ok
20:59:51.0010 3236  EventSystem - ok
20:59:51.0010 3236  exfat - ok
20:59:51.0020 3236  fastfat - ok
20:59:51.0020 3236  Fax - ok
20:59:51.0030 3236  fdc - ok
20:59:51.0030 3236  fdPHost - ok
20:59:51.0040 3236  FDResPub - ok
20:59:51.0040 3236  FileInfo - ok
20:59:51.0050 3236  Filetrace - ok
20:59:51.0050 3236  flpydisk - ok
20:59:51.0060 3236  FltMgr - ok
20:59:51.0060 3236  FontCache - ok
20:59:51.0070 3236  FontCache3.0.0.0 - ok
20:59:51.0070 3236  FsDepends - ok
20:59:51.0080 3236  Fs_Rec - ok
20:59:51.0090 3236  fvevol - ok
20:59:51.0090 3236  gagp30kx - ok
20:59:51.0100 3236  gpsvc - ok
20:59:51.0120 3236  gupdate - ok
20:59:51.0130 3236  gupdatem - ok
20:59:51.0140 3236  gusvc - ok
20:59:51.0140 3236  hcw85cir - ok
20:59:51.0150 3236  HdAudAddService - ok
20:59:51.0160 3236  HDAudBus - ok
20:59:51.0170 3236  HidBatt - ok
20:59:51.0170 3236  HidBth - ok
20:59:51.0180 3236  HidIr - ok
20:59:51.0180 3236  hidserv - ok
20:59:51.0190 3236  HidUsb - ok
20:59:51.0190 3236  hkmsvc - ok
20:59:51.0200 3236  HomeGroupListener - ok
20:59:51.0200 3236  HomeGroupProvider - ok
20:59:51.0210 3236  HpSAMD - ok
20:59:51.0210 3236  HTTP - ok
20:59:51.0210 3236  hwpolicy - ok
20:59:51.0220 3236  i8042prt - ok
20:59:51.0230 3236  iaStorV - ok
20:59:51.0230 3236  idsvc - ok
20:59:51.0230 3236  iirsp - ok
20:59:51.0240 3236  IKEEXT - ok
20:59:51.0250 3236  intelide - ok
20:59:51.0250 3236  intelppm - ok
20:59:51.0260 3236  IPBusEnum - ok
20:59:51.0260 3236  IpFilterDriver - ok
20:59:51.0270 3236  iphlpsvc - ok
20:59:51.0270 3236  IPMIDRV - ok
20:59:51.0280 3236  IPNAT - ok
20:59:51.0280 3236  IRENUM - ok
20:59:51.0290 3236  isapnp - ok
20:59:51.0290 3236  iScsiPrt - ok
20:59:51.0290 3236  kbdclass - ok
20:59:51.0300 3236  kbdhid - ok
20:59:51.0310 3236  KeyIso - ok
20:59:51.0310 3236  KSecDD - ok
20:59:51.0320 3236  KSecPkg - ok
20:59:51.0320 3236  ksthunk - ok
20:59:51.0330 3236  KtmRm - ok
20:59:51.0330 3236  LanmanServer - ok
20:59:51.0330 3236  LanmanWorkstation - ok
20:59:51.0350 3236  lltdio - ok
20:59:51.0350 3236  lltdsvc - ok
20:59:51.0360 3236  lmhosts - ok
20:59:51.0370 3236  LSI_FC - ok
20:59:51.0370 3236  LSI_SAS - ok
20:59:51.0380 3236  LSI_SAS2 - ok
20:59:51.0380 3236  LSI_SCSI - ok
20:59:51.0380 3236  luafv - ok
20:59:51.0390 3236  LVRS64 - ok
20:59:51.0400 3236  LVUVC64 - ok
20:59:51.0420 3236  ManyCam - ok
20:59:51.0420 3236  mcaudrv_simple - ok
20:59:51.0430 3236  Mcx2Svc - ok
20:59:51.0440 3236  megasas - ok
20:59:51.0440 3236  MegaSR - ok
20:59:51.0450 3236  MMCSS - ok
20:59:51.0450 3236  Modem - ok
20:59:51.0460 3236  monitor - ok
20:59:51.0460 3236  mouclass - ok
20:59:51.0460 3236  mouhid - ok
20:59:51.0480 3236  mountmgr - ok
20:59:51.0500 3236  MozillaMaintenance - ok
20:59:51.0500 3236  mpio - ok
20:59:51.0510 3236  mpsdrv - ok
20:59:51.0510 3236  MpsSvc - ok
20:59:51.0520 3236  MRxDAV - ok
20:59:51.0520 3236  mrxsmb - ok
20:59:51.0530 3236  mrxsmb10 - ok
20:59:51.0530 3236  mrxsmb20 - ok
20:59:51.0540 3236  msahci - ok
20:59:51.0540 3236  msdsm - ok
20:59:51.0550 3236  MSDTC - ok
20:59:51.0560 3236  Msfs - ok
20:59:51.0560 3236  mshidkmdf - ok
20:59:51.0570 3236  msisadrv - ok
20:59:51.0570 3236  MSiSCSI - ok
20:59:51.0580 3236  msiserver - ok
20:59:51.0580 3236  MSKSSRV - ok
20:59:51.0590 3236  MSPCLOCK - ok
20:59:51.0590 3236  MSPQM - ok
20:59:51.0600 3236  MsRPC - ok
20:59:51.0600 3236  mssmbios - ok
20:59:51.0610 3236  MSSQL$SQLEXPRESS - ok
20:59:51.0620 3236  MSSQLServerADHelper100 - ok
20:59:51.0630 3236  MSTEE - ok
20:59:51.0630 3236  MTConfig - ok
20:59:51.0640 3236  Mup - ok
20:59:51.0640 3236  napagent - ok
20:59:51.0640 3236  NativeWifiP - ok
20:59:51.0650 3236  NDIS - ok
20:59:51.0650 3236  NdisCap - ok
20:59:51.0660 3236  NdisTapi - ok
20:59:51.0660 3236  Ndisuio - ok
20:59:51.0670 3236  NdisWan - ok
20:59:51.0670 3236  NDProxy - ok
20:59:51.0680 3236  NetBIOS - ok
20:59:51.0680 3236  NetBT - ok
20:59:51.0690 3236  Netlogon - ok
20:59:51.0700 3236  Netman - ok
20:59:51.0710 3236  NetMsmqActivator - ok
20:59:51.0730 3236  NetPipeActivator - ok
20:59:51.0730 3236  netprofm - ok
20:59:51.0740 3236  NetTcpActivator - ok
20:59:51.0750 3236  NetTcpPortSharing - ok
20:59:51.0750 3236  netw5v64 - ok
20:59:51.0760 3236  NETwNs64 - ok
20:59:51.0760 3236  nfrd960 - ok
20:59:51.0780 3236  NlaSvc - ok
20:59:51.0780 3236  Npfs - ok
20:59:51.0780 3236  nsi - ok
20:59:51.0790 3236  nsiproxy - ok
20:59:51.0790 3236  Ntfs - ok
20:59:51.0800 3236  Null - ok
20:59:51.0800 3236  nvlddmkm - ok
20:59:51.0810 3236  nvraid - ok
20:59:51.0810 3236  nvstor - ok
20:59:51.0820 3236  nvsvc - ok
20:59:51.0830 3236  nv_agp - ok
20:59:51.0830 3236  ohci1394 - ok
20:59:51.0840 3236  p2pimsvc - ok
20:59:51.0840 3236  p2psvc - ok
20:59:51.0850 3236  Parport - ok
20:59:51.0850 3236  partmgr - ok
20:59:51.0860 3236  PcaSvc - ok
20:59:51.0860 3236  pci - ok
20:59:51.0860 3236  pciide - ok
20:59:51.0870 3236  pcmcia - ok
20:59:51.0870 3236  pcw - ok
20:59:51.0880 3236  PEAUTH - ok
20:59:51.0880 3236  PeerDistSvc - ok
20:59:51.0890 3236  PerfHost - ok
20:59:51.0900 3236  pla - ok
20:59:51.0900 3236  PlugPlay - ok
20:59:51.0910 3236  PNRPAutoReg - ok
20:59:51.0910 3236  PNRPsvc - ok
20:59:51.0920 3236  PolicyAgent - ok
20:59:51.0930 3236  Power - ok
20:59:51.0940 3236  PptpMiniport - ok
20:59:51.0940 3236  Processor - ok
20:59:51.0940 3236  ProfSvc - ok
20:59:51.0950 3236  ProtectedStorage - ok
20:59:51.0960 3236  Psched - ok
20:59:51.0960 3236  ql2300 - ok
20:59:51.0970 3236  ql40xx - ok
20:59:51.0970 3236  QWAVE - ok
20:59:51.0970 3236  QWAVEdrv - ok
20:59:51.0980 3236  RasAcd - ok
20:59:51.0990 3236  RasAgileVpn - ok
20:59:51.0990 3236  RasAuto - ok
20:59:51.0990 3236  Rasl2tp - ok
20:59:52.0000 3236  RasMan - ok
20:59:52.0000 3236  RasPppoe - ok
20:59:52.0010 3236  RasSstp - ok
20:59:52.0010 3236  rdbss - ok
20:59:52.0020 3236  rdpbus - ok
20:59:52.0020 3236  RDPCDD - ok
20:59:52.0030 3236  RDPDR - ok
20:59:52.0030 3236  RDPENCDD - ok
20:59:52.0040 3236  RDPREFMP - ok
20:59:52.0050 3236  RdpVideoMiniport - ok
20:59:52.0050 3236  RDPWD - ok
20:59:52.0060 3236  rdyboost - ok
20:59:52.0060 3236  RemoteAccess - ok
20:59:52.0070 3236  RemoteRegistry - ok
20:59:52.0070 3236  RpcEptMapper - ok
20:59:52.0080 3236  RpcLocator - ok
20:59:52.0080 3236  RpcSs - ok
20:59:52.0090 3236  RsFx0105 - ok
20:59:52.0100 3236  rspndr - ok
20:59:52.0100 3236  RTL8167 - ok
20:59:52.0110 3236  s3cap - ok
20:59:52.0110 3236  SamSs - ok
20:59:52.0110 3236  sbp2port - ok
20:59:52.0120 3236  SBSDWSCService - ok
20:59:52.0130 3236  SCardSvr - ok
20:59:52.0130 3236  scfilter - ok
20:59:52.0130 3236  Schedule - ok
20:59:52.0140 3236  SCPolicySvc - ok
20:59:52.0140 3236  SDRSVC - ok
20:59:52.0150 3236  secdrv - ok
20:59:52.0160 3236  seclogon - ok
20:59:52.0160 3236  SENS - ok
20:59:52.0170 3236  SensrSvc - ok
20:59:52.0170 3236  Serenum - ok
20:59:52.0180 3236  Serial - ok
20:59:52.0190 3236  sermouse - ok
20:59:52.0200 3236  SessionEnv - ok
20:59:52.0210 3236  sffdisk - ok
20:59:52.0210 3236  sffp_mmc - ok
20:59:52.0210 3236  sffp_sd - ok
20:59:52.0220 3236  sfloppy - ok
20:59:52.0220 3236  SharedAccess - ok
20:59:52.0230 3236  ShellHWDetection - ok
20:59:52.0230 3236  SiSRaid2 - ok
20:59:52.0240 3236  SiSRaid4 - ok
20:59:52.0250 3236  SkypeUpdate - ok
20:59:52.0250 3236  Smb - ok
20:59:52.0260 3236  SNMPTRAP - ok
20:59:52.0280 3236  spldr - ok
20:59:52.0280 3236  Spooler - ok
20:59:52.0290 3236  sppsvc - ok
20:59:52.0290 3236  sppuinotify - ok
20:59:52.0300 3236  sptd - ok
20:59:52.0310 3236  SQLAgent$SQLEXPRESS - ok
20:59:52.0310 3236  SQLBrowser - ok
20:59:52.0320 3236  SQLWriter - ok
20:59:52.0320 3236  srv - ok
20:59:52.0330 3236  srv2 - ok
20:59:52.0330 3236  srvnet - ok
20:59:52.0340 3236  SSDPSRV - ok
20:59:52.0340 3236  SstpSvc - ok
20:59:52.0350 3236  ssudmdm - ok
20:59:52.0360 3236  StarWindServiceAE - ok
20:59:52.0360 3236  stexstor - ok
20:59:52.0370 3236  stisvc - ok
20:59:52.0380 3236  storflt - ok
20:59:52.0380 3236  storvsc - ok
20:59:52.0390 3236  swenum - ok
20:59:52.0390 3236  swprv - ok
20:59:52.0410 3236  Synth3dVsc - ok
20:59:52.0410 3236  SysMain - ok
20:59:52.0420 3236  TabletInputService - ok
20:59:52.0420 3236  TapiSrv - ok
20:59:52.0430 3236  TBS - ok
20:59:52.0430 3236  Tcpip - ok
20:59:52.0430 3236  TCPIP6 - ok
20:59:52.0440 3236  tcpipreg - ok
20:59:52.0450 3236  TDPIPE - ok
20:59:52.0450 3236  TDTCP - ok
20:59:52.0460 3236  tdx - ok
20:59:52.0460 3236  TermDD - ok
20:59:52.0460 3236  TermService - ok
20:59:52.0470 3236  Themes - ok
20:59:52.0470 3236  THREADORDER - ok
20:59:52.0480 3236  TrkWks - ok
20:59:52.0480 3236  TrustedInstaller - ok
20:59:52.0490 3236  tssecsrv - ok
20:59:52.0490 3236  TsUsbFlt - ok
20:59:52.0500 3236  tsusbhub - ok
20:59:52.0540 3236  tunnel - ok
20:59:52.0550 3236  uagp35 - ok
20:59:52.0550 3236  udfs - ok
20:59:52.0560 3236  UI0Detect - ok
20:59:52.0560 3236  uliagpkx - ok
20:59:52.0570 3236  umbus - ok
20:59:52.0570 3236  UmPass - ok
20:59:52.0580 3236  UmRdpService - ok
20:59:52.0580 3236  UMVPFSrv - ok
20:59:52.0590 3236  upnphost - ok
20:59:52.0590 3236  usbaudio - ok
20:59:52.0600 3236  usbccgp - ok
20:59:52.0600 3236  usbcir - ok
20:59:52.0600 3236  usbehci - ok
20:59:52.0610 3236  usbhub - ok
20:59:52.0610 3236  usbohci - ok
20:59:52.0620 3236  usbprint - ok
20:59:52.0620 3236  USBSTOR - ok
20:59:52.0630 3236  usbuhci - ok
20:59:52.0630 3236  usbvideo - ok
20:59:52.0640 3236  UxSms - ok
20:59:52.0640 3236  VaultSvc - ok
20:59:52.0640 3236  vdrvroot - ok
20:59:52.0660 3236  vds - ok
20:59:52.0660 3236  vga - ok
20:59:52.0670 3236  VgaSave - ok
20:59:52.0670 3236  VGPU - ok
20:59:52.0680 3236  vhdmp - ok
20:59:52.0680 3236  viaide - ok
20:59:52.0680 3236  vmbus - ok
20:59:52.0690 3236  VMBusHID - ok
20:59:52.0690 3236  volmgr - ok
20:59:52.0700 3236  volmgrx - ok
20:59:52.0710 3236  volsnap - ok
20:59:52.0710 3236  vsmraid - ok
20:59:52.0720 3236  VSS - ok
20:59:52.0720 3236  vwifibus - ok
20:59:52.0730 3236  vwififlt - ok
20:59:52.0740 3236  W32Time - ok
20:59:52.0740 3236  WacomPen - ok
20:59:52.0760 3236  WANARP - ok
20:59:52.0760 3236  Wanarpv6 - ok
20:59:52.0770 3236  wbengine - ok
20:59:52.0770 3236  WbioSrvc - ok
20:59:52.0780 3236  wcncsvc - ok
20:59:52.0780 3236  WcsPlugInService - ok
20:59:52.0790 3236  Wd - ok
20:59:52.0790 3236  Wdf01000 - ok
20:59:52.0790 3236  WdiServiceHost - ok
20:59:52.0800 3236  WdiSystemHost - ok
20:59:52.0800 3236  WebClient - ok
20:59:52.0810 3236  Wecsvc - ok
20:59:52.0810 3236  wercplsupport - ok
20:59:52.0830 3236  WerSvc - ok
20:59:52.0830 3236  WfpLwf - ok
20:59:52.0840 3236  WIMMount - ok
20:59:52.0840 3236  WinDefend - ok
20:59:52.0850 3236  WinHttpAutoProxySvc - ok
20:59:52.0850 3236  Winmgmt - ok
20:59:52.0860 3236  WinRM - ok
20:59:52.0880 3236  WinUsb - ok
20:59:52.0880 3236  Wlansvc - ok
20:59:52.0890 3236  wlidsvc - ok
20:59:52.0890 3236  WmiAcpi - ok
20:59:52.0900 3236  wmiApSrv - ok
20:59:52.0900 3236  WMPNetworkSvc - ok
20:59:52.0910 3236  WPCSvc - ok
20:59:52.0910 3236  WPDBusEnum - ok
20:59:52.0920 3236  ws2ifsl - ok
20:59:52.0920 3236  wscsvc - ok
20:59:52.0930 3236  WSearch - ok
20:59:52.0930 3236  wuauserv - ok
20:59:52.0940 3236  WudfPf - ok
20:59:52.0950 3236  WUDFRd - ok
20:59:52.0950 3236  wudfsvc - ok
20:59:52.0960 3236  WwanSvc - ok
20:59:52.0970 3236  ================ Scan global ===============================
20:59:52.0970 3236  [Global] - ok
20:59:52.0970 3236  ================ Scan MBR ==================================
20:59:52.0980 3236  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:59:53.0210 3236  \Device\Harddisk0\DR0 - ok
20:59:53.0210 3236  ================ Scan VBR ==================================
20:59:53.0210 3236  ============================================================
20:59:53.0210 3236  Scan finished
20:59:53.0210 3236  ============================================================
20:59:53.0220 2404  Detected object count: 0
20:59:53.0220 2404  Actual detected object count: 0
21:00:10.0710 3772  Deinitialize success

cosinus 30.11.2012 21:22
Bitte ein Log mit CF machen

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

donpedrofo 30.11.2012 23:13
danke für die schnellen Antworten

ComoFix:

Code:
ComboFix 12-11-30.02 - Peter Hagedorn 30.11.2012  23:06:05.1.2 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.4061.2899 [GMT 1:00]
ausgeführt von:: c:\users\Peter Hagedorn\Desktop\Trojaner Logs\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\timerintray
c:\users\Peter Hagedorn\4.0
c:\users\Peter Hagedorn\AppData\Roaming\commen.exe
c:\users\Peter Hagedorn\AppData\Roaming\inst.exe
c:\users\Peter Hagedorn\AppData\Roaming\Peter Hagedorn-wchelper.dll
c:\users\Peter Hagedorn\AppData\Roaming\vso_ts_preview.xml
c:\windows\libmysql.dll
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-28 bis 2012-11-30  ))))))))))))))))))))))))))))))
.
.
2012-11-30 22:10 . 2012-11-30 22:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-11-30 06:28 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F880897A-FC09-4506-81A8-4F65221F3687}\mpengine.dll
2012-11-24 18:12 . 2012-11-24 18:12        --------        d-----w-        c:\users\Peter Hagedorn\AppData\Roaming\TuneUp Software
2012-11-24 18:12 . 2012-11-24 18:12        --------        d-----w-        c:\programdata\TuneUp Software
2012-11-24 18:12 . 2012-11-24 18:12        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-11-24 18:12 . 2012-11-24 18:12        --------        d--h--w-        c:\programdata\Common Files
2012-11-13 17:31 . 2012-11-13 17:31        --------        d-----w-        c:\users\Peter Hagedorn\AppData\Roaming\PDAppFlex
2012-11-13 17:30 . 2012-11-13 17:30        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2012-11-12 20:36 . 2012-11-12 20:36        --------        d-----w-        c:\users\Peter Hagedorn\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-11-12 20:36 . 2012-11-12 20:36        --------        d-----w-        c:\program files (x86)\Common Files\Adobe AIR
2012-11-06 05:01 . 2012-11-24 18:12        --------        d-----w-        C:\Programme (x86)
2012-11-05 16:54 . 2012-11-05 17:05        --------        d-----w-        C:\yParser16_1
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-20 11:07 . 2011-11-17 05:21        65309168        ----a-w-        c:\windows\system32\MRT.exe
2012-10-08 19:36 . 2012-04-07 06:39        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 19:36 . 2011-11-16 16:44        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-24 21:16 . 2012-10-19 10:52        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 19:19 . 2012-10-20 10:55        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-20 10:55        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-09-04 07:46 . 2012-07-10 11:18        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 07:46 . 2011-11-24 05:41        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 SBSDWSCService;SBSD Security Center Service;e:\spybot - search & destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 19:36]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 14:33]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 14:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-01 16336488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-19 05:51; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-27 22:04; AX1FMU@w19hh.com; c:\users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\extensions\AX1FMU@w19hh.com.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-msconflg - c:\users\Peter Hagedorn\AppData\Roaming\msconflg.exe
Wow6432Node-HKCU-Run-Intel(R)GraphicsControls - c:\users\Peter Hagedorn\AppData\Roaming\Intel\Intel(R)GraphicsControls.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-30  23:12:03
ComboFix-quarantined-files.txt  2012-11-30 22:12
.
Vor Suchlauf: 10 Verzeichnis(se), 43.494.080.512 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 43.366.408.192 Bytes frei
.
- - End Of File - - 4EC82B53F99A3450489B1EA08E9F1956

cosinus 01.12.2012 00:22
Dir ist klar, dass da offensichtlich kompletter Vor- und Nachname von dir steht?

Zitat:
C:\yParser16_1
Das kennst du?

donpedrofo 01.12.2012 09:16
Ich weiß jetzt nicht ganz was du meinst.
Nein den Ordner kenn ich nicht ist aber Leer.

cosinus 03.12.2012 09:53
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

donpedrofo 03.12.2012 17:50
AdwCleaner Code

Code:
# AdwCleaner v2.011 - Datei am 03/12/2012 um 17:49:09 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Peter Hagedorn - PETERHAGEDORN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Peter Hagedorn\Desktop\Trojaner Logs\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R2].txt - [2147 octets] - [03/12/2012 17:49:09]

########## EOF - C:\AdwCleaner[R2].txt - [2207 octets] ##########

cosinus 03.12.2012 19:46
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

donpedrofo 03.12.2012 20:43
adwcleaner:
Code:
# AdwCleaner v2.011 - Datei am 03/12/2012 um 20:26:32 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Peter Hagedorn - PETERHAGEDORN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Peter Hagedorn\Desktop\Trojaner Logs\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R2].txt - [2274 octets] - [03/12/2012 17:49:09]
AdwCleaner[R3].txt - [2334 octets] - [03/12/2012 20:26:24]
AdwCleaner[S2].txt - [2269 octets] - [03/12/2012 20:26:32]

########## EOF - C:\AdwCleaner[S2].txt - [2329 octets] ##########

OTL

Code:
OTL logfile created on: 03.12.2012 20:33:16 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = D:\Trojaner
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 67,20% Memory free
7,93 Gb Paging File | 6,49 Gb Available in Paging File | 81,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86)
Drive C: | 97,66 Gb Total Space | 40,15 Gb Free Space | 41,12% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,50 Gb Free Space | 68,10% Space Free | Partition Type: NTFS
Drive E: | 172,69 Gb Total Space | 81,17 Gb Free Space | 47,00% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 35,68 Gb Free Space | 36,54% Space Free | Partition Type: NTFS
 
Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - E:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - e:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - E:\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (SQLBrowser) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- e:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 B3 4C 59 76 D0 CD 01  [binary data]
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: E:\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: E:\Mozilla Firefox\plugins
 
[2011.11.16 15:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Extensions
[2012.11.27 22:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions
[2012.11.21 15:54:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.27 22:04:58 | 000,003,233 | ---- | M] () (No name found) -- C:\USERS\PETER HAGEDORN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N3QSQSB5.DEFAULT\EXTENSIONS\AX1FMU@W19HH.COM.XPI
[2011.11.19 12:58:32 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\PETER HAGEDORN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N3QSQSB5.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
 
O1 HOSTS File: ([2012.11.30 23:10:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [SpybotSD TeaTimer] e:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBD288FE-D362-44E5-BDE3-B673B8EB2E7E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.01 09:09:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.30 23:12:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.30 23:05:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.30 23:05:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.30 23:05:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.30 23:05:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.30 23:04:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.30 19:13:50 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\Desktop\Neuer Ordner
[2012.11.30 14:50:56 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\Desktop\Trojaner Logs
[2012.11.29 18:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.11.24 19:12:54 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Windows Sidebar
[2012.11.24 19:12:40 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\TuneUp Software
[2012.11.24 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.11.24 19:12:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.11.24 19:12:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.11.24 19:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2012.11.13 18:31:02 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\PDAppFlex
[2012.11.13 18:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.11.12 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.11.12 21:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86)
[2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Google
[2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.05.09 20:55:05 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.03 20:36:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.03 20:35:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 20:35:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 20:27:43 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.03 20:27:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 20:27:21 | 3193,618,432 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.03 19:59:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.03 18:06:15 | 000,069,193 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\IMG-20121203-WA0000.jpg
[2012.12.02 22:06:41 | 001,800,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.02 22:06:41 | 000,763,270 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.02 22:06:41 | 000,718,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.02 22:06:41 | 000,173,624 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.02 22:06:41 | 000,146,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.30 23:10:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.29 20:51:56 | 000,000,020 | ---- | M] () -- C:\Users\Peter Hagedorn\defogger_reenable
[2012.11.29 18:14:20 | 000,000,770 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk
[2012.11.24 19:11:13 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2012.11.24 19:00:29 | 000,000,020 | ---- | M] () -- C:\ProgramData\droidcam-settings
[2012.11.15 19:29:30 | 000,262,122 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg
[2012.11.15 14:28:44 | 004,916,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.04 18:00:21 | 000,000,541 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.03 18:07:03 | 000,069,193 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\IMG-20121203-WA0000.jpg
[2012.11.30 23:05:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.30 23:05:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.30 23:05:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.30 23:05:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.30 23:05:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.29 20:51:56 | 000,000,020 | ---- | C] () -- C:\Users\Peter Hagedorn\defogger_reenable
[2012.11.29 18:14:20 | 000,000,770 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk
[2012.11.24 18:58:17 | 000,000,020 | ---- | C] () -- C:\ProgramData\droidcam-settings
[2012.11.24 18:57:45 | 000,000,562 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam.lnk
[2012.11.15 19:29:30 | 000,262,122 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg
[2012.11.04 18:00:21 | 000,000,541 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk
[2012.08.15 20:22:23 | 000,003,584 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.04 16:06:07 | 000,135,935 | ---- | C] () -- C:\Users\Peter Hagedorn\475740_389447054439980_1180347956_o.jpg
[2012.08.04 16:06:07 | 000,060,954 | ---- | C] () -- C:\Users\Peter Hagedorn\228083_174335632621194_5063792_n.jpg
[2012.08.04 16:06:07 | 000,037,292 | ---- | C] () -- C:\Users\Peter Hagedorn\311782_212727452115345_5678760_n.jpg
[2012.08.04 16:06:07 | 000,032,854 | ---- | C] () -- C:\Users\Peter Hagedorn\555235_397545003630185_814928582_n.jpg
[2012.08.03 22:02:41 | 000,048,236 | ---- | C] () -- C:\Users\Peter Hagedorn\556715_397633903621295_831462772_n.jpg
[2012.08.03 22:02:41 | 000,041,440 | ---- | C] () -- C:\Users\Peter Hagedorn\524484_420877571291805_1147114674_n.jpg
[2012.08.03 22:02:41 | 000,030,823 | ---- | C] () -- C:\Users\Peter Hagedorn\308400_246757268708960_2084032314_n.jpg
[2012.08.03 22:02:41 | 000,024,195 | ---- | C] () -- C:\Users\Peter Hagedorn\373785_424387980945887_289037230_n.jpg
[2012.07.01 21:58:51 | 001,778,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.09 20:55:05 | 000,007,859 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.cat
[2012.05.09 20:55:05 | 000,001,167 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.inf
[2012.01.29 18:23:08 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

< End of report >

OTL Extra

Code:
OTL Extras logfile created on: 03.12.2012 20:33:16 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = D:\Trojaner
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 67,20% Memory free
7,93 Gb Paging File | 6,49 Gb Available in Paging File | 81,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86)
Drive C: | 97,66 Gb Total Space | 40,15 Gb Free Space | 41,12% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,50 Gb Free Space | 68,10% Space Free | Partition Type: NTFS
Drive E: | 172,69 Gb Total Space | 81,17 Gb Free Space | 47,00% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 35,68 Gb Free Space | 36,54% Space Free | Partition Type: NTFS
 
Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AD4037-6633-4E61-8AB5-D0280BBAFA67}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2C0D109E-0709-4C57-9AE2-7C7093F19ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3096A1C2-D0E4-46B8-8A1B-1E8ED1B55C1A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3410E138-6BCB-4F40-B546-A9EFF3E6120C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{40360C25-0035-44F7-BA02-BB904571EB70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46E45664-B26C-4DA1-BCA3-0B1C77EC802A}" = lport=137 | protocol=17 | dir=in | app=system |
"{551CAB9D-2EA4-4CC9-823B-9D52FFB67215}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5A35CEA5-9C12-4755-996B-E642E22384B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C186FB8-DB19-43A4-A2E9-1B4DC4159E19}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E2A20E8-2D9A-4DEA-BD68-91DE2043FC10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF620EC-14B9-44BD-8205-C85E2EF5CF5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9AD45986-2CE5-4D75-AAEC-4E7177C758FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{B74622B0-2E9F-4043-8EDB-61B22E46DC82}" = rport=445 | protocol=6 | dir=out | app=system |
"{B83C169E-9B66-4ECD-AC53-DAAE36F18619}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2542559-9FA8-4E67-B1EF-6D72D37BD97C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC7C2826-C261-4C6A-8330-7CA87EA4AC1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D012EE79-9DDA-4000-AF1A-10C4D971CCEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E22891A7-0416-47C4-98A5-C49618E93A2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E313490C-1098-4B94-BA58-68253E11824C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2EFE722-282E-45E3-BF89-4345BC819229}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F46C0CD0-26B6-4C97-BC53-E0FD85D80D45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F69278B0-1298-49E0-9715-B4FE66BF06A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{F98281DB-66F1-4378-9F6F-4D8C0EDC225B}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAB003B5-3813-40D1-ACE3-D37860FB3CE1}" = lport=10243 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B5601-35C4-4C55-A0A6-03343FE362FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04E465CD-337E-4ECC-AFAD-0B6970056013}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18EB8771-BC06-40E4-9E96-2F140C002B1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21166C00-FB3D-4B21-BD13-3E7C6099F59C}" = protocol=6 | dir=in | app=e:\droidcam\droidcamapp.exe |
"{2CA5A946-FBDD-4C49-A797-20D9E45F7003}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{31968711-CEC4-4F64-A511-46BB114E7B38}" = protocol=6 | dir=out | app=system |
"{370E6152-1ED8-424F-AFB0-C13E2A30418E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B816396-68C1-413F-A8EE-3BA0BEAA45BC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{401321D0-10BA-4DA0-988C-CDCAA20DDDD9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4E99166B-8474-43C7-BC87-BFC6E85D72EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{509EBDB6-92B3-473D-B137-B8FB76E9F272}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53F5A6C5-02DF-4F20-939E-D383E1CEF7EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6848284E-A832-45EC-B37B-6C8E2ADD9F6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A9CFA0D-9A44-4B3E-A799-7A4570F8DE48}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A960264-90A8-419F-9CBC-03461D9D83AC}" = protocol=17 | dir=in | app=e:\qqintl\bin\qq.exe |
"{7C9F30A9-0A20-411D-924C-8B9AC6BE4752}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DF5519F-44B4-489F-AE8E-548106BEA2E8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{89544430-00D8-465D-9AB5-6200C2CBE1F9}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9318EE68-5279-460D-98EE-3BB86FA42C6C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{969DD71E-D2D1-481C-A3E8-08D43E5A82DD}" = protocol=6 | dir=in | app=e:\qqintl\bin\qq.exe |
"{980067A2-8F45-4E44-9734-F521FD6B054B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{997071DE-A982-4D69-B748-E0E9CE05645F}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{9EC7D912-007D-4C59-9DCB-CC4210C1B126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0D20957-E9E4-4D86-BE47-40D1DE8BD7C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8117704-7B9E-4C80-B660-CF4F845B0BBA}" = dir=in | app=e:\mpk\mpkview.exe |
"{AD88D1C6-B339-46DD-95BB-E8300A832652}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AFFD8E8B-53BA-492C-B24D-45EC07DFAB49}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B23353BC-272B-4BA3-A4AB-B0CD54C9B629}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C2810B02-168B-45A7-AD63-8DC9261347A4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C3342031-BCFB-4F22-9074-CD318DE5B986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D315465C-3FC1-48D0-BC64-8E4DE79223FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAD8E0DC-2C32-4B9F-B306-0A40B05D5C20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8392474-4166-4396-81CD-0526ED8EAAF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5AF0C33-8BBE-4D5D-935D-8487A779E55C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F6349756-FF65-4BA5-AF16-65BD12AF4B4D}" = dir=in | app=e:\mpk\mpk.exe |
"{FB4CD95B-CDAE-4A02-A453-EA5323D43FA0}" = protocol=17 | dir=in | app=e:\droidcam\droidcamapp.exe |
"TCP Query User{0952F30B-0032-4DE4-8DB4-B4B3087A3E85}E:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"TCP Query User{15014167-183E-4AF3-8D20-EC51DE34BF95}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"TCP Query User{354C1C9D-F71C-4A76-A56C-B3414E08BB0D}E:\tibiacast\tibiacast client.exe" = protocol=6 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"TCP Query User{40E00FB3-3158-406D-87A0-1826F4735FD5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5EB9B314-0D55-4689-A3D1-DA5A9ADC6D14}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{97F7E791-8B15-4477-A84A-2ACBBFCA4ADD}E:\london 2012\london2012.exe" = protocol=6 | dir=in | app=e:\london 2012\london2012.exe |
"TCP Query User{DBCC130A-41D4-4656-876C-47EBB333FA8D}E:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=e:\sopcast\sopcast.exe |
"TCP Query User{E468BA5C-951C-4899-9D9A-A9FCFEA1F9A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{EA892FEA-B02C-4FC5-9DEA-2A6714ADE6C4}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{FF90AE82-3CFD-4DD8-B572-D3A53D4F3D0C}E:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=e:\miranda im\miranda32.exe |
"UDP Query User{0A08BB74-59B2-48E9-9D93-F9D73213D0F6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{40BF9E0F-1A8F-4F7B-901D-1CEF755A7536}E:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=e:\sopcast\sopcast.exe |
"UDP Query User{53E9C828-031C-40A7-AAA3-2A1165D64C66}E:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"UDP Query User{59269D52-7EC9-45DB-A4C0-C57101119A55}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{5DD068B0-C1EA-4DEB-AA8B-D0FBFF4FD6E6}E:\london 2012\london2012.exe" = protocol=17 | dir=in | app=e:\london 2012\london2012.exe |
"UDP Query User{92CF29D5-2E29-420E-A327-12409DDBE51D}E:\tibiacast\tibiacast client.exe" = protocol=17 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"UDP Query User{9E8705C5-80B8-4932-AE5A-FF5ECC744FA0}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{ACFD954A-F829-4605-9313-B7B6DC1A81D6}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{EEFB6FC5-EBF2-4E12-ADE5-863C773493D6}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"UDP Query User{F15019E7-E37F-4D3C-B16B-31E914A78C46}E:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=e:\miranda im\miranda32.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5FB5C4-7F23-4EB3-A7FA-DFD0B2F30341}" = Tibiacast
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.5.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Picasa 3" = Picasa 3
"PS3 Media Server" = PS3 Media Server
"SopCast" = SopCast 3.5.0
"Tibia_is1" = Tibia
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.11.2012 12:54:39 | Computer Name = PeterHagedorn | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not reliably determine the server's fully qualified domain name, using 192.168.2.100
 for ServerName    .
 
Error - 06.11.2012 17:52:20 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_4_402_287.exe,
 Version: 11.4.402.287, Zeitstempel: 0x5066dda3  Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll,
 Version: 11.4.402.287, Zeitstempel: 0x5066df1c  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x004254cf  ID des fehlerhaften Prozesses: 0x588  Startzeit der fehlerhaften Anwendung:
 0x01cdbc5e9e46131a  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
Berichtskennung:
 3cb32c37-285c-11e2-98e4-00030da4e330
 
Error - 30.11.2012 02:32:24 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 30.11.2012 20:20:12 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.11.0, Zeitstempel:
 0x4e1edf37  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften Prozesses:
 0xe04  Startzeit der fehlerhaften Anwendung: 0x01cdcf57fc4c28c3  Pfad der fehlerhaften
 Anwendung: E:\VLC\vlc.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 ded8f918-3b4c-11e2-93ec-00030da4e330
 
Error - 01.12.2012 09:00:46 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 02.12.2012 08:46:03 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 03.12.2012 14:23:35 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 17.06.2012 10:05:43 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?06.?2012 um 16:04:51 unerwartet heruntergefahren.
 
Error - 19.06.2012 12:21:58 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.06.2012 12:22:00 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.06.2012 18:10:22 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?06.?2012 um 00:09:26 unerwartet heruntergefahren.
 
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.06.2012 09:59:03 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >

donpedrofo 03.12.2012 20:44
adwcleaner:
Code:
# AdwCleaner v2.011 - Datei am 03/12/2012 um 20:26:32 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Peter Hagedorn - PETERHAGEDORN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Peter Hagedorn\Desktop\Trojaner Logs\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Peter Hagedorn\AppData\Roaming\Mozilla\Firefox\Profiles\n3qsqsb5.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R2].txt - [2274 octets] - [03/12/2012 17:49:09]
AdwCleaner[R3].txt - [2334 octets] - [03/12/2012 20:26:24]
AdwCleaner[S2].txt - [2269 octets] - [03/12/2012 20:26:32]

########## EOF - C:\AdwCleaner[S2].txt - [2329 octets] ##########

OTL

Code:
OTL logfile created on: 03.12.2012 20:33:16 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = D:\Trojaner
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 67,20% Memory free
7,93 Gb Paging File | 6,49 Gb Available in Paging File | 81,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86)
Drive C: | 97,66 Gb Total Space | 40,15 Gb Free Space | 41,12% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,50 Gb Free Space | 68,10% Space Free | Partition Type: NTFS
Drive E: | 172,69 Gb Total Space | 81,17 Gb Free Space | 47,00% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 35,68 Gb Free Space | 36,54% Space Free | Partition Type: NTFS
 
Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - E:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - e:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - E:\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (SQLBrowser) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- e:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 B3 4C 59 76 D0 CD 01  [binary data]
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: E:\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: E:\Mozilla Firefox\components [2012.10.27 21:50:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: E:\Mozilla Firefox\plugins
 
[2011.11.16 15:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Extensions
[2012.11.27 22:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions
[2012.11.21 15:54:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter Hagedorn\AppData\Roaming\mozilla\Firefox\Profiles\n3qsqsb5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.27 22:04:58 | 000,003,233 | ---- | M] () (No name found) -- C:\USERS\PETER HAGEDORN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N3QSQSB5.DEFAULT\EXTENSIONS\AX1FMU@W19HH.COM.XPI
[2011.11.19 12:58:32 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\PETER HAGEDORN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N3QSQSB5.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
 
O1 HOSTS File: ([2012.11.30 23:10:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001..\Run: [SpybotSD TeaTimer] e:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBD288FE-D362-44E5-BDE3-B673B8EB2E7E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.01 09:09:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.30 23:12:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.30 23:05:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.30 23:05:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.30 23:05:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.30 23:05:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.30 23:04:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.30 19:13:50 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\Desktop\Neuer Ordner
[2012.11.30 14:50:56 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\Desktop\Trojaner Logs
[2012.11.29 18:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.11.24 19:12:54 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Windows Sidebar
[2012.11.24 19:12:40 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\TuneUp Software
[2012.11.24 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.11.24 19:12:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.11.24 19:12:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.11.24 19:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2012.11.13 18:31:02 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\PDAppFlex
[2012.11.13 18:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.11.12 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.11.12 21:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86)
[2012.11.06 06:01:03 | 000,000,000 | ---D | C] -- C:\Programme (x86)\Google
[2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.11.04 18:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012.05.09 20:55:05 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.03 20:36:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.03 20:35:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 20:35:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 20:27:43 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.03 20:27:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 20:27:21 | 3193,618,432 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.03 19:59:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.03 18:06:15 | 000,069,193 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\IMG-20121203-WA0000.jpg
[2012.12.02 22:06:41 | 001,800,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.02 22:06:41 | 000,763,270 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.02 22:06:41 | 000,718,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.02 22:06:41 | 000,173,624 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.02 22:06:41 | 000,146,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.30 23:10:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.29 20:51:56 | 000,000,020 | ---- | M] () -- C:\Users\Peter Hagedorn\defogger_reenable
[2012.11.29 18:14:20 | 000,000,770 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk
[2012.11.24 19:11:13 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2012.11.24 19:00:29 | 000,000,020 | ---- | M] () -- C:\ProgramData\droidcam-settings
[2012.11.15 19:29:30 | 000,262,122 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg
[2012.11.15 14:28:44 | 004,916,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.04 18:00:21 | 000,000,541 | ---- | M] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.03 18:07:03 | 000,069,193 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\IMG-20121203-WA0000.jpg
[2012.11.30 23:05:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.30 23:05:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.30 23:05:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.30 23:05:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.30 23:05:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.29 20:51:56 | 000,000,020 | ---- | C] () -- C:\Users\Peter Hagedorn\defogger_reenable
[2012.11.29 18:14:20 | 000,000,770 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\Spybot - Search & Destroy.lnk
[2012.11.24 18:58:17 | 000,000,020 | ---- | C] () -- C:\ProgramData\droidcam-settings
[2012.11.24 18:57:45 | 000,000,562 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam.lnk
[2012.11.15 19:29:30 | 000,262,122 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\smw.jpg
[2012.11.04 18:00:21 | 000,000,541 | ---- | C] () -- C:\Users\Peter Hagedorn\Desktop\SopCast.lnk
[2012.08.15 20:22:23 | 000,003,584 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.04 16:06:07 | 000,135,935 | ---- | C] () -- C:\Users\Peter Hagedorn\475740_389447054439980_1180347956_o.jpg
[2012.08.04 16:06:07 | 000,060,954 | ---- | C] () -- C:\Users\Peter Hagedorn\228083_174335632621194_5063792_n.jpg
[2012.08.04 16:06:07 | 000,037,292 | ---- | C] () -- C:\Users\Peter Hagedorn\311782_212727452115345_5678760_n.jpg
[2012.08.04 16:06:07 | 000,032,854 | ---- | C] () -- C:\Users\Peter Hagedorn\555235_397545003630185_814928582_n.jpg
[2012.08.03 22:02:41 | 000,048,236 | ---- | C] () -- C:\Users\Peter Hagedorn\556715_397633903621295_831462772_n.jpg
[2012.08.03 22:02:41 | 000,041,440 | ---- | C] () -- C:\Users\Peter Hagedorn\524484_420877571291805_1147114674_n.jpg
[2012.08.03 22:02:41 | 000,030,823 | ---- | C] () -- C:\Users\Peter Hagedorn\308400_246757268708960_2084032314_n.jpg
[2012.08.03 22:02:41 | 000,024,195 | ---- | C] () -- C:\Users\Peter Hagedorn\373785_424387980945887_289037230_n.jpg
[2012.07.01 21:58:51 | 001,778,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.09 20:55:05 | 000,007,859 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.cat
[2012.05.09 20:55:05 | 000,001,167 | ---- | C] () -- C:\Users\Peter Hagedorn\AppData\Roaming\pcouffin.inf
[2012.01.29 18:23:08 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

< End of report >

OTL Extra

Code:
OTL Extras logfile created on: 03.12.2012 20:33:16 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = D:\Trojaner
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 67,20% Memory free
7,93 Gb Paging File | 6,49 Gb Available in Paging File | 81,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme (x86)
Drive C: | 97,66 Gb Total Space | 40,15 Gb Free Space | 41,12% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 66,50 Gb Free Space | 68,10% Space Free | Partition Type: NTFS
Drive E: | 172,69 Gb Total Space | 81,17 Gb Free Space | 47,00% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 35,68 Gb Free Space | 36,54% Space Free | Partition Type: NTFS
 
Computer Name: PETERHAGEDORN | User Name: Peter Hagedorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\CCpbBS.exe:*:Enabled:Windows Messanger
"C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe" = C:\Users\Peter Hagedorn\AppData\Roaming\commen.exe:*:Enabled:Windows Messanger
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AD4037-6633-4E61-8AB5-D0280BBAFA67}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2C0D109E-0709-4C57-9AE2-7C7093F19ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3096A1C2-D0E4-46B8-8A1B-1E8ED1B55C1A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3410E138-6BCB-4F40-B546-A9EFF3E6120C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{40360C25-0035-44F7-BA02-BB904571EB70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46E45664-B26C-4DA1-BCA3-0B1C77EC802A}" = lport=137 | protocol=17 | dir=in | app=system |
"{551CAB9D-2EA4-4CC9-823B-9D52FFB67215}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5A35CEA5-9C12-4755-996B-E642E22384B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C186FB8-DB19-43A4-A2E9-1B4DC4159E19}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E2A20E8-2D9A-4DEA-BD68-91DE2043FC10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF620EC-14B9-44BD-8205-C85E2EF5CF5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9AD45986-2CE5-4D75-AAEC-4E7177C758FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{B74622B0-2E9F-4043-8EDB-61B22E46DC82}" = rport=445 | protocol=6 | dir=out | app=system |
"{B83C169E-9B66-4ECD-AC53-DAAE36F18619}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2542559-9FA8-4E67-B1EF-6D72D37BD97C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC7C2826-C261-4C6A-8330-7CA87EA4AC1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D012EE79-9DDA-4000-AF1A-10C4D971CCEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E22891A7-0416-47C4-98A5-C49618E93A2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E313490C-1098-4B94-BA58-68253E11824C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2EFE722-282E-45E3-BF89-4345BC819229}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F46C0CD0-26B6-4C97-BC53-E0FD85D80D45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F69278B0-1298-49E0-9715-B4FE66BF06A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{F98281DB-66F1-4378-9F6F-4D8C0EDC225B}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAB003B5-3813-40D1-ACE3-D37860FB3CE1}" = lport=10243 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B5601-35C4-4C55-A0A6-03343FE362FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04E465CD-337E-4ECC-AFAD-0B6970056013}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18EB8771-BC06-40E4-9E96-2F140C002B1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21166C00-FB3D-4B21-BD13-3E7C6099F59C}" = protocol=6 | dir=in | app=e:\droidcam\droidcamapp.exe |
"{2CA5A946-FBDD-4C49-A797-20D9E45F7003}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{31968711-CEC4-4F64-A511-46BB114E7B38}" = protocol=6 | dir=out | app=system |
"{370E6152-1ED8-424F-AFB0-C13E2A30418E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B816396-68C1-413F-A8EE-3BA0BEAA45BC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{401321D0-10BA-4DA0-988C-CDCAA20DDDD9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4E99166B-8474-43C7-BC87-BFC6E85D72EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{509EBDB6-92B3-473D-B137-B8FB76E9F272}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53F5A6C5-02DF-4F20-939E-D383E1CEF7EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6848284E-A832-45EC-B37B-6C8E2ADD9F6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A9CFA0D-9A44-4B3E-A799-7A4570F8DE48}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A960264-90A8-419F-9CBC-03461D9D83AC}" = protocol=17 | dir=in | app=e:\qqintl\bin\qq.exe |
"{7C9F30A9-0A20-411D-924C-8B9AC6BE4752}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DF5519F-44B4-489F-AE8E-548106BEA2E8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{89544430-00D8-465D-9AB5-6200C2CBE1F9}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9318EE68-5279-460D-98EE-3BB86FA42C6C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{969DD71E-D2D1-481C-A3E8-08D43E5A82DD}" = protocol=6 | dir=in | app=e:\qqintl\bin\qq.exe |
"{980067A2-8F45-4E44-9734-F521FD6B054B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{997071DE-A982-4D69-B748-E0E9CE05645F}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{9EC7D912-007D-4C59-9DCB-CC4210C1B126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0D20957-E9E4-4D86-BE47-40D1DE8BD7C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8117704-7B9E-4C80-B660-CF4F845B0BBA}" = dir=in | app=e:\mpk\mpkview.exe |
"{AD88D1C6-B339-46DD-95BB-E8300A832652}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AFFD8E8B-53BA-492C-B24D-45EC07DFAB49}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B23353BC-272B-4BA3-A4AB-B0CD54C9B629}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C2810B02-168B-45A7-AD63-8DC9261347A4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C3342031-BCFB-4F22-9074-CD318DE5B986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D315465C-3FC1-48D0-BC64-8E4DE79223FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAD8E0DC-2C32-4B9F-B306-0A40B05D5C20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8392474-4166-4396-81CD-0526ED8EAAF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5AF0C33-8BBE-4D5D-935D-8487A779E55C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F6349756-FF65-4BA5-AF16-65BD12AF4B4D}" = dir=in | app=e:\mpk\mpk.exe |
"{FB4CD95B-CDAE-4A02-A453-EA5323D43FA0}" = protocol=17 | dir=in | app=e:\droidcam\droidcamapp.exe |
"TCP Query User{0952F30B-0032-4DE4-8DB4-B4B3087A3E85}E:\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"TCP Query User{15014167-183E-4AF3-8D20-EC51DE34BF95}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"TCP Query User{354C1C9D-F71C-4A76-A56C-B3414E08BB0D}E:\tibiacast\tibiacast client.exe" = protocol=6 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"TCP Query User{40E00FB3-3158-406D-87A0-1826F4735FD5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5EB9B314-0D55-4689-A3D1-DA5A9ADC6D14}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{97F7E791-8B15-4477-A84A-2ACBBFCA4ADD}E:\london 2012\london2012.exe" = protocol=6 | dir=in | app=e:\london 2012\london2012.exe |
"TCP Query User{DBCC130A-41D4-4656-876C-47EBB333FA8D}E:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=e:\sopcast\sopcast.exe |
"TCP Query User{E468BA5C-951C-4899-9D9A-A9FCFEA1F9A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{EA892FEA-B02C-4FC5-9DEA-2A6714ADE6C4}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{FF90AE82-3CFD-4DD8-B572-D3A53D4F3D0C}E:\miranda im\miranda32.exe" = protocol=6 | dir=in | app=e:\miranda im\miranda32.exe |
"UDP Query User{0A08BB74-59B2-48E9-9D93-F9D73213D0F6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{40BF9E0F-1A8F-4F7B-901D-1CEF755A7536}E:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=e:\sopcast\sopcast.exe |
"UDP Query User{53E9C828-031C-40A7-AAA3-2A1165D64C66}E:\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=e:\gadu-gadu 10\gg.exe |
"UDP Query User{59269D52-7EC9-45DB-A4C0-C57101119A55}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{5DD068B0-C1EA-4DEB-AA8B-D0FBFF4FD6E6}E:\london 2012\london2012.exe" = protocol=17 | dir=in | app=e:\london 2012\london2012.exe |
"UDP Query User{92CF29D5-2E29-420E-A327-12409DDBE51D}E:\tibiacast\tibiacast client.exe" = protocol=17 | dir=in | app=e:\tibiacast\tibiacast client.exe |
"UDP Query User{9E8705C5-80B8-4932-AE5A-FF5ECC744FA0}E:\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=e:\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{ACFD954A-F829-4605-9313-B7B6DC1A81D6}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{EEFB6FC5-EBF2-4E12-ADE5-863C773493D6}C:\yparser16_1\bin\apache2_2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\yparser16_1\bin\apache2_2\bin\httpd.exe |
"UDP Query User{F15019E7-E37F-4D3C-B16B-31E914A78C46}E:\miranda im\miranda32.exe" = protocol=17 | dir=in | app=e:\miranda im\miranda32.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5FB5C4-7F23-4EB3-A7FA-DFD0B2F30341}" = Tibiacast
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.5.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Picasa 3" = Picasa 3
"PS3 Media Server" = PS3 Media Server
"SopCast" = SopCast 3.5.0
"Tibia_is1" = Tibia
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3326496541-3818208858-468713518-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.11.2012 12:54:39 | Computer Name = PeterHagedorn | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> httpd.exe:
 Could not reliably determine the server's fully qualified domain name, using 192.168.2.100
 for ServerName    .
 
Error - 06.11.2012 17:52:20 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_4_402_287.exe,
 Version: 11.4.402.287, Zeitstempel: 0x5066dda3  Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll,
 Version: 11.4.402.287, Zeitstempel: 0x5066df1c  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x004254cf  ID des fehlerhaften Prozesses: 0x588  Startzeit der fehlerhaften Anwendung:
 0x01cdbc5e9e46131a  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
Berichtskennung:
 3cb32c37-285c-11e2-98e4-00030da4e330
 
Error - 30.11.2012 02:32:24 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 30.11.2012 20:20:12 | Computer Name = PeterHagedorn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.11.0, Zeitstempel:
 0x4e1edf37  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften Prozesses:
 0xe04  Startzeit der fehlerhaften Anwendung: 0x01cdcf57fc4c28c3  Pfad der fehlerhaften
 Anwendung: E:\VLC\vlc.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 ded8f918-3b4c-11e2-93ec-00030da4e330
 
Error - 01.12.2012 09:00:46 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 02.12.2012 08:46:03 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 03.12.2012 14:23:35 | Computer Name = PeterHagedorn | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\spybot -
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 17.06.2012 10:05:43 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?06.?2012 um 16:04:51 unerwartet heruntergefahren.
 
Error - 19.06.2012 12:21:58 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.06.2012 12:22:00 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 20.06.2012 18:10:22 | Computer Name = PeterHagedorn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?06.?2012 um 00:09:26 unerwartet heruntergefahren.
 
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.06.2012 09:59:02 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.06.2012 09:59:03 | Computer Name = PeterHagedorn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >

cosinus 03.12.2012 20:45
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


donpedrofo 04.12.2012 15:23
Malware Code

Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Peter Hagedorn :: PETERHAGEDORN [Administrator]

04.12.2012 15:08:49
mbam-log-2012-12-04 (15-08-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206828
Laufzeit: 2 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Peter Hagedorn\AppData\Roaming\22552795 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 21
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\10-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\11-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\12-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\13-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\14-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\15-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\16-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\17-07-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\17-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\19-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\20-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\21-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\22-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\23-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\24-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\25-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\26-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\27-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\28-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\29-10-2012 (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Peter Hagedorn\AppData\Roaming\22552795\ak.tmp (Rogue.Multiple) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
der CODE von ESET dauert noch ein bisschen


Vielen dank für die Bemühungen schonmal

donpedrofo 05.12.2012 20:44
und nach 3 Stunden scannen hab ich den CODE von ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=bc517b9719100d47abd3d794eadb22fc
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-04 02:24:33
# local_time=2012-12-04 03:24:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 90727 220050763 83508 0
# compatibility_mode=5893 16776573 100 52 349941 107036744 0 0
# scanned=8001
# found=0
# cleaned=0
# scan_time=591


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:00 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131