Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-04-2013
Ran by SYSTEM at 18-04-2013 23:18:32
Running from K:\
Windows 7 Home Premium (X86) OS Language: German Standard
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKLM\...\RunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" [140544 2013-03-06] (AVAST Software)
HKLM\...\RunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" [302736 2013-03-06] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Isi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) ===================
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-08-27] (SUPERAntiSpyware.com)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [45248 2013-03-06] (AVAST Software)
2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [136912 2013-03-06] (AVAST Software)
2 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [1326176 2012-07-25] (Secunia)
2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [681056 2012-07-25] (Secunia)
3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [x]
==================== Drivers (Whitelisted) ====================
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-03-06] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [101656 2013-03-06] (AVAST Software)
0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-03-06] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-03-06] (AVAST Software)
0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2013-02-18] (ALWIL Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [199384 2013-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [60656 2013-03-06] (AVAST Software)
0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49248 2013-03-06] ()
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368176 2013-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [62376 2013-03-06] (AVAST Software)
0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [164736 2013-03-06] ()
3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2010-12-03] (AVM Berlin)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1588256 2013-02-07] (Ralink Technology Corp.)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-08-27] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2012-08-27] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-04-18 21:50 - 2013-04-18 21:51 - 00000000 ____D C:\Users\Isi\Desktop\AOK-Stick
2013-04-18 21:34 - 2013-04-18 21:34 - 12917756 ____A C:\Users\Isi\Desktop\mbar-1.05.0.1001.zip
2013-04-18 21:26 - 2013-04-18 21:26 - 00912058 ____A (Farbar) C:\Users\Isi\Desktop\FRST.exe
2013-04-18 20:42 - 2013-04-18 20:42 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Isi\Desktop\tdsskiller.exe
2013-04-18 20:00 - 2013-04-18 20:06 - 00003364 ____A C:\Users\Isi\Desktop\os_abschiessen_virusscan.txt
2013-04-18 19:43 - 2013-04-18 19:43 - 00000602 ____A C:\Users\Isi\Desktop\os_abschiessen.txt
2013-04-18 18:44 - 2013-04-18 18:44 - 00002836 ____A C:\Users\Isi\Desktop\anleitung_trojaner-board.txt
2013-04-18 18:33 - 2013-04-18 18:33 - 00377856 ____A C:\Users\Isi\Desktop\gmer_2.1.19163.exe
2013-04-18 13:35 - 2013-04-18 13:35 - 00602112 ____A (OldTimer Tools) C:\Users\Isi\Desktop\OTL.exe
2013-04-18 13:33 - 2013-04-18 13:34 - 00000468 ____A C:\Users\Isi\Desktop\defogger_disable.log
2013-04-18 13:33 - 2013-04-18 13:33 - 00000000 ____A C:\Users\Mac\defogger_reenable
2013-04-18 13:32 - 2013-04-18 13:32 - 00050477 ____A C:\Users\Isi\Desktop\Defogger.exe
2013-04-18 12:48 - 2013-04-18 12:48 - 00000000 ____D C:\avast! sandbox
2013-04-16 14:29 - 2013-04-16 14:29 - 00000322 ____A C:\Windows\PFRO.log
2013-04-15 21:44 - 2013-04-15 21:44 - 00000000 ____D C:\Python27
2013-04-15 20:16 - 2013-04-18 21:48 - 00001187 ____A C:\Windows\setupact.log
2013-04-15 20:16 - 2013-04-15 20:16 - 00000000 ____A C:\Windows\setuperr.log
2013-04-15 20:16 - 2013-03-06 23:33 - 00368176 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-04-15 20:16 - 2013-03-06 23:33 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-04-15 20:15 - 2013-03-06 23:33 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-04-15 20:15 - 2013-03-06 23:33 - 00199384 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2013-04-15 20:15 - 2013-03-06 23:33 - 00164736 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-04-15 20:15 - 2013-03-06 23:33 - 00101656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2013-04-15 20:15 - 2013-03-06 23:33 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-04-15 20:15 - 2013-03-06 23:33 - 00062376 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-04-15 20:15 - 2013-03-06 23:33 - 00060656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-04-15 20:15 - 2013-03-06 23:33 - 00049248 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-04-15 20:15 - 2013-03-06 23:33 - 00021576 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-04-15 20:15 - 2013-03-06 23:32 - 00228600 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-04-15 20:14 - 2013-04-15 20:14 - 00000000 ____D C:\Program Files\AVAST Software
2013-04-15 20:14 - 2013-03-06 23:32 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-04-15 20:14 - 2013-02-18 08:41 - 00012112 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
2013-04-15 19:23 - 2013-04-15 19:23 - 00000000 ____D C:\Users\Mac\Desktop\avast_6
2013-04-15 18:50 - 2013-04-15 19:59 - 00000000 ____D C:\Users\Mac\AppData\Roaming\Skype
2013-04-15 18:21 - 2013-04-15 18:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-15 17:43 - 2013-02-21 11:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-15 17:43 - 2013-02-21 11:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-15 17:43 - 2013-02-21 11:30 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-15 17:43 - 2013-02-21 11:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-15 17:43 - 2013-02-21 11:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-15 17:43 - 2013-02-21 11:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-15 17:43 - 2013-02-21 11:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-15 17:43 - 2013-02-21 11:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-15 17:43 - 2013-02-21 11:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-15 17:43 - 2013-02-21 11:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-15 17:43 - 2013-02-21 11:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-15 17:43 - 2013-02-21 11:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-15 17:43 - 2013-02-21 11:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-15 17:43 - 2013-02-21 11:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-15 17:43 - 2013-02-19 13:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-15 17:43 - 2013-02-19 12:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-15 17:32 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-04-15 17:32 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-15 17:32 - 2013-03-19 05:48 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-15 17:32 - 2013-03-19 03:49 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-15 17:32 - 2013-03-01 04:09 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-15 17:32 - 2013-01-24 05:47 - 00196328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-09 20:07 - 2013-04-18 21:19 - 00009758 ____A C:\Users\Isi\Desktop\defender_error_09042013.txt
2013-04-07 21:42 - 2013-04-07 21:57 - 1037682781 ____A C:\Users\Mac\ZDFinfo-Die_Droge_-_Langfassung-130403_droge_inf_1596k_p13v9.mp4.flv
2013-04-07 21:35 - 2013-04-07 22:17 - 00000000 ____D C:\Users\Mac\.mediathek3
2013-04-06 18:55 - 2013-04-06 18:55 - 02448384 ____A (Python Software Foundation) C:\Windows\System32\python27.dll
2013-04-04 15:08 - 2013-04-15 17:10 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-03-23 01:30 - 2013-04-18 21:44 - 00000000 ____D C:\Users\Isi\Desktop\mbar
2013-03-21 04:16 - 2013-04-15 19:44 - 00000000 ____D C:\Users\Isi\Desktop\CCleaner 328 Portable
2013-03-20 05:25 - 2013-03-21 05:08 - 00002202 ____A C:\Users\Isi\Desktop\protect.inc.php
2013-03-20 00:52 - 2013-03-20 00:52 - 03807130 ____A C:\Users\Isi\Desktop\modx-1.0.9.zip
==================== One Month Modified Files and Folders ========
2013-04-18 22:07 - 2010-04-13 00:09 - 01288634 ____A C:\Windows\WindowsUpdate.log
2013-04-18 21:51 - 2013-04-18 21:50 - 00000000 ____D C:\Users\Isi\Desktop\AOK-Stick
2013-04-18 21:51 - 2012-08-08 18:21 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-18 21:50 - 2010-04-13 00:18 - 01517802 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-18 21:48 - 2013-04-15 20:16 - 00001187 ____A C:\Windows\setupact.log
2013-04-18 21:44 - 2013-03-23 01:30 - 00000000 ____D C:\Users\Isi\Desktop\mbar
2013-04-18 21:34 - 2013-04-18 21:34 - 12917756 ____A C:\Users\Isi\Desktop\mbar-1.05.0.1001.zip
2013-04-18 21:26 - 2013-04-18 21:26 - 00912058 ____A (Farbar) C:\Users\Isi\Desktop\FRST.exe
2013-04-18 21:19 - 2013-04-09 20:07 - 00009758 ____A C:\Users\Isi\Desktop\defender_error_09042013.txt
2013-04-18 20:42 - 2013-04-18 20:42 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Isi\Desktop\tdsskiller.exe
2013-04-18 20:06 - 2013-04-18 20:00 - 00003364 ____A C:\Users\Isi\Desktop\os_abschiessen_virusscan.txt
2013-04-18 19:43 - 2013-04-18 19:43 - 00000602 ____A C:\Users\Isi\Desktop\os_abschiessen.txt
2013-04-18 18:44 - 2013-04-18 18:44 - 00002836 ____A C:\Users\Isi\Desktop\anleitung_trojaner-board.txt
2013-04-18 18:33 - 2013-04-18 18:33 - 00377856 ____A C:\Users\Isi\Desktop\gmer_2.1.19163.exe
2013-04-18 16:31 - 2009-07-14 05:34 - 00009888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-18 16:31 - 2009-07-14 05:34 - 00009888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-18 13:35 - 2013-04-18 13:35 - 00602112 ____A (OldTimer Tools) C:\Users\Isi\Desktop\OTL.exe
2013-04-18 13:34 - 2013-04-18 13:33 - 00000468 ____A C:\Users\Isi\Desktop\defogger_disable.log
2013-04-18 13:33 - 2013-04-18 13:33 - 00000000 ____A C:\Users\Mac\defogger_reenable
2013-04-18 13:33 - 2010-04-13 00:20 - 00000000 ____D C:\users\Mac
2013-04-18 13:32 - 2013-04-18 13:32 - 00050477 ____A C:\Users\Isi\Desktop\Defogger.exe
2013-04-18 12:55 - 2012-02-22 17:16 - 00000000 ____D C:\Users\Mac\AppData\Roaming\vlc
2013-04-18 12:48 - 2013-04-18 12:48 - 00000000 ____D C:\avast! sandbox
2013-04-18 12:46 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-16 18:15 - 2010-04-19 13:32 - 00000000 ___RD C:\Users\Isi\dwhelper
2013-04-16 17:32 - 2011-12-02 23:22 - 00000000 ____D C:\Users\Isi\AppData\Roaming\vlc
2013-04-16 17:31 - 2010-04-20 20:37 - 00000000 ____D C:\Users\Isi\AppData\Roaming\FileZilla
2013-04-16 17:04 - 2010-04-17 02:44 - 00000000 ____D C:\Users\Isi\AppData\Roaming\Adobe
2013-04-16 14:29 - 2013-04-16 14:29 - 00000322 ____A C:\Windows\PFRO.log
2013-04-16 14:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-04-15 21:44 - 2013-04-15 21:44 - 00000000 ____D C:\Python27
2013-04-15 21:24 - 2012-03-30 23:00 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-15 21:24 - 2011-07-23 20:52 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-04-15 21:24 - 2010-04-22 19:23 - 00000000 ____D C:\ProgramData\Adobe
2013-04-15 21:07 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\DVD Maker
2013-04-15 20:50 - 2009-07-14 03:04 - 00000000 ____A C:\Windows\System32\config.nt
2013-04-15 20:16 - 2013-04-15 20:16 - 00000000 ____A C:\Windows\setuperr.log
2013-04-15 20:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-04-15 20:15 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-04-15 20:14 - 2013-04-15 20:14 - 00000000 ____D C:\Program Files\AVAST Software
2013-04-15 20:14 - 2013-03-07 11:01 - 00000000 ____D C:\ProgramData\AVAST Software
2013-04-15 20:12 - 2010-12-16 20:17 - 00000000 ____D C:\Users\Mac\Documents\Registry Backup CCleaner
2013-04-15 19:59 - 2013-04-15 18:50 - 00000000 ____D C:\Users\Mac\AppData\Roaming\Skype
2013-04-15 19:44 - 2013-03-21 04:16 - 00000000 ____D C:\Users\Isi\Desktop\CCleaner 328 Portable
2013-04-15 19:43 - 2011-06-19 05:04 - 00000000 ____D C:\Users\Mac\AppData\Roaming\Notepad++
2013-04-15 19:42 - 2010-12-21 22:31 - 00000000 ____D C:\Windows\Minidump
2013-04-15 19:42 - 2010-04-13 01:06 - 00000000 ____D C:\Windows\Panther
2013-04-15 19:23 - 2013-04-15 19:23 - 00000000 ____D C:\Users\Mac\Desktop\avast_6
2013-04-15 18:22 - 2013-04-15 18:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-15 18:22 - 2012-05-01 16:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-04-15 17:49 - 2009-07-14 05:33 - 01732864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-15 17:41 - 2012-06-05 23:41 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-04-15 17:39 - 2010-04-17 01:51 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-15 17:30 - 2009-07-14 05:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-15 17:14 - 2010-04-17 01:12 - 00000000 ____D C:\users\Isi
2013-04-15 17:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-04-15 17:10 - 2013-04-04 15:08 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-04-15 17:10 - 2012-11-22 17:50 - 00000000 ___RD C:\Program Files\Skype
2013-04-15 17:10 - 2011-06-19 12:01 - 00000000 ____D C:\Users\Isi\AppData\Roaming\Notepad++
2013-04-15 17:10 - 2010-12-21 00:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-04-15 17:10 - 2010-08-24 12:41 - 00000000 ____D C:\Windows\System32\Adobe
2013-04-15 17:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat
2013-04-15 17:09 - 2010-07-19 09:25 - 00000000 ____D C:\ProgramData\Skype
2013-04-07 22:17 - 2013-04-07 21:35 - 00000000 ____D C:\Users\Mac\.mediathek3
2013-04-07 21:57 - 2013-04-07 21:42 - 1037682781 ____A C:\Users\Mac\ZDFinfo-Die_Droge_-_Langfassung-130403_droge_inf_1596k_p13v9.mp4.flv
2013-04-06 18:55 - 2013-04-06 18:55 - 02448384 ____A (Python Software Foundation) C:\Windows\System32\python27.dll
2013-04-06 13:37 - 2012-09-16 23:07 - 00000000 ____D C:\Users\Isi\AppData\Roaming\Free Download Manager
2013-04-06 13:37 - 2012-05-04 18:47 - 00000000 ____D C:\Users\Isi\AppData\Roaming\inkscape
2013-04-06 13:37 - 2010-12-06 22:43 - 00000000 ____D C:\Users\Isi\Tracing
2013-04-04 15:08 - 2010-07-19 09:26 - 00000000 ____D C:\Users\Isi\AppData\Roaming\Skype
2013-03-22 02:31 - 2010-04-21 00:38 - 00027801 ____A C:\Users\Isi\AppData\Roaming\phpdesigner.xml
2013-03-21 05:08 - 2013-03-20 05:25 - 00002202 ____A C:\Users\Isi\Desktop\protect.inc.php
2013-03-21 04:18 - 2012-05-04 18:33 - 00000000 ____D C:\Users\Mac\AppData\Roaming\inkscape
2013-03-21 04:18 - 2010-04-19 11:30 - 00000000 ____D C:\Users\Mac\AppData\Roaming\FileZilla
2013-03-20 00:52 - 2013-03-20 00:52 - 03807130 ____A C:\Users\Isi\Desktop\modx-1.0.9.zip
2013-03-19 19:16 - 2010-07-15 22:11 - 00000000 ___AD C:\Users\Isi\Desktop\Webdev 2011_2012
2013-03-19 06:04 - 2013-04-15 17:32 - 03968856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-03-19 06:04 - 2013-04-15 17:32 - 03913560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:48 - 2013-04-15 17:32 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-03-19 03:49 - 2013-04-15 17:32 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-04-15 01:14:02
Restore point made on: 2013-04-15 17:06:51
Restore point made on: 2013-04-15 17:17:36
Restore point made on: 2013-04-15 17:38:56
Restore point made on: 2013-04-15 18:57:07
Restore point made on: 2013-04-15 18:58:31
Restore point made on: 2013-04-15 19:01:20
Restore point made on: 2013-04-15 19:02:55
Restore point made on: 2013-04-15 19:04:52
Restore point made on: 2013-04-15 19:08:18
Restore point made on: 2013-04-15 19:08:57
Restore point made on: 2013-04-15 19:10:57
Restore point made on: 2013-04-15 20:14:18
Restore point made on: 2013-04-15 21:43:50
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 4094.3 MB
Available physical RAM: 3578.96 MB
Total Pagefile: 4092.58 MB
Available Pagefile: 3557.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.48 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:195.68 GB) (Free:56.82 GB) NTFS
2 Drive e: () (Fixed) (Total:205.08 GB) (Free:3.47 GB) NTFS
3 Drive f: () (Fixed) (Total:195.31 GB) (Free:120.94 GB) NTFS
8 Drive k: (FERST) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 596 GB 0 B
Datentr„ger 1 Kein Medium 0 B 0 B
Datentr„ger 2 Kein Medium 0 B 0 B
Datentr„ger 3 Kein Medium 0 B 0 B
Datentr„ger 4 Online 249 MB 0 B
Partitions of Disk 0:
===============
Datentr„ger-ID: F98D6E74
Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 100 MB 1024 KB
Partition 2 Prim„r 195 GB 101 MB
Partition 3 Prim„r 205 GB 195 GB
Partition 4 Prim„r 195 GB 400 GB
=========================================================
Disk: 0
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 100 MB Fehlerfre
=========================================================
Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 195 GB Fehlerfre
=========================================================
Disk: 0
Partition 3
Typ : 07
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 205 GB Fehlerfre
=========================================================
Disk: 0
Partition 4
Typ : 07
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F NTFS Partition 195 GB Fehlerfre
=========================================================
Partitions of Disk 4:
===============
Datentr„ger-ID: 00000000
Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 249 MB 16 KB
=========================================================
Disk: 4
Partition 1
Typ : 06
Versteckt: Nein
Aktiv : Ja
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K FERST FAT Wechselmed 249 MB Fehlerfre
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: F98D6E74
Partition 1:
=========
Hex: 8020210007DF130C0008000000200300
Active: YES
Type: 07 (NTFS)
Size: 100 MB
Partition 2:
=========
Hex: 00DF140C07FEFFFF0028030000D87518
Active: NO
Type: 07 (NTFS)
Size: 196 GB
Partition 3:
=========
Hex: 00FEFFFF07FEFFFF000079180078A219
Active: NO
Type: 07 (NTFS)
Size: 205 GB
Partition 4:
=========
Hex: 00FEFFFF07FEFFFF00781B3200006A18
Active: NO
Type: 07 (NTFS)
Size: 195 GB
==============================
Partitions of Disk 4:
===============
Disk ID: 00000000
Partition 1:
=========
Hex: 80010100060FE0FF20000000E0C90700
Active: YES
Type: 06
Size: 249 MB
Last Boot: 2013-04-15 16:00
==================== End Of Log ============================ Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 10.0.9200.16540
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.295000 GHz
Memory total: 3487883264, free: 2534535168
------------ Kernel report ------------
04/18/2013 23:51:11
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\aswKbd.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\aswNdis2.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\aswNdis.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswFW.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\avmaudio.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\netr28u.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\normaliz.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\iertutil.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\imm32.dll
\Windows\System32\wininet.dll
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\nsi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8856e030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xffffffff86f80498
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8857c030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007a\
Lower Device Object: 0xffffffff86f7d498
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8743eac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xffffffff86f79498
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86825030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
Lower Device Object: 0xffffffff86264030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.18.10
Downloaded database version: v2013.04.17.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86825030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86824300, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86825030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86264030, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffb228bad0, 0xffffffff86825030, 0xffffffff85f2fac8
Lower DeviceData: 0xffffffffb1f00618, 0xffffffff86264030, 0xffffffff85f1e330
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F98D6E74
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 410376192
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 410583040 Numsec = 430077952
Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 840660992 Numsec = 409600000
Disk Size: 640135028736 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8743eac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85979158, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8743eac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86f79498, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8857c030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8743e7a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8857c030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86f7d498, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8856e030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86f83500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8856e030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86f80498, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
======================================= Ich habe alle Schritte abgearbeitet.
Ergänzend...
OTL Logfile: Code:
OTL logfile created on: 19.04.2013 01:29:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Isi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,83% Memory free
6,50 Gb Paging File | 5,39 Gb Available in Paging File | 82,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,68 Gb Total Space | 56,81 Gb Free Space | 29,03% Space Free | Partition Type: NTFS
Drive D: | 205,08 Gb Total Space | 3,47 Gb Free Space | 1,69% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 120,94 Gb Free Space | 61,92% Space Free | Partition Type: NTFS
Computer Name: MAC-PC | User Name: Mac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Isi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
========== Modules (No Company Name) ==========
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Notepad_plusplus\NppShell_04.dll ()
========== Services (SafeList) ==========
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://finalnet.de/
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 BF 1B FB 84 E2 CA 01 [binary data]
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3270679528-2397267146-1333058859-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1455
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_43: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.15 21:50:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.15 19:22:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.15 19:22:04 | 000,000,000 | ---D | M]
[2010.04.17 00:51:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mac\AppData\Roaming\mozilla\Extensions
[2013.01.22 14:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mac\AppData\Roaming\mozilla\Firefox\Profiles\a1q4mnhc.default\extensions
[2011.03.26 20:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mac\AppData\Roaming\mozilla\Firefox\Profiles\a1q4mnhc.default\extensions\nostmp
[2013.04.15 20:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.15 19:22:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.10.08 01:25:12 | 000,421,699 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14539 more lines...
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3270679528-2397267146-1333058859-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Isi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3270679528-2397267146-1333058859-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-3270679528-2397267146-1333058859-1000\..Trusted Ranges: Range37 ([*] in Local intranet)
O15 - HKU\S-1-5-21-3270679528-2397267146-1333058859-1001\..Trusted Domains: jugendclub-breisach.de ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3270679528-2397267146-1333058859-1001\..Trusted Domains: quercus-regeneration.eu ([]http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECE93251-B6AE-4921-8E1C-3AF24F283267}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.19 00:18:21 | 000,000,000 | ---D | C] -- C:\FRST
[2013.04.18 13:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.15 22:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2013.04.15 22:44:19 | 000,000,000 | ---D | C] -- C:\Python27
[2013.04.15 21:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013.04.15 21:16:01 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.04.15 21:16:00 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.04.15 21:15:27 | 000,199,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013.04.15 21:15:25 | 000,101,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013.04.15 21:15:24 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.04.15 21:15:23 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.04.15 21:15:22 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013.04.15 21:15:21 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.04.15 21:15:16 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.04.15 21:15:15 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.04.15 21:14:45 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.04.15 21:14:43 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013.04.15 21:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.04.15 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Mac\Desktop\avast_6
[2013.04.15 19:50:27 | 000,000,000 | ---D | C] -- C:\Users\Mac\AppData\Roaming\Skype
[2013.04.15 19:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.07 22:35:19 | 000,000,000 | ---D | C] -- C:\Users\Mac\.mediathek3
[2013.04.06 19:55:00 | 002,448,384 | ---- | C] (Python Software Foundation) -- C:\Windows\System32\python27.dll
[2013.04.04 16:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.04 16:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
========== Files - Modified Within 30 Days ==========
[2013.04.19 00:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.18 23:38:06 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 23:38:06 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 23:35:29 | 000,668,524 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.18 23:35:29 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.18 23:35:29 | 000,134,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.18 23:35:29 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.18 23:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.18 23:30:51 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.18 14:33:48 | 000,000,000 | ---- | M] () -- C:\Users\Mac\defogger_reenable
[2013.04.18 13:54:30 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.15 21:50:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.04.15 21:16:02 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013.04.15 18:49:09 | 001,732,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.07 22:57:54 | 1037,682,781 | ---- | M] () -- C:\Users\Mac\ZDFinfo-Die_Droge_-_Langfassung-130403_droge_inf_1596k_p13v9.mp4.flv
[2013.04.06 19:55:00 | 002,448,384 | ---- | M] (Python Software Foundation) -- C:\Windows\System32\python27.dll
========== Files Created - No Company Name ==========
[2013.04.18 14:33:48 | 000,000,000 | ---- | C] () -- C:\Users\Mac\defogger_reenable
[2013.04.18 13:54:30 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.15 21:16:02 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013.04.15 21:15:20 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.04.15 21:15:18 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.04.07 22:42:10 | 1037,682,781 | ---- | C] () -- C:\Users\Mac\ZDFinfo-Die_Droge_-_Langfassung-130403_droge_inf_1596k_p13v9.mp4.flv
[2013.02.07 13:42:52 | 000,066,992 | ---- | C] () -- C:\Windows\System32\drivers\FW_7610.bin
[2013.02.07 13:42:52 | 000,044,308 | ---- | C] () -- C:\Windows\System32\drivers\FW_7601.bin
[2013.02.07 13:42:52 | 000,014,172 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2013.02.07 13:42:52 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\FW_2870.bin
[2013.02.07 13:42:52 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\FW_3573.bin
[2012.08.29 19:34:43 | 000,442,368 | R--- | C] () -- C:\Windows\System32\zshp1018.exe
[2012.01.10 17:04:42 | 001,556,992 | ---- | C] () -- C:\Windows\is-KGHT4.exe
[2012.01.06 00:16:56 | 001,556,992 | ---- | C] () -- C:\Windows\is-CSEB6.exe
[2011.12.07 16:46:08 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
[2011.07.22 23:10:49 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.09.18 02:18:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.11 07:35:55 | 000,027,666 | ---- | C] () -- C:\Users\Mac\AppData\Roaming\phpdesigner.xml
[2010.04.17 01:10:07 | 000,000,017 | ---- | C] () -- C:\Users\Mac\AppData\Local\resmon.resmoncfg
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.12.10 08:39:29 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\1by1
[2012.08.14 07:02:40 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\app.Crunch
[2012.08.24 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Audacity
[2010.04.29 14:27:24 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Canneverbe Limited
[2013.04.16 18:31:10 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\FileZilla
[2010.11.28 04:53:49 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\FLV Extract
[2013.04.06 14:37:42 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Free Download Manager
[2012.01.03 15:15:27 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\HandBrake
[2012.12.18 00:58:24 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Ime RJ
[2010.05.06 08:07:23 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\ImgBurn
[2013.04.06 14:37:42 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\inkscape
[2011.12.21 12:43:15 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\MAGIX
[2010.12.18 09:15:40 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\mp3DirectCut
[2010.09.18 02:21:38 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\MP3SkypeRecorder
[2012.06.21 17:46:07 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\MyPhoneExplorer
[2013.04.15 18:10:27 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Notepad++
[2010.05.02 02:45:42 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Opera
[2011.12.02 21:54:46 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\phpDesigner
[2012.08.29 19:57:16 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Scribus
[2012.05.07 05:41:46 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Serif
[2011.06.26 21:28:48 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\TeamViewer
[2011.09.08 02:07:04 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Thunderbird
[2011.02.28 07:00:27 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Windows Live Writer
[2011.06.19 07:11:15 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Winff
[2012.01.01 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\Xi
[2010.12.14 17:25:38 | 000,000,000 | ---D | M] -- C:\Users\Isi\AppData\Roaming\xrecode2
[2010.07.06 03:53:32 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\Audacity
[2010.04.30 09:18:21 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\Canneverbe Limited
[2013.03.21 05:18:39 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\FileZilla
[2010.05.02 04:31:16 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\HandBrake
[2011.07.09 13:50:37 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\hed
[2010.04.30 15:12:35 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\ImgBurn
[2013.03.21 05:18:39 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\inkscape
[2011.12.18 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\MAGIX
[2012.11.22 17:41:12 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\MyPhoneExplorer
[2013.04.15 20:43:09 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\Notepad++
[2010.09.25 04:42:25 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\Opera
[2010.05.11 07:35:54 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\phpDesigner
[2012.05.07 03:42:10 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\Scribus
[2012.08.29 21:56:42 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\Serif
[2012.07.11 06:04:10 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\systweak
[2011.08.22 16:03:33 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\Thunderbird
[2011.12.08 13:46:27 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\WinFF
[2010.12.14 17:12:38 | 000,000,000 | ---D | M] -- C:\Users\Mac\AppData\Roaming\xrecode2
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:DED17083
< End of report > --- --- ---
[/CODE]
und
OTL Logfile: Code:
OTL Extras logfile created on: 19.04.2013 01:29:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Isi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,83% Memory free
6,50 Gb Paging File | 5,39 Gb Available in Paging File | 82,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,68 Gb Total Space | 56,81 Gb Free Space | 29,03% Space Free | Partition Type: NTFS
Drive D: | 205,08 Gb Total Space | 3,47 Gb Free Space | 1,69% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 120,94 Gb Free Space | 61,92% Space Free | Partition Type: NTFS
Computer Name: MAC-PC | User Name: Mac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Users\Isi\AppData\Local\Programs\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-3270679528-2397267146-1333058859-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3270679528-2397267146-1333058859-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Users\Isi\AppData\Local\Programs\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Users\Isi\AppData\Local\Programs\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0489747B-CDC4-4A60-94E9-2DA7E7BEE5B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0B1CBDD9-929C-4EFB-B910-5CE44F63069B}" = lport=138 | protocol=17 | dir=in | app=system |
"{32C8D5D5-C4D6-4318-A429-A86BF96D90E5}" = rport=445 | protocol=6 | dir=out | app=system |
"{3ADE6D09-5A05-472F-AF91-F631D88AADA4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F02ECCB-1C8C-41F0-B4B8-858862BF27DC}" = lport=445 | protocol=6 | dir=in | app=system |
"{5449A3F6-765B-4102-91BC-ED75CEBD078D}" = rport=137 | protocol=17 | dir=out | app=system |
"{58475014-C776-49EC-84C5-7B08AD9EBAF5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7DD27A96-D372-4BF5-A4BF-8E831D5C61A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A36436B9-3115-4999-8AAA-3ABFDB5817E9}" = lport=137 | protocol=17 | dir=in | app=system |
"{B5D3AC53-57C0-4407-B015-32B2FFEF8245}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9352105-5B22-4E42-808A-A8B1D6A413A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BDB92C84-4F44-4CF4-9B72-BE4D870CA8F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{EAFB5B75-030D-4AD7-B502-517B9ADFF991}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FE98968D-A672-447C-9E34-FCA32F5FC4BA}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{118B023A-D0BE-4644-8F3A-278134FABD6D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1DD37362-9338-4716-8572-ECE6F098ECD1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B0B8ED4-7AAB-4161-9D1B-90444EDA7383}" = protocol=6 | dir=in | app=c:\users\isi\appdata\local\programs\opera\opera.exe |
"{36FCB7E9-235B-4DF6-97AF-A91FF8F689FD}" = protocol=17 | dir=in | app=c:\users\isi\appdata\local\programs\opera\opera.exe |
"{4A7ADEC2-E214-43B6-8104-FB864762A828}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4DBB216B-0CC3-487B-BFCB-976432F7D714}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E11D587-9844-4881-B7F0-07AF04A7DAE9}" = protocol=17 | dir=in | app=c:\users\mac\appdata\local\apps\2.0\408pc9we.3o5\8hq42o9b.c58\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{602D5537-261B-442C-9FE1-1AE3217A3556}" = protocol=17 | dir=in | app=c:\users\mac\appdata\local\apps\2.0\408pc9we.3o5\8hq42o9b.c58\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{63BB71D7-4615-4E9E-8B6D-814DA3A3F35F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{75527B4B-0933-4188-B420-B6EC970988F5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{885FFEAB-7785-48BF-976E-2BB92235F89F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{90950C7E-5542-4D59-A85E-4746473F8498}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{95D6D12D-330C-49E9-ACA2-C523D225C776}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9625E4E5-D007-43FD-BD58-C997E26E0E64}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9D26C9F4-A799-4BEF-8DB3-8D7412448DC6}" = protocol=6 | dir=in | app=c:\users\mac\appdata\local\apps\2.0\408pc9we.3o5\8hq42o9b.c58\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{B2484398-997A-4380-9904-8C9803297F56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC53959C-9D24-4686-9D92-5895658F9108}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C79D8A18-BF3D-4499-B309-49765F8643FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CC934C17-37B2-4E93-8E47-1566985C8F3E}" = protocol=6 | dir=in | app=c:\users\mac\appdata\local\apps\2.0\408pc9we.3o5\8hq42o9b.c58\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{D8689333-F2C2-4F0F-A597-F000D92425C1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F5EE294D-912D-4276-A88E-4839A2D0DC2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{209E7598-79E3-48B0-BC3F-E86DB71AD079}C:\program files\phpdesigner\phpdesigner.exe" = protocol=6 | dir=in | app=c:\program files\phpdesigner\phpdesigner.exe |
"TCP Query User{2322B3D0-286E-42CA-AE6F-E4FD4CB9D78C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{2E4CBD2A-A865-4226-8A29-2595954BA0B1}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe |
"TCP Query User{30C21368-C3D7-4F54-8DB3-09C539195976}E:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"TCP Query User{31CFD359-CE98-46B8-931A-7C880EB85185}C:\program files\phpdesigner\phpdesigner.exe" = protocol=6 | dir=in | app=c:\program files\phpdesigner\phpdesigner.exe |
"TCP Query User{3D21FDED-F740-488A-BEA4-9F7B8B90190B}E:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{421F30A5-253A-4EC6-9E41-F2F20A93A54E}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{4C9D7BF7-CDAE-4DE0-8C25-C63790F33845}E:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"TCP Query User{4E244391-67FB-4426-A5F0-FD1C530EA6F8}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{BAE43D18-1E17-4513-8456-FAD9BB3C52BA}C:\users\isi\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\isi\appdata\local\programs\opera\opera.exe |
"UDP Query User{0A20B7AA-ADEF-44F3-97B1-C5431A94DC59}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe |
"UDP Query User{0BA541F1-61D4-46F4-9729-88C9E5048DC5}C:\program files\phpdesigner\phpdesigner.exe" = protocol=17 | dir=in | app=c:\program files\phpdesigner\phpdesigner.exe |
"UDP Query User{185E40FB-822A-4FD5-9263-A865EFD022DB}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{1E7365AC-9D41-485E-8CC6-4051760CA9B5}E:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{20432AC1-A465-460E-AADB-E49CB2AC6A35}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{608238F1-A7D3-49A5-A160-3BE0B5A6FF86}C:\users\isi\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\isi\appdata\local\programs\opera\opera.exe |
"UDP Query User{7487D5C0-7506-42F5-925C-C6CFF33648AF}C:\program files\phpdesigner\phpdesigner.exe" = protocol=17 | dir=in | app=c:\program files\phpdesigner\phpdesigner.exe |
"UDP Query User{7B89D1EE-8C16-41A4-B113-E6B68AEC46D3}E:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"UDP Query User{A7476FAA-0F01-405B-BBF3-1BC61D7DADC4}E:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"UDP Query User{AB3A03B5-7E97-43D9-83B6-17C002AFF9F2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F1C4668-7767-4109-9B5E-19AD056F2CA0}" = MP3 Skype Recorder
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{84ADC96C-B7E0-4938-9D6E-2B640D5DA224}" = Python 2.7.4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88B0F0DE-6937-440D-B5CA-6E69003E55F7}_is1" = Caesium Version 1.1.0
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.156
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B582947F-F34D-4081-A5B9-24CBF09F8C15}" = Adobe Setup
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFD35D1F-F7C8-47AE-AF3E-E569F025CD7D}" = MySQL Server 5.5
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Anti-Twin 2010-05-02 04.23.51" = Anti-Twin (Installation 02.05.2010)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast" = avast! Internet Security
"CSS Tab Designer_is1" = CSS Tab Designer v2.0
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FileZilla Client" = FileZilla Client 3.6.0.2
"FLEXnet Publisher License Server Manager" = FlexNet Publisher License Server Manager
"FormatFactory" = FormatFactory 2.96
"GPL Ghostscript 9.05" = GPL Ghostscript
"HandBrake" = HandBrake 0.9.5
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP-LaserJet 1018" = LaserJet 1018
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.2
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lupas Rename 2000_is1" = Lupas Rename 2000 v5.0 Release
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"mediainfolite_is1" = MediaInfo Lite 0.7.51
"MetaTab_is1" = MetaTab 1.05
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"nLite_is1" = nLite 1.4.9.1
"Notepad++" = Notepad++
"Opera 12.15.1748" = Opera 12.15
"phpDesigner7.2_is1" = phpDesigner 7 version 7.2
"Scribus 1.4.1" = Scribus 1.4.1
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"VLC media player" = VLC media player 2.0.6
"WinFF_is1" = WinFF 1.3.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xaldon WebSpider 2" = Xaldon WebSpider 2
"xampp" = XAMPP 1.8.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3270679528-2397267146-1333058859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.06.2012 22:44:56 | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_shell32.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc637 Name des fehlerhaften Moduls: QuickTime.cpl,
Version: 7.72.80.56, Zeitstempel: 0x4f8f8983 Ausnahmecode: 0xc0000409 Fehleroffset:
0x0000aa4a ID des fehlerhaften Prozesses: 0xcec Startzeit der fehlerhaften Anwendung:
0x01cd4dc57fc57404 Pfad der fehlerhaften Anwendung: C:\Windows\system32\rundll32.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\QuickTime\QTSystem\QuickTime.cpl Berichtskennung:
c079ff7d-b9b8-11e1-a3f6-002421b6943b
Error - 18.06.2012 22:46:17 | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_Shell32.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc637 Name des fehlerhaften Moduls: QuickTime.cpl,
Version: 7.72.80.56, Zeitstempel: 0x4f8f8983 Ausnahmecode: 0xc0000409 Fehleroffset:
0x0000aa4a ID des fehlerhaften Prozesses: 0x1218 Startzeit der fehlerhaften Anwendung:
0x01cd4dc5afda29a1 Pfad der fehlerhaften Anwendung: C:\Windows\system32\rundll32.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\QuickTime\QTSystem\QuickTime.cpl Berichtskennung:
f0dae123-b9b8-11e1-a3f6-002421b6943b
Error - 18.06.2012 22:48:09 | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514,
Zeitstempel: 0x4ce792c4 Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4f8f8aa7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x5e98aae9
ID
des fehlerhaften Prozesses: 0x15bc Startzeit der fehlerhaften Anwendung: 0x01cd4dc5f6166b2f
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\MsiExec.exe Pfad des fehlerhaften
Moduls: QuickTime.qts Berichtskennung: 33d86272-b9b9-11e1-a3f6-002421b6943b
Error - 18.06.2012 22:52:41 | Computer Name = Mac-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "Internet Pass-Through Service" konnte
nicht neu gestartet werden.
Error - 18.06.2012 22:58:47 | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514,
Zeitstempel: 0x4ce792c4 Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4f8f8aa7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x5bc9aae9
ID
des fehlerhaften Prozesses: 0x7d8 Startzeit der fehlerhaften Anwendung: 0x01cd4dc77208f250
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\MsiExec.exe Pfad des fehlerhaften
Moduls: QuickTime.qts Berichtskennung: b0255ddd-b9ba-11e1-a3f6-002421b6943b
Error - 21.06.2012 13:48:16 | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MyPhoneExplorer.exe, Version: 1.8.0.2,
Zeitstempel: 0x4e94a58c Name des fehlerhaften Moduls: MSVBVM60.DLL, Version: 6.0.98.15,
Zeitstempel: 0x4a5bda6c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00105cc8 ID des fehlerhaften
Prozesses: 0xb3c Startzeit der fehlerhaften Anwendung: 0x01cd4fcf83aa07a3 Pfad der
fehlerhaften Anwendung: C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\MSVBVM60.DLL Berichtskennung: 4736c4f5-bbc9-11e1-9f55-002421b6943b
Error - 21.06.2012 13:49:31 | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MyPhoneExplorer.exe, Version: 1.8.0.2,
Zeitstempel: 0x4e94a58c Name des fehlerhaften Moduls: MSVBVM60.DLL, Version: 6.0.98.15,
Zeitstempel: 0x4a5bda6c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000d0ec2 ID des fehlerhaften
Prozesses: 0xb3c Startzeit der fehlerhaften Anwendung: 0x01cd4fcf83aa07a3 Pfad der
fehlerhaften Anwendung: C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\MSVBVM60.DLL Berichtskennung: 73d1cbb1-bbc9-11e1-9f55-002421b6943b
Error - 22.06.2012 09:16:25 | Computer Name = Mac-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.9.0.123, Zeitstempel:
0x4fce1530 Name des fehlerhaften Moduls: Flash32_11_3_300_257.ocx, Version: 11.3.300.257,
Zeitstempel: 0x4fc82006 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001d5669 ID des fehlerhaften
Prozesses: 0xed0 Startzeit der fehlerhaften Anwendung: 0x01cd5068e35cbc9b Pfad der
fehlerhaften Anwendung: C:\Program Files\Skype\Phone\Skype.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\Macromed\Flash\Flash32_11_3_300_257.ocx Berichtskennung:
77a405b0-bc6c-11e1-9f52-002421b6943b
Error - 03.07.2012 02:39:42 | Computer Name = Mac-PC | Source = Application Hang | ID = 1002
Description = Programm Photoshop.exe, Version 10.0.1.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1480 Startzeit:
01cd58e60feb961f Endzeit: 31 Anwendungspfad: C:\Program Files\Adobe\Adobe Photoshop
CS3\Photoshop.exe Berichts-ID: dc61e10c-c4d9-11e1-83d6-002421b6943b
Error - 10.07.2012 19:19:15 | Computer Name = Mac-PC | Source = VSS | ID = 8194
Description =
Error - 11.07.2012 00:08:44 | Computer Name = Mac-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Isi\Desktop\01062012\ccsetup319\CCleaner64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 17.07.2012 07:35:09 | Computer Name = Mac-PC | Source = Application Hang | ID = 1002
Description = Programm thunderbird.exe, Version 13.0.1.4548 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1408 Startzeit: 01cd64035c48233a Endzeit: 16 Anwendungspfad:
J:\thunderbird\thunderbird.exe Berichts-ID: 732c8b5e-d003-11e1-a28f-002421b6943b
[ System Events ]
Error - 16.04.2013 09:29:06 | Computer Name = Mac-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 16.04.2013 09:29:06 | Computer Name = Mac-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.04.2013 07:46:33 | Computer Name = Mac-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 18.04.2013 07:46:33 | Computer Name = Mac-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.04.2013 07:46:34 | Computer Name = Mac-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 18.04.2013 07:46:34 | Computer Name = Mac-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.04.2013 17:30:56 | Computer Name = Mac-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 18.04.2013 17:30:56 | Computer Name = Mac-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.04.2013 17:30:57 | Computer Name = Mac-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 18.04.2013 17:30:57 | Computer Name = Mac-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report > --- --- ---
[/CODE]
OK, jetzt gibt es bei mir ein Problem. Ich habe im Anschluss GMER als Admin ausführen lassen. GMER scannt und bleibt plötzlich hängen, Windows Dialog: "Das Programm funktioniert nicht mehr".
GMER hat einen APPCRASH bei \Device\HarddiskVolumeShadowCopy22 (Text in GMERs Statusleiste).
Ich muss Neustart erzwingen, nichts geht mehr...
Mit F8 gehe ich in den abgesicherten Modus und versuche es noch einmal mit GMER. Zuma
GMER Logfile: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-19 03:28:35
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD6400AACS-00G8B1 rev.05.04C05 596,17GB
Running: kjdfkluiz.exe; Driver: C:\Users\Mac\AppData\Local\Temp\uwldypow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8247DA09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 824B71F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- EOF - GMER 2.1 ---- --- --- --- |