|
TR/ATRAPS.Gen2 - Auch mich hats erwischt! Hallo Erstmal besten Dank, dass Ihr hier uns Unwissenden mit derart viel Aufwand weiter helft. Bei meinem PC war plötzlich Avira deinstalliert und kurze Zeit später fing der Desktop an zu `spinnen`. Also Avira neu geladen und die bekannten Meldungen angezeigt bekommen - C:\Windows\assembly\temp\U\80000032.@ sowie in vielen anderen Dateien wurde der böse:pfui: TR/ATRAPS.Gen2 gefunden. Hier die Daten vom Defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:28 on 01/06/2012 (1) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Und OTL: OTL logfile created on: 01.06.2012 17:31:53 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\1\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 43.29% Memory free 7.98 Gb Paging File | 6.19 Gb Available in Paging File | 77.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200.10 Gb Total Space | 97.14 Gb Free Space | 48.55% Space Free | Partition Type: NTFS Drive D: | 697.07 Gb Total Space | 666.97 Gb Free Space | 95.68% Space Free | Partition Type: NTFS Drive E: | 500.00 Gb Total Space | 499.51 Gb Free Space | 99.90% Space Free | Partition Type: NTFS Computer Name: 1-PC | User Name: 1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.01 17:31:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe PRC - [2012.05.08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\1\AppData\Local\Akamai\netsession_win.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.13 18:06:45 | 000,424,568 | ---- | M] (hxxp://www.express-files.com/) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe PRC - [2012.02.13 18:06:45 | 000,188,024 | ---- | M] (hxxp://www.express-files.com/) -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe PRC - [2011.12.05 13:42:22 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2011.08.23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.03.15 18:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2010.06.07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (db2das00) SRV - [2012.05.30 08:34:57 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.06.07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.09.20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.09.29 07:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.04.28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.01.28 16:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.10.21 05:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.08.21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007.08.14 16:50:16 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={0DE28D6F-C79C-4915-B91D-F96FF45C7FDA} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {D8BD6DAA-94A1-4202-8991-182C9112FD7D} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{D8BD6DAA-94A1-4202-8991-182C9112FD7D}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deCH402 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.23 23:19:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.23 23:19:46 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin Hosts file not found O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ExpressFiles] C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (hxxp://www.express-files.com/) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\1\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [Argus Monitor] "C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe" File not found O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control) O16 - DPF: {6C9B3550-8DF6-415D-9B8F-4B1E74D08355} file:///C:/Users/1/AppData/Local/indigo/%7BC066C75D-B244-460E-A237-F1ED8E85E227%7D/www/IndigoScreen.cab (IndigoScreen2 ActiveX Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D7DA3AF-0795-4C40-BA42-670FF51D9688}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E5F2BFF-ABB2-41F8-B820-E403D44E40EC}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: db2das00 - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2012.06.01 17:31:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe [2012.05.31 13:33:42 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Avira [2012.05.31 13:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.31 13:32:29 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.31 13:32:29 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.31 13:32:29 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.05.31 13:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.31 13:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.05.30 23:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.05.30 22:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.05.28 17:52:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\HPAppData [2012.05.23 21:18:58 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2012.05.07 18:12:30 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\DiskAid [2012.05.07 18:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid [2012.05.07 18:12:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigiDNA ========== Files - Modified Within 30 Days ========== [2012.06.01 17:31:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe [2012.06.01 17:28:07 | 000,000,000 | ---- | M] () -- C:\Users\1\defogger_reenable [2012.06.01 17:26:39 | 000,050,477 | ---- | M] () -- C:\Users\1\Desktop\Defogger.exe [2012.06.01 17:23:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.01 17:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job [2012.06.01 17:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At18.job [2012.06.01 16:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At41.job [2012.06.01 16:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job [2012.06.01 15:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job [2012.06.01 15:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At16.job [2012.06.01 14:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At39.job [2012.06.01 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job [2012.06.01 13:00:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job [2012.06.01 13:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At14.job [2012.06.01 12:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At37.job [2012.06.01 12:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job [2012.06.01 11:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job [2012.06.01 11:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At12.job [2012.06.01 10:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At35.job [2012.06.01 10:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job [2012.06.01 09:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job [2012.06.01 09:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At10.job [2012.06.01 08:37:34 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 08:37:34 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 08:30:21 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.01 08:30:19 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\WinMaximizer64-1-Startup.job [2012.06.01 08:29:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.01 08:29:40 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2012.05.31 22:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At47.job [2012.05.31 22:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job [2012.05.31 21:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job [2012.05.31 21:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At22.job [2012.05.31 20:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At45.job [2012.05.31 20:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job [2012.05.31 19:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job [2012.05.31 19:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At20.job [2012.05.31 18:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At43.job [2012.05.31 18:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job [2012.05.31 13:32:44 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.31 08:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At33.job [2012.05.31 08:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job [2012.05.31 07:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job [2012.05.31 07:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At8.job [2012.05.31 06:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At31.job [2012.05.31 06:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job [2012.05.31 05:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job [2012.05.31 05:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At6.job [2012.05.31 04:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At29.job [2012.05.31 04:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job [2012.05.31 03:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job [2012.05.31 03:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At4.job [2012.05.31 02:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At27.job [2012.05.31 02:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job [2012.05.31 01:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job [2012.05.31 01:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At2.job [2012.05.31 00:28:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At25.job [2012.05.31 00:08:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job [2012.05.29 23:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job [2012.05.29 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At24.job [2012.05.24 09:09:09 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd [2012.05.10 14:24:04 | 006,232,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.07 18:12:22 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\DiskAid.lnk ========== Files Created - No Company Name ========== [2012.06.01 17:28:07 | 000,000,000 | ---- | C] () -- C:\Users\1\defogger_reenable [2012.06.01 17:26:38 | 000,050,477 | ---- | C] () -- C:\Users\1\Desktop\Defogger.exe [2012.05.31 13:32:44 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.23 21:31:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job [2012.05.23 21:31:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At47.job [2012.05.23 21:31:09 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job [2012.05.23 21:31:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At45.job [2012.05.23 21:31:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job [2012.05.23 21:31:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At43.job [2012.05.23 21:31:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job [2012.05.23 21:31:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At41.job [2012.05.23 21:31:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job [2012.05.23 21:31:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At39.job [2012.05.23 21:31:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job [2012.05.23 21:31:02 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At37.job [2012.05.23 21:31:01 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job [2012.05.23 21:31:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At35.job [2012.05.23 21:31:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job [2012.05.23 21:30:59 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At33.job [2012.05.23 21:30:58 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job [2012.05.23 21:30:57 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At31.job [2012.05.23 21:30:57 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job [2012.05.23 21:30:56 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At29.job [2012.05.23 21:30:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job [2012.05.23 21:30:54 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At27.job [2012.05.23 21:30:54 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job [2012.05.23 21:30:53 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At25.job [2012.05.23 21:30:52 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At24.job [2012.05.23 21:30:51 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At23.job [2012.05.23 21:30:50 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At22.job [2012.05.23 21:30:50 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At21.job [2012.05.23 21:30:49 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At20.job [2012.05.23 21:30:48 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At19.job [2012.05.23 21:30:47 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At18.job [2012.05.23 21:30:47 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At17.job [2012.05.23 21:30:46 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At16.job [2012.05.23 21:30:45 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At15.job [2012.05.23 21:30:44 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At14.job [2012.05.23 21:30:43 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At13.job [2012.05.23 21:30:43 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At12.job [2012.05.23 21:30:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At11.job [2012.05.23 21:30:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At9.job [2012.05.23 21:30:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At10.job [2012.05.23 21:30:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At8.job [2012.05.23 21:30:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At7.job [2012.05.23 21:30:38 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At6.job [2012.05.23 21:30:38 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At5.job [2012.05.23 21:30:37 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At4.job [2012.05.23 21:30:36 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At3.job [2012.05.23 21:30:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At2.job [2012.05.23 21:30:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At1.job [2012.05.23 21:20:25 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd [2012.05.07 18:12:22 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\DiskAid.lnk [2012.02.27 15:00:00 | 000,004,096 | -H-- | C] () -- C:\Users\1\AppData\Local\keyfile3.drm [2011.03.08 23:49:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.21 21:25:04 | 000,492,517 | ---- | C] () -- C:\Windows\DIMENSION-3 Uninstaller.exe [2010.08.23 23:12:52 | 000,245,342 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.08.23 23:12:52 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2010.06.18 16:32:34 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2010.06.07 19:32:20 | 000,035,014 | ---- | C] () -- C:\Windows\Ascd_log.ini [2010.06.07 19:30:13 | 000,027,011 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== LOP Check ========== [2011.10.31 23:04:15 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.07 18:38:13 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2011.10.31 17:12:31 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.01.21 22:26:34 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Dimension-3 [2012.05.07 18:12:30 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\DiskAid [2012.03.04 16:22:42 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\EasyTax [2012.06.01 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\ExpressFiles [2010.07.18 17:37:10 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\gtk-2.0 [2011.08.14 18:26:39 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\inkscape [2012.01.04 18:57:16 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\MAGIX [2012.04.24 22:25:40 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\NetDrive [2010.06.24 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Opera [2011.11.01 00:12:00 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.05.31 00:08:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job [2012.06.01 09:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At10.job [2012.06.01 10:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At11.job [2012.06.01 11:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At12.job [2012.06.01 12:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At13.job [2012.06.01 13:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At14.job [2012.06.01 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At15.job [2012.06.01 15:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At16.job [2012.06.01 16:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At17.job [2012.06.01 17:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At18.job [2012.05.31 18:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At19.job [2012.05.31 01:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At2.job [2012.05.31 19:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At20.job [2012.05.31 20:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At21.job [2012.05.31 21:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At22.job [2012.05.31 22:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At23.job [2012.05.29 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At24.job [2012.05.31 00:28:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At25.job [2012.05.31 01:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At26.job [2012.05.31 02:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At27.job [2012.05.31 03:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At28.job [2012.05.31 04:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At29.job [2012.05.31 02:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job [2012.05.31 05:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At30.job [2012.05.31 06:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At31.job [2012.05.31 07:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At32.job [2012.05.31 08:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At33.job [2012.06.01 09:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At34.job [2012.06.01 10:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At35.job [2012.06.01 11:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At36.job [2012.06.01 12:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At37.job [2012.06.01 13:00:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At38.job [2012.06.01 14:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At39.job [2012.05.31 03:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At4.job [2012.06.01 15:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At40.job [2012.06.01 16:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At41.job [2012.06.01 17:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At42.job [2012.05.31 18:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At43.job [2012.05.31 19:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At44.job [2012.05.31 20:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At45.job [2012.05.31 21:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At46.job [2012.05.31 22:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At47.job [2012.05.29 23:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At48.job [2012.05.31 04:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At5.job [2012.05.31 05:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At6.job [2012.05.31 06:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At7.job [2012.05.31 07:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At8.job [2012.05.31 08:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job [2012.05.04 12:58:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.01 08:30:19 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer64-1-Startup.job ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\system64] -> \systemroot\system32 -> Mount Point < End of report > Und noch Extra.txt: OTL Extras logfile created on: 01.06.2012 17:31:53 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\1\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 43.29% Memory free 7.98 Gb Paging File | 6.19 Gb Available in Paging File | 77.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200.10 Gb Total Space | 97.14 Gb Free Space | 48.55% Space Free | Partition Type: NTFS Drive D: | 697.07 Gb Total Space | 666.97 Gb Free Space | 95.68% Space Free | Partition Type: NTFS Drive E: | 500.00 Gb Total Space | 499.51 Gb Free Space | 99.90% Space Free | Partition Type: NTFS Computer Name: 1-PC | User Name: 1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AAD899-5254-4A90-8591-BC323AEDCC1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{0F71B78A-2723-4F85-ABE1-76E2ECAB42C6}" = lport=138 | protocol=17 | dir=in | app=system | "{27165155-F40F-47C2-B344-B63A7D971F31}" = rport=445 | protocol=6 | dir=out | app=system | "{28656EF2-D3D7-4EB4-A7F5-7369113368CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2BF4A13E-CB90-479F-8E50-05D0E275D5B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2FE8443C-32E9-4086-A7C5-8429DDA71475}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4BC3EB54-5326-4324-8BBB-F1B49F2952E4}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface | "{5AE9C815-B434-4067-93EE-918E068DA85D}" = lport=139 | protocol=6 | dir=in | app=system | "{753690EA-7740-454C-9AD7-1345BF189AFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{78466685-6F26-4775-B586-52A07D2808F3}" = rport=138 | protocol=17 | dir=out | app=system | "{977EAB4B-D475-402F-8A5A-537073C9F555}" = rport=137 | protocol=17 | dir=out | app=system | "{A04E2DBF-F8DD-432B-BA96-8A53309BB96D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B240258F-5546-4099-88AC-829A42477881}" = lport=137 | protocol=17 | dir=in | app=system | "{B25AB902-8336-4BBE-AD73-AB07BE5CB294}" = lport=445 | protocol=6 | dir=in | app=system | "{C084E120-9E8D-4A78-8FBF-6B550738193C}" = rport=139 | protocol=6 | dir=out | app=system | "{C139951B-D8BB-451B-80B7-F278B8EAFFD2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D3F66786-D47F-4563-9BC3-97922180DEB7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E970A6-E78E-4B76-BBAC-845A8BCE14AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{040C6183-39A7-4BB2-BBB0-2987AFD6A5C3}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{0705CFBF-F0D4-496C-B4AE-A051106083DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0CD089C9-D6A9-47E2-9C7B-CFFDFC6A7224}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{137341A8-6A71-4CB4-840B-A9BCED7EE9CD}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | "{1B732DC9-306A-454D-A08B-E44913220881}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{219766EF-9103-41A8-8E85-BC818E790C0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{26EDFC06-EF3A-437D-BC76-3DF06DE5C93D}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | "{290DC225-6F27-4922-93B5-2EB18ED33A42}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\microsoft\windows\temporary internet files\content.ie5\f2qg37z3\sweetimsetup.exe | "{2D181D9C-A73D-469C-88BA-BE7D678F2503}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{2DD084D0-AE21-46AD-B9B4-184CE89E2074}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | "{31A7B851-B754-414B-8EB3-9522989523F2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{3654C53B-22FC-43CD-95CB-F4E6AE545ED4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{3DC01B96-47CD-4BB5-9544-3FA2DCC38213}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{46932D0A-F02D-4CEC-A90E-BD116238CA83}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | "{4BE6ABC5-A373-49D3-83BD-EF3D1B4E9B81}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{4E7D3D73-9391-420E-B5B8-F637E4FC3FF3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{528CDFD7-E430-46D8-9F81-E5F25FBCDE47}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{52E0AA66-CB34-4B84-8EF1-218BA35C6E86}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{55AD4A7B-09C6-4755-B092-9E01E79E8197}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{5D7BE5C5-4C26-4EF6-8F7B-CD8B0024044C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{6133B781-C99F-4B37-AAF3-99DA741F565E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{643A86FD-E01C-464C-B515-F412135A2462}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{65983E45-FCFF-4652-B413-8EBBF646228B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{67B09C9B-11BB-4772-AABA-0DAEDD14B4EF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{70174208-B44A-425C-8990-25CE06323943}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{7177BDFC-3BF3-44ED-B79A-5C7498D88D43}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{78EE7E73-003F-4B7B-87D3-2588788A579A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{81B58833-BF34-4794-9F0D-4CE5232E51F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{83885FED-FCC1-4FE1-969E-D8D97F731C40}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{84E684BC-3340-472E-9A88-8A8E1728D343}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{883A962D-A849-4E72-BA8B-6FEE5DE41260}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8919D009-DFD4-4B32-B397-A3AEC8335BC4}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{8AA65831-98F2-4939-B306-2BEBD1F0F1D8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{8E76FABC-7426-43D2-9463-D1691AAF10AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{96A56CD8-15DD-4D8B-AA9A-864B502F44E8}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\microsoft\windows\temporary internet files\content.ie5\f2qg37z3\sweetimsetup.exe | "{96F8BB39-7415-42D9-BE20-596DD951B27A}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{A0174283-29A7-4ABE-BF56-8A49CC962706}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe | "{A15D09B6-A605-4CE5-9F2B-08A4927B71CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{A233F363-568D-436D-A14C-D895F54B1D37}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{A6C81D56-1DD9-473C-BC71-79CC0AFB280C}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe | "{A88263C1-E744-4EC5-892B-93E244AD0B68}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{A9614C95-46F3-4522-A2B7-FFE17C67F297}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AB2B6405-8EE0-40FA-A821-8BB6C0E06B18}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{B4E11C8F-954B-4623-A773-5232D5EC9EFA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{B5C0B9D3-4A8D-442D-9262-EEF22035B92B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B8C55DE3-A406-4E8C-B2F6-B73F30A72544}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{C420A356-D14C-44A4-95A0-397F6C3E1694}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D1154CF0-12DC-4B19-A0AB-37082C2698A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D2D28C87-733A-425E-AA8C-3EC34DA3CA4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{E0D5DCA1-502D-4061-8FE9-2731E81173EA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{E486AD6A-8D17-4EC9-942C-A52E4D68E5A1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{E63FFE49-32D7-479C-A731-0F2B66A2F07F}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{E9D4A348-0D43-4EF2-B340-AD4928304F48}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EDE2BC3C-A346-4418-99E8-093F13E4729D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F3F96CCA-2E09-49EE-9CC7-0B04AE7A238A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{F74C9258-6440-4E4F-86B9-33BBA53186E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{FB601163-587F-495D-923F-524B82FF4DDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "TCP Query User{953CE1AF-0910-4BAD-936D-5A873FE66F01}C:\users\1\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe | "TCP Query User{A19D75C7-E182-4FDE-85B7-476D848BE867}C:\users\1\appdata\roaming\filehunter\pumpa.exe" = protocol=6 | dir=in | app=c:\users\1\appdata\roaming\filehunter\pumpa.exe | "UDP Query User{0619A1D9-3D96-44FC-A30F-EA8C3D489898}C:\users\1\appdata\roaming\filehunter\pumpa.exe" = protocol=17 | dir=in | app=c:\users\1\appdata\roaming\filehunter\pumpa.exe | "UDP Query User{52B28C29-2886-468C-AEF6-5547F1208D62}C:\users\1\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{8E1C4A73-489E-43EC-A5F9-0EACF5E61791}" = Pop Art Studio 6.1 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B30EE0A5-4671-40DD-8C75-A88D24CF0A2D}" = WinMaximizer "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "WinMaximizer" = WinMaximizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "_{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection "_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{047B9A6A-21E7-45CF-8825-0A061EEF9B23}" = SweetIM Toolbar for Internet Explorer 4.3 "{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}" = SweetIM for Messenger 3.6 "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1 "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5 "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01) "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES "{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{970815E2-B0A8-4EDE-83B6-2689CFE5FB30}" = MAGIX Web Designer 7 Premium Download-Version "{9825D2D1-4E5D-4F5A-BE7C-22D09A37DA11}" = MAGIX Web Designer 7 Premium Content Pack "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9E21D37-B157-4245-9C33-179628C47847}" = CorelDRAW Graphics Suite X5 - Premium Fonts "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX "{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FA01D751-CE47-4533-BB5D-9BB34514A43B}" = Artcut2009 "{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Akamai" = Akamai NetSession Interface Service "ArgusMonitor" = ArgusMonitor "Artcut2009" = Artcut2009 "Avira AntiVir Desktop" = Avira Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Chinese Traditional Graphics" = Chinese Traditional Graphics "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "DIMENSION-3" = DIMENSION-3 entfernen "DiskAid_is1" = DiskAid 5.14 "EasyTax 2010 AG 1.01" = EasyTax 2010 AG 1.01 "EasyTax 2011 AG 1.01" = EasyTax 2011 AG 1.01 "ENTERPRISER" = Microsoft Office Enterprise 2007 "Google Chrome" = Google Chrome "Graboid Video" = Graboid Video 2.3 "Inkscape" = Inkscape 0.48.1 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "MAGIX_MSI_Web_Designer_7_Premium" = MAGIX Web Designer 7 Premium Download-Version "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "SpeedFan" = SpeedFan (remove only) "SWiSH miniMax2" = SWiSH miniMax2 "Vector Magic" = Vector Magic "Virtual Garden" = Virtual Garden "VLC media player" = VLC media player 1.0.1 "WebTemp_is1" = WebTemp 3.30 (kostenlose Version) "WinGimp-2.0_is1" = Gimp 2.6.1 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "ExpressFiles" = ExpressFiles ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Vielen vielen Dank fürs Helfen. |
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das Log |
Hallo Ich habe nun MWB drei Mal laufen lassen. Stopt zwischen 25 und 47 Min. mit dem Hinweis, dass das Programm keine Rückmeldung gibt und hängt sich auf. Eine Idee? |
Schon im abgesicherten Modus mit Netzwerktreibern versucht? |
Hallo Habs heute Morgen nochmals gestartet. Jetzt hats geklappt. Lass nachher gleich ESET laufen. Code: Malwarebytes Anti-Malware (Test) 1.61.0.1400 |
Hallo Arne Hab ESET laufen lassen. log.txt kann ich jedoch nicht auslesen, da die Datei nicht gefunden wird. Hab die gefundenen Fehler aber vorgängig kopiert. Hoffe, dass du diese brauchst und ich nicht nochmals laufen lassen muss. Gruss Roger Code: C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll Variante von Win32/Toolbar.Babylon Anwendung |
Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? |
Hatte zwei Mal Probleme beim Aufstarten, dass Fehlermeldungen kamen und alles geprüft wurde. Inzwischen ca. 5 Mal neu gestartet und keine Probleme mehr. Windows/Desktop alles wie gehabt und ohne Probleme. Keine fehlenden oder leere Ordner. Gruss Roger |
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das LogFalls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: netsvcs
|
otl Code: OTL logfile created on: 08.06.2012 18:09:25 - Run 1Code: OTL Extras logfile created on: 08.06.2012 18:09:25 - Run 1 |
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
Gemacht wie mir befohlen. Schreib jetzt von meinem reaktivierten Laptop;-) PC fuhr nach otl Fix herunter. Dann extrem lange schwarzer Bildschirm. Als wieder ein Bild kam, konnte ich das Log speichern: Code: All processes killedPC neu gestartet, da ich hoffte, dass dies das Problem löst. Wiederum lange Wartezeit, Benutzerkonto auswählen, schwarzer Bildschirm während mehreren Minuten und dann endlich hochgefahren. Leider immer noch keine Verbindung vorhanden. Sind die Daten noch irgendwo vorhanden? |
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg |
Code: 21:58:34.0683 2816 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 |
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 21:16 Uhr. |
Copyright ©2000-2025, Trojaner-Board
